Unable to use api keys

lxtechie · December 12, 2016, 11:48am

Hi there

I im trying to implement api key security in my plain http channel.

I create the api key for example:
Name: testkey
Header: testkey
Key: test

I then assign it to one of my plain http channels.

However when I try hit the channel:
curl http://localhost:11223/stats/ -H “testkey: test”

i get
UNAUTHORIZED path_info:/stats/,cid:K0619T305D6QN2AC0FWCQB1MYSRS

Am I doing something wrong here ?

Thanks to anyone in advance that can help me out.

lxtechie · December 19, 2016, 11:35am

Thanks @rafal

Any luck with this ?

lxtechie · December 20, 2016, 3:31pm

OK i’ve given up with the keys so I thought I’d use plain auth instead with my plain http incoming channel.
username : test
password: password

however when I do this :
curl -v “http://localhost:11223/testapi” -u “test:passsword”

i get :
< HTTP/1.1 401 Unauthorized
< Server: Zato
< Date: Tue, 20 Dec 2016 13:53:52 GMT
< Connection: close
< Transfer-Encoding: chunked
< X-Zato-CID: K07DZ0MGQ2QEW316BGNHN2GHT83Z
< WWW-Authenticate: zato-apikey
<

Closing connection 0
UNAUTHORIZED path_info:/testapi, cid:K07DZ0MGQ2QEW316BGNHN2GHT83Z

If anyone can point me in the right direction ?

dsuch · December 20, 2016, 8:30pm

Hello @lxtechie,

can you tell me what this command returns?

$ zato --version

Also, in the example with Basic Auth please note that WWW-Authenticate returned ‘zato-apikey’ as though the channel you were invoking was still using API keys instead of Basic Auth. Are you sure it is the latter?

Regards.

lxtechie · December 21, 2016, 10:00am

Hi @dsuch

Whoops yes that fixed it. If you guys still want my zato version number its:
{code}
Zato 2.0.7.rev-b4239b81
{code}

dsuch · January 13, 2017, 4:04pm

Hello @lxtechie,

to follow up on your original question - yes, there were a few irregularities in how API keys were handled. This is now fixed in GitHub and will be published in 2.0.8.

Regards.

keith · February 22, 2017, 9:41am

Hi,

May I know when will 2.0.8 be official released? I am too facing API keys issues and will like to use it,

Regards,

dsuch · February 22, 2017, 10:00am

Hi Keith,

this should be within several weeks now - we are automating certain aspects of the build pipeline as we speak and this needs to be completed first. But that takes its own time - build automation is quite time-consuming.

As far as open tickets for 2.0.8 go - only a few simple ones are left and they will be dealt with in the next week.

keith · February 22, 2017, 10:16am

If it’s convenient for you, possible to point to me which files were patched that resolved this issues?

Regards,

dsuch · February 22, 2017, 10:36am

It was resolved in these commits:

dsuch · March 16, 2017, 6:31pm

Hi @keith,

this is a heads-up that a recent setuptools release basically broke our build - we are working on it but there will be a delay in releasing 2.0.8.

I apologize for it, final steps were to be carried out starting March 6 but it turned out that on March 3 the then newest setuptools broke some dependencies.

This is outside of our control and I can only say I’m sorry - 2.0.8 will be released as soon as we get around these issues.

keith · March 20, 2017, 10:54am

Hi @dsuch,

No need to apologize and thank you for the heads-up. I have already implemented the patches you have given. It works great in our current production environment now and therefore no urgency at the moment to upgrade. Really appreciate your personalized communication. Will wait for your official release announcement.