topic Re: Problem with API Token and XIQ in ExtremeCloud IQ

Problem with API Token and XIQ

Thilroy — Tue, 08 Apr 2025 13:26:11 GMT

Hi,

This is the second post I write about the subject since (sheesh!) last friday because the first one was marked as "spam" and the moderators are obviously too busy to look at my abuse report. Well, here it goes :

Hi!

I am using python scripts to try and automate some XIQ-related tasks, like User Group creation, but I am getting the message : {"message":"401 Unauthorized: Invalid Token"}.

Basically, what I do is first a login with a POST to https://api.extremecloudiq.com/login, and that provides me with a token that I can use for getting infos like /devices, /usergroups, allright.

If I understand correctly, I need another authorization token if I want to perform a create user group operation.

I am not sure of the permission I need for that, but it seemed pretty logical to ask something like that :
{"expire_time": int(time.time())+1000, "description": "API Token with write permissions.", "permissions" : [ "usergroup" ]}, since "usergroup" gives you : "description": "Full control of user group".

I indeed get a new token, with other permissions as well (there are a lot !!!) but always do get the same result, which is {"message":"401 Unauthorized: Invalid Token"} when I try to create my group based on the following json file :

#edited out because of the lousy anti-spam robot

Could someone tell me where I am wrong ?

Thanks in advance,

Thierry.

Re: Problem with API Token and XIQ

JonasD_Complit — Thu, 10 Apr 2025 17:49:35 GMT

Hi with the access token you get from the login you can do the requests. You can indeed ask for a new api token with different rights. But the first have generated have enough rights.

You can test it by going to https://api.extremecloudiq.com/swagger-ui/index.html#/Authentication/login -- Click on Try it out -- Fill in user name and password -- now you can go to https://api.extremecloudiq.com/swagger-ui/index.html#/Configuration%20-%20User%20Management/listUserGroups and try if you are able to get all the user groups. (normally he remembers the api token from first request)

You can also check which permission this access token has. Maybe you can learn which permissions you want: https://api.extremecloudiq.com/swagger-ui/index.html#/Authorization/listPermissions

Re: Problem with API Token and XIQ

Thilroy — Fri, 11 Apr 2025 08:58:42 GMT

Hi Jonas, Thanks for your answer.

I've been able to read all the data I wanted from the very beginning using the first "login" token I had generated. The reason why I tried generating an authorization token is because I was getting the error {"message":"401 Unauthorized: Invalid Token"} when trying to create a new user group.

From my Python script, or from the command line, when I do (by following https://extremecloudiq.com/api-docs/api-reference.html#_create_user_group) :

#curl 'https://api.extremecloudiq.com/usergroups' -i -X POST -H 'Authorization: Bearer <myToken>' -H 'Content-Type: application/json' -d '{ "name": "UG_IOTW_2025_Week_14", "description": "string", "password_db_location": "CLOUD", "ppsk_use_only": true, "password_type": "PPSK", "enable_max_clients_per_ppsk": true, "max_clients_per_ppsk": 0, "pcg_use_only": false, "pcg_type": "AP_BASED", "enable_cwp_reg": false, "password_settings": { "enable_letters": true, "enable_numbers": true, "enable_special_characters": true, "password_concat_string": "string", "psk_generation_method": "PASSWORD_ONLY", "password_character_types": "INCLUDE_ALL_CHARACTER_TYPE_ENABLED", "password_length": 0 }, "expiration_settings": { "expiration_type": "VALID_DURING_DATES", "valid_during_dates": { "start_date_time": { "day_of_month": 31, "month": 3, "year": 2025, "hour_of_day": 3, "minute_of_hour": 0 }, "end_date_time": { "day_of_month": 7, "month": 4, "year": 2025, "hour_of_day": 3, "minute_of_hour": 0 }, "time_zone": "string" }, "expiration_action": "SHOW_MESSAGE", "post_expiration_action": { "enable_credentials_renewal": false, "enable_delete_immediately": true, "delete_after_value": 0, "delete_after_unit": "MINUTE" } }, "delivery_settings": { "email_template_id": 0, "sms_template_id": 0 } }'

I get the following answer :

HTTP/2 401 server: nginx date: Fri, 11 Apr 2025 08:48:54 GMT content-type: application/json {"message":"401 Unauthorized: Invalid Token"}

Like I was saying, I tried that with my login token (which has full rights indeed, I verified) and with a new authorization token with the same result.

So, write permissions problem ?

I have no clue and hope you'll see light where I am still in the dark.

Thx in advance,

Thierry

Re: Problem with API Token and XIQ

Thilroy — Fri, 11 Apr 2025 10:09:46 GMT

Update : I finally managed to make it work, I think I had a mistype in my script.

Now I only have a {"error_code":"BAD_REQUEST","error_id":"bf26a56d1c4846bfa8bb1d8195b20359"} to investigate. I guess that my create group data isn't right.