This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ
- Extreme Networks
- Community List
- Network Management & Authentication
- ExtremeCloud IQ
- Problem with API Token and XIQ
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Problem with API Token and XIQ
Problem with API Token and XIQ
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Tuesday
Hi,
This is the second post I write about the subject since (sheesh!) last friday because the first one was marked as "spam" and the moderators are obviously too busy to look at my abuse report. Well, here it goes :
Hi!
I am using python scripts to try and automate some XIQ-related tasks, like User Group creation, but I am getting the message : {"message":"401 Unauthorized: Invalid Token"}.
Basically, what I do is first a login with a POST to https://api.extremecloudiq.com/login, and that provides me with a token that I can use for getting infos like /devices, /usergroups, allright.
If I understand correctly, I need another authorization token if I want to perform a create user group operation.
I am not sure of the permission I need for that, but it seemed pretty logical to ask something like that :
{"expire_time": int(time.time())+1000, "description": "API Token with write permissions.", "permissions" : [ "usergroup" ]}, since "usergroup" gives you : "description": "Full control of user group".
I indeed get a new token, with other permissions as well (there are a lot !!!) but always do get the same result, which is {"message":"401 Unauthorized: Invalid Token"} when I try to create my group based on the following json file :
#edited out because of the lousy anti-spam robot
Could someone tell me where I am wrong ?
Thanks in advance,
Thierry.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Thursday
Hi with the access token you get from the login you can do the requests. You can indeed ask for a new api token with different rights. But the first have generated have enough rights.
You can test it by going to https://api.extremecloudiq.com/swagger-ui/index.html#/Authentication/login -- Click on Try it out -- Fill in user name and password -- now you can go to https://api.extremecloudiq.com/swagger-ui/index.html#/Configuration%20-%20User%20Management/listUser... and try if you are able to get all the user groups. (normally he remembers the api token from first request)
You can also check which permission this access token has. Maybe you can learn which permissions you want: https://api.extremecloudiq.com/swagger-ui/index.html#/Authorization/listPermissions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Friday
Hi Jonas, Thanks for your answer.
I've been able to read all the data I wanted from the very beginning using the first "login" token I had generated. The reason why I tried generating an authorization token is because I was getting the error {"message":"401 Unauthorized: Invalid Token"} when trying to create a new user group.
From my Python script, or from the command line, when I do (by following https://extremecloudiq.com/api-docs/api-reference.html#_create_user_group) :
#curl 'https://api.extremecloudiq.com/usergroups' -i -X POST -H 'Authorization: Bearer <myToken>'
-H 'Content-Type: application/json'
-d '{
"name": "UG_IOTW_2025_Week_14",
"description": "string",
"password_db_location": "CLOUD",
"ppsk_use_only": true,
"password_type": "PPSK",
"enable_max_clients_per_ppsk": true,
"max_clients_per_ppsk": 0,
"pcg_use_only": false,
"pcg_type": "AP_BASED",
"enable_cwp_reg": false,
"password_settings": {
"enable_letters": true,
"enable_numbers": true,
"enable_special_characters": true,
"password_concat_string": "string",
"psk_generation_method": "PASSWORD_ONLY",
"password_character_types": "INCLUDE_ALL_CHARACTER_TYPE_ENABLED",
"password_length": 0
},
"expiration_settings": {
"expiration_type": "VALID_DURING_DATES",
"valid_during_dates": {
"start_date_time": {
"day_of_month": 31,
"month": 3,
"year": 2025,
"hour_of_day": 3,
"minute_of_hour": 0
},
"end_date_time": {
"day_of_month": 7,
"month": 4,
"year": 2025,
"hour_of_day": 3,
"minute_of_hour": 0
},
"time_zone": "string"
},
"expiration_action": "SHOW_MESSAGE",
"post_expiration_action": {
"enable_credentials_renewal": false,
"enable_delete_immediately": true,
"delete_after_value": 0,
"delete_after_unit": "MINUTE"
}
},
"delivery_settings": {
"email_template_id": 0,
"sms_template_id": 0
}
}'I get the following answer :
HTTP/2 401
server: nginx
date: Fri, 11 Apr 2025 08:48:54 GMT
content-type: application/json
{"message":"401 Unauthorized: Invalid Token"}Like I was saying, I tried that with my login token (which has full rights indeed, I verified) and with a new authorization token with the same result.
So, write permissions problem ?
I have no clue and hope you'll see light where I am still in the dark.
Thx in advance,
Thierry
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Friday
Update : I finally managed to make it work, I think I had a mistype in my script.
Now I only have a {"error_code":"BAD_REQUEST","error_id":"bf26a56d1c4846bfa8bb1d8195b20359"} to investigate. I guess that my create group data isn't right.
T.
