Getting a 401 unauthorized on an API which has keyless authentication

Suman_Gurung · November 2, 2017, 12:34pm

Hi,

I created an API and set the auth mode to ‘keyless’. In the endpoint designer, I have added an endpoint and added the “whitelist” plugin to that endpoint. However, when I curl the endpoint, I get a “401 Unauthorized”.

thanks,
Suman

Josh · November 2, 2017, 12:46pm

Hi Suman

Is it working as it should without the whitelist?

Josh

Suman_Gurung · November 2, 2017, 1:49pm

I removed the ‘whitelist’ plugin, which removed the path from the end point designer page. I am guessing, since there is no whitelist, it is passing through the request.

However, when i try a curl command, I still get 401 unauthorized.

Josh · November 2, 2017, 2:26pm

Is there a problem with the curl, perhaps a missing trailing slash or something like that.

If you share I can try and help, your config or gateway logs also help!

Thanks
Josh

Suman_Gurung · November 2, 2017, 6:03pm

Hi Josh,

What’s the best way to share the config and the logs?

The curl looks fine:

curl -vvv -X GET "https://case-commons.cloud.tyk.io/api/users/1" -H "accept: application/vnd.api+json" -H "Accept-Version: v3"
*   Trying 34.200.195.179...
* Connected to case-commons.cloud.tyk.io (34.200.195.179) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.cloud.tyk.io
* Server certificate: Amazon
* Server certificate: Amazon Root CA 1
* Server certificate: Starfield Services Root Certificate Authority - G2
> GET /api/users/1 HTTP/1.1
> Host: case-commons.cloud.tyk.io
> User-Agent: curl/7.43.0
> accept: application/vnd.api+json
> Accept-Version: v3
>
< HTTP/1.1 401 Unauthorized
< Cache-Control: no-cache
< Cache-Control: no-cache="set-cookie"
< Content-Type: application/vnd.api+json; charset=utf-8
< Date: Thu, 02 Nov 2017 18:00:38 GMT
< Server: nginx
< Set-Cookie: AWSELB=BB4F0F6B10D7B78070A42BEC9B8517789C9DB8D49BCE30E462DA619F0515804B49E8C69AAA19C4975677DF25341E0D66626438498353C768F587DF27035FBE6C7F81E37572;PATH=/;MAX-AGE=43200
< Status: 401 Unauthorized
< Vary: Origin
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Ratelimit-Limit: 0
< X-Ratelimit-Remaining: 0
< X-Ratelimit-Reset: 0
< X-Request-Id: 8012defe-403c-4eef-89c9-0ca5540ba162
< X-Runtime: 0.003451
< X-Xss-Protection: 1; mode=block
< Content-Length: 0
< Connection: keep-alive
<
* Connection #0 to host case-commons.cloud.tyk.io left intact

Thanks,
Suman

Josh · November 3, 2017, 10:36am

Hi,
I just replicated this on a cloud account and if you add a trailing slash i.e.
https://case-commons.cloud.tyk.io/api/users/1/

Then the request works.

Josh