How to get permission to access db of test environment

Not applicable

When try to test proxy, it throws below error. The user has 'Organization Administrator' Role assigned.

https://{{org}}-{{env}}.apigee.net/v1/products

After replacing org as my Orgnaization name and env = test

The below error is because trying to consume following API for db of test environment:\

https://{org}}-{{env}}..apigee.net/db

{
    "error": "unauthorized",
    "error_description": "This resource requires admin rights.",
    "exception": ""
}
0 24 1,009
24 REPLIES 24

I think maybe you are operating under some incorrect assumptions.

In any Apigee Edge system, there are multiple URL endpoints available:

When you create a custom proxy and deploy it, it listens on the proxy endpoint. When you want to deploy a proxy, or inquire as to the status of a deployment, or perform one of many many other administrative of operational tasks, you might use the Admin endpoint.

The Apigee Edge management server always evaluates authentication and user roles when you connect to the Admin API Endpoint.

Conversely, your custom API Proxy may or may not evaluate authentication. It's up to you. The behavior depends on how you implement it. You can configure it to accept a token, or an AIP key, or basic authentication (username + PassworD) . In no case will the proxy endpoint evaluate "orgadmin" credentials. Those creds are maintained by the Apigee mgmt infrastructure. Those credentials are not appropriate to use with custom API proxies. And it is impossible to validate those credentials within the scope of an API Proxy. Therefore, it is irrelevant that "the user has 'Organization Administrator' role". The API Proxy doesn't care.

If you have a custom API proxy and it listens on the /db basepath, and you are sending in a request to https://ORG-ENV.apigee.net/db , then any response message you get from that URL, including one that says "this resource requires admin rights", is emitted by YOUR API proxy. Likewise if your basepath is /v1/products .

If I had to guess I'd say you don't have your ORG and ENV set properly; you're using the wrong domain name. Just a guess.

If your org is "anbalagan-eval" then a proper domain would be anbalagan-eval-test.apigee.net and the URL would be https://anbalagan-eval-test.apigee.net/db

Does that look like what you're using?

I am following apigee edge course and trying to test the API proxy.

Step 1: Using product specs(Swagger based) in apigee Edge evaluation trial environment.

Step 2: Create an API proxy using the above product API specs and deploy to test environment.

Step 3: Test the proxy from Postman and also in browser

url: https://anb@@@@@-eval-test.apigee.net/v1/products

but getting error as 'Permission denied'. Please find the screenshots below:

7082-2018-07-05-20-14-42-start.png

7079-2018-07-05-20-18-49-start.png

FYI, Products API specs:

7081-2018-07-05-20-28-28-start.png

The API proxy deployed chosen with No Auth - Pass through option. So as per my understanding it should pass through without verifying authentication.

Am i missing anything here????

Hey @Kamalakannan Anbalagan, even I am using trail account & I have seen this error couple of times randomly.

I just ignore it & invoke the url few more times to make it work.

Possibly you are missing something.

you wrote "getting error as 'Permission denied'."

From postman? From the browser? Both? Is there a response payload?

more details please.

Have you tried running the browser developer tools and looking at the request/response fr the failed request?

If it's a CORS issue you should see it there.

Have you correlated the failure you see in postman or the browser with an Apigee Edge Trace session? (do you know HOW to run Trace within Apigee Edge?)

More diagnostics please.

@Kamalakannan Anbalagan - please add me to your org so that I can take a look at the setup. I have sent you an email

I was trying this lab in the coursera. For sure there is some unpredictable behaviour for some reason.

For some reason while testing nothing worked

On day 2 the lab for fetching products worked

When I was running the next lab by adding new operations for "products availability"

nothing worked

I started looking at trace and found that there was issue from the backend

401 - admin rights.

Moments later it worked.

Strange

With the postman tool by using env variable nothing works.

Get following error -

{ "fault": { "faultstring": "Unable to identify proxy for host: secure and url: /v1/products/697690/availability", "detail": { "errorcode": "messaging.adaptors.http.flow.ApplicationNotFound" } }

without using env variables everying works. May be I am missing something in postman tool. However coursera labs do seem to work sometimes. May be some thing about browser cache.

I wasted a day almost going over this problem.

Not applicable

@Dino-at-Google

Hi

Me too getting the same response as Anbalagan. Below is the response received. I could see successful response for sample different API which is created. I dont think this is because of the host name wrong. I am using the correct host name as

http://org_name-test.apigee.net/db

{
    "error": "unauthorized",
    "error_description": "This resource requires admin rights.",
    "exception": ""
}

trace-1536165896663.txt

Uploading the trace for reference. Please provide inputs to resolve this. Tried from Browser, Postman, SOAP-UI getting same response.

Please confirm if your firebase URL you were pointing to is returning a response. I guess this is coming from the Firebase backend

firebase-response-products.pngtrace-screenshot.png

Getting response from firebase URL.

As per the trace you attached, you are hitting https://org_name-trial-test.apigee.net, it should be your org name and env

https://{org}-{env}.apigee.net

@Sai Saran Vaidyanathan

I have updated the trace to mask my orginal details. My Bad 🙂

Please reply to existing comment instead of Answer

I guess something is wrong with your configuration. Can you add me to your org so that I can take a look at your proxy and config setup ? I will email you privately

@Sai Saran Vaidyanathan

Thank you, As per my analysis below was the issue, please correct me if missing anything. course-steps-in-buiding-your-first-api.png

Backend was configured to below as per the step provided in Lab building-your-first-api-proxy-in-apigee-edge

https://{org_name}-{env}.apigee.net/db

instead of https://{org_name}-{env}.apigee.net/db/products

So backend proxy edge-developer-training-backend was matching to below root flow and throwing 401 Unauthorized

<Flow name="root"> <Description/> <Request> <Step> <Name>Raise-Fault-401</Name> </Step> </Request> <Response/> <Condition>(proxy.pathsuffix = "/" or proxy.pathsuffix MatchesPath "") and (request.verb = "GET")</Condition> </Flow>

After updating the backend to

https://{org_name}-{env}.apigee.net/db/products

getting sucessful response.

Yes - In the above steps, there is a step to update the spec to point to your org and environment. If that was done correctly, when you import the proxy from the spec, it would pick that.

Not sure why you need to add /products as its part of the path suffix in the proxy. Please follow the instructions as mentioned and get back if you still find issues

@Sai Saran Vaidyanathan

As discussed the issue was because of using /v1/product as the basepath in the Product API proxy, Fixed this issue and its working as expected. No need to add the /product to the target endpoint if the base path is configured as /v1. Thanks

I too got the same error and was fixed by adding /db/products to the proxy target end point. The course material needs to be updated with this fix

dont think you need to update anything in the config. Please check the instructions. Vijay had a wrong config and reverting that fixed the issue.

jyothikiranr
Participant IV

Hello Everyone, It seems that several of us ran into this issue with the second Lab in course two. Lab: Test your Proxy

Im posting these steps here for your reference incase anyone runs into this issue.

  • When running node setup -- Make sure your Firebase Host name doesn't contain https:// at the beginning and not leading slash ( / ) at the end. So your firebase hostname that you input at console should look like this apigee-developer-trainin-xxxxx.firebaseio.com without protocol and leading slash at the end.
  • Important -- In second step when creating proxy from spec, you are asked to enter proxy name, Proxy Base Path (Make Sure its /v1 -- it will auto populate as /products) , existing API (make sure its like https://xxxx.apigee.net/db) and product description. (these instructions are given on the course tutorial)
  • Continue with setup, and test your proxy

I hope this helps anyone who got stuck.

Thanks

** Edit - dont need to edit spec, You can just rename the path for the existing API.

If you are following through the certification course on coursera, you should use this endpoint https://{{org}}-{{env}}.apigee.net/db/products instead of https://{{org}}-{{env}}.apigee.net/v1/products

The same happened to me but I checked the Firebase and make sure it looks like this:

{ "rules": { ".read": "auth == null", ".write": "auth == null" } }

before i have != null and it didn't work after change == null it work

if Firebase check the rules:

{ "rules": { ".read": "auth == null", ".write": "auth == null" } }

if you have !=null It doesn't work