Forum Discussion

Lewis_Beard's avatar
3 months ago

API v3 Python Patch on user 403 forbidden

I have some old python code (that I didnt write) that uses v1 of the API that does a patch with a super minimal patch data block, just the value needed. Personally, I have Groovy code that does some patching using the retrieved user in a Map object and I make a minimal map with just the stuff v3 requires that I set (which v1 didnt) like roles and password and etc, and I managed to get code working with Groovy v3.

But I'm in a circumstance where I have to use python and patch on a user, and for the life of me, I keep getting a 403 forbidden error. I've found several examples online, and basically I believe I've got everything set up correctly, the code is mostly similar to the old working v1 code except it has the changes that v3 needs. But I get a 403 error (forbidden). But I know the API token has rights to update the user (tho it is still attached to a user with an administrator role, but I dont think thats the issue, I have groovy code using the same API token).

I hate to ask people to look at code but is there anything obviously wrong here that I'm missing for python and v3?

    http_verb ='PATCH';
 
    resource_path = '/setting/admins/' + str(user_id);
 
    patch_data = '{"roles":[{"name":"myrole"}],"email":"what@whatever.what","username":"blah","password":"meh","apionly": true}';
 
    queryParam = '?changePassword=false&validationOnly=false'
 
    url = 'https://'+ Company +'.logicmonitor.com/santaba/rest' + resource_path + queryParam;
 
    epoch = str(int(time.time() * 1000));
 
    requestVars = http_verb + epoch + patch_data + resource_path;
 
    hmac1 = hmac.new(AccessKey.encode(),msg=requestVars.encode(),digestmod=hashlib.sha256).hexdigest();
 
    signature = base64.b64encode(hmac1.encode());
 
    auth = 'LMv1 ' + AccessId + ':' + signature.decode() + ':' + epoch;
 
    headers = {'Content-Type':'application/json','Authorization':auth,'X-Version': '3'}
    
    response_patch = lm_session.patch(url, data=patch_data, headers=headers)
 
    return response_patch;

 

Thanks!

  • I figured out the issue. I am not doing anything wrong in the code at all. The API just does NOT let me convert a user to "apionly":true ..... I can set "apionly":false all day long because it is already false.

    So even though apionly is one of the items in the model for /setting/admins/{id} for PATCH, nothing in the model on the REST API v3 Swagger documentation, on the model tab there, shows that I cant change it.

    But it isnt allowed. Oh well.

  • I figured out the issue. I am not doing anything wrong in the code at all. The API just does NOT let me convert a user to "apionly":true ..... I can set "apionly":false all day long because it is already false.

    So even though apionly is one of the items in the model for /setting/admins/{id} for PATCH, nothing in the model on the REST API v3 Swagger documentation, on the model tab there, shows that I cant change it.

    But it isnt allowed. Oh well.

  • Oh and to be clear, the goal is to attempt to convert a local user to an apionly user because our portal is so old, that there wasnt an option to create apionly users, and we have so many integrations and tokens and etc that we are hoping to not have them break on dec 31 when all local users are forced to 2FA.