Getting "No authentication bearer token specified in authorization header" when executing DNC API using python

jtran7 · March 11, 2024, 3:19pm

I been trying to execute the
/api/v2/outbound/dnclists/{dncListId}/phonenumbers API via Python using the client credential OAUTH but I keep getting these unauthorized exception. I have all the admin and developer roles assigned to my client. Is there something I'm missing?

Exception when calling OutboundApi->post_outbound_dnclist_phonenumbers: (401)

HTTP response body: {"message":"No authentication bearer token specified in authorization header.","code":"authentication.required","status":401,"}

tim.smith · March 11, 2024, 3:23pm

The error is indicating that you're not sending an auth token, not that it's valid and lacking permissions. Be sure to look through your code and make sure you're initializing things properly and are setting the access token correctly before making requests.

jtran7 · March 11, 2024, 3:42pm

I been assigning the client_id and client_secret (variables I used) with the one I get from my Oauth. Odd I doubled checked and even used a new one and still getting me the same error. Could it be the code I'm using to pass them in. Said "invalid client" and "client not found"

PureCloudPlatformClientV2.api_client.ApiClient().get_client_credentials_token(client_id,
client_secret)

tim.smith · March 11, 2024, 3:46pm

If authorization fails, all subsequent API requests will also fail because they lack valid authorization. There are two common causes for this: typos and not setting the region to the same region where the credentials are from. https://developer.genesys.cloud/devapps/sdk/docexplorer/purecloudpython/#setting-the-environment

jtran7 · March 11, 2024, 4:26pm

I think I figured out why its happening I basically gave the OutboundApi() instance the token I got from my API; Thou now I'm getting permission errors. Is this still related to the roles assigned? I checked and I have all the permission for adding outbound dnc selected including all the admin accounts.

Is there a section we need to enable on the code side to assign that missing permission? Or is it because it doesn't like using client credential Oauth

"message":"Unable to perform the requested action. You must have at least one of the following permissions assigned: [outbound:dnc:add]

tim.smith · March 11, 2024, 4:35pm

Keep in mind that you, as a user, are not client credentials. The "you" in this error message is referring to the OAuth client. Your user account may have permission to do things and it will work when you're signed in to API Explorer as your user, but the client credentials you've created have their own permissions that are granted to it based on the roles configured for the client. About people and permissions - Genesys Cloud Resource Center

jtran7 · March 11, 2024, 4:42pm

Yea that's the thing I added almost all the admin and dnc permission to my oauth role. Maybe it takes time for it get the information.

jtran7 · March 11, 2024, 4:45pm

I'll see if one of my roles I assigned to that client needs more permission. I guess just giving them all the DNC permission isn't enough.

tim.smith · March 11, 2024, 4:48pm

It requires the permission stated in the error message. Once you've granted that permission to a role assigned to the oauth client, wait 10 mins just to rule out any caching issue. Then run the app again to get a new token and see if it works. If you continue to get the 403 and are sure your configuration is correct, please open a case with Genesys Cloud Care to investigate further.

jtran7 · March 11, 2024, 6:04pm

Yep I think it definitely needed a refresh of a new token. It worked now after I got a new one. Thanks.

AshaIT · March 12, 2024, 7:27pm

@tim.smith I am also getting exactly same error and I have all roles and permissions assigned

{
"message": "No authentication bearer token specified in authorization header.",
"code": "authentication.required",
"status": 401,
"messageParams": {},
"contextId": "b856992b-3d3b-487f-aeff-73ae8c1a80dd",
"details": [
{
"errorCode": "ACTION.REMOTE_ENDPOINT"
}

I am trying to understand the following:

I already have client Id and secret configured for earlier version of SAP CRM 7, Now I want to use same for SAP Hana, Can i ?

tim.smith · March 12, 2024, 7:28pm

Same as above, a 401 means you're not sending an auth token.

AshaIT · March 12, 2024, 7:33pm

I added a auth token manually in headers of request with x-api-key

do i need to share client id and secret with SAP hana team ?

tim.smith · March 12, 2024, 7:35pm

I don't know anything about SAP, but you would need to configure it to make requests per the documentation: https://developer.genesys.cloud/authorization/platform-auth/use-client-credentials

AshaIT · March 12, 2024, 7:42pm

So for now we are not using OAuth and we have temporary solution with AWS secrets manager /AWS Lambda , In our request from genesys we need to enter URL and headers (Key and Token).

Moving forward once AWS design is implemented we will use Ouath.

tim.smith · March 12, 2024, 7:45pm

That's not an option. Genesys Cloud API authorization is exclusively OAuth. If you don't implement one of the supported OAuth flows, you can't get an auth token, and you can't make API requests.

AshaIT · March 12, 2024, 8:08pm

ok thx ! Can we test using postman with this temporary solution ?

tim.smith · March 12, 2024, 8:13pm

You can make requests to the Platform API directly from your browser using API Explorer: https://developer.genesys.cloud/devapps/api-explorer. There is a page about postman if you need to use that instead though.

AshaIT · March 13, 2024, 6:27pm

Hi @tim.smith

I am working on a solution Genesys --> AWS API Gateway ---> CRM(SAP), I need to understand flow using Oauth Authentication with Grant type Client Credentials. Pls share any details on this design and how a token is generated in Genesys or Postman.

Thanks

AshaIT · March 13, 2024, 6:38pm

APP is our CRM in this image ?