"https://hpridsbx.abdm.gov.in/api/v2/auth/authPassword" throwing 'unauthorised' error

ashishkyogi · December 5, 2022, 2:20pm

@IntegrationSupport :
I am trying to get the authToken using this api .

```
curl -X 'POST' \
  'https://hpridsbx.abdm.gov.in/api/v2/auth/authPassword' \
  -H 'accept: application/json' \
  -H 'Authorization: eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJBbFJiNVdDbThUbTlFSl9JZk85ejA2ajlvQ3Y1MXBLS0ZrbkdiX1RCdkswIn0.eyJleHAiOjE2NzAyNTA0OTUsImlhdCI6MTY3MDI0OTg5NSwianRpIjoiYTRhYzhlZDUtN2U1Zi00NmQ1LWIyZmYtNWQ5NmFhMTA4MzczIiwiaXNzIjoiaHR0cHM6Ly9kZXYubmRobS5nb3YuaW4vYXV0aC9yZWFsbXMvY2VudHJhbC1yZWdpc3RyeSIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiI4OGU3NWMyMC1mMzcyLTQxZmYtOTc3OS0zZjJkMjhlMDVjYzciLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJTQlhfMDAxNjQ5Iiwic2Vzc2lvbl9zdGF0ZSI6Ijc2NzI0ZWEzLTA2MmUtNDU1Yi05MWI2LWFlMzBmZjk5ZTZlNSIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL2xvY2FsaG9zdDo5MDA3Il0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJoaXUiLCJvZmZsaW5lX2FjY2VzcyIsImhlYWx0aElkIiwiT0lEQyIsImhpcCJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfSwiU0JYXzAwMTY0OSI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfX0sInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJjbGllbnRJZCI6IlNCWF8wMDE2NDkiLCJjbGllbnRIb3N0IjoiMTAuMjMzLjY5LjUyIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtc2J4XzAwMTY0OSIsImNsaWVudEFkZHJlc3MiOiIxMC4yMzMuNjkuNTIifQ.EGYwXeFhDhOBql3piAC9rXxUhKODLz5FixVOYGNAP5Tx2PtaCkipOdgLJgZyaewG5__1pykIjl5ccxdAvCyoZj7FFpwUmdZJkhHlQcGJwMm2iNyCzGp-RmIDGb_9HKXysn1F_wQhahh_ZOWMfIO0LJbXGgP3bzcHKcvuHgLPlU0BVuJKnVCBtTfhOGrpw1rbrFiaLcEwth7S5-q2Mc_O5HK5tm4qeCZMPQzt_jzusxDkMOjQ880OmGqxuwoB51NDSwojQNg1BXjVVpBJnMSTVZy4Km_7Wfog17ymm1X0C49XQY63ea1678WgtFQXQDBKwhe5AUxeU4W1DhKHH_RHYg' \
  -H 'X-HIP-ID: SBX_001649' \
  -H 'Content-Type: application/json' \
  -d '{
  "hprId": "ashishyogi1990@hpr.abdm",
  "password": "{{my-password}}"
}'
```

Response : cache-control: no-cache,no-store,max-age=0,must-revalidate
connection: Keep-Alive
content-length: 0
content-security-policy: frame-src ‘self’ https://www.google.com; frame-ancestors ‘self’ https://www.google.com; object-src ‘none’;
date: Mon,05 Dec 2022 14:18:59 GMT
expires: 0
keep-alive: timeout=5,max=100
pragma: no-cache
server: Apache/2.4.6 (CentOS)
strict-transport-security: max-age=31536000 ; includeSubDomains
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
x-custom-security-header: default-src ‘none’; img-src ‘self’; script-src ‘self’ style-src ‘self’
x-frame-options: DENY
x-webkit-csp: default-src ‘self’
x-xss-protection: 1; mode=block

Am I missing any parameters ?
Please let me know if we need to pass the CLIENT-ID and CLIENT-SECRET as well ?
CLIENT-ID : SBX_001649

As per the API Swagger : In order to have access to Healthcare Professional ID APIs, Your ClientId * required must have hid role in gateway. So if you want access to these APIs then please request it in your Ayushman Bharat Digital Mission (ABDM) on-boarding request.

If this is missing for the CLIENT-ID , please add the required permission corressponding to CLIENT-ID

ashishkyogi · December 6, 2022, 4:53am

@IntegrationSupport : Can you please take a look intot his and guide us, its sort of urgent for me to figure it out. Thanks

Areeb · December 6, 2022, 7:24am

@ashishkyogi

please add Bearer in the Authorization field used in header

from
Areeb

ashishkyogi · December 6, 2022, 7:28am

@Areeb : Did that as well with a new Bearer Token, it didnt work as well. See screenshot :

cc @IntegrationSupport

Areeb · December 6, 2022, 9:32am

hi @ashishkyogi

provide the new Authorization Token in this call

from
Areeb

ashishkyogi · December 6, 2022, 12:53pm

@Areeb: It was the new token . Anyways, here is a new request with new token (first part of token may seem the same but later part changes everytime I hit /sessions API) :
curl --location --request POST ‘https://hpridsbx.abdm.gov.in/api/v2/auth/authPassword’
–header ‘X-HIP-ID: SBX_001649’
–header ‘Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJBbFJiNVdDbThUbTlFSl9JZk85ejA2ajlvQ3Y1MXBLS0ZrbkdiX1RCdkswIn0.eyJleHAiOjE2NzAzMzEyNzgsImlhdCI6MTY3MDMzMDY3OCwianRpIjoiMDljMjY3ZDItZGQzNC00MzY5LWI1NDktMjQyMGMwYjRmNTViIiwiaXNzIjoiaHR0cHM6Ly9kZXYubmRobS5nb3YuaW4vYXV0aC9yZWFsbXMvY2VudHJhbC1yZWdpc3RyeSIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiI4OGU3NWMyMC1mMzcyLTQxZmYtOTc3OS0zZjJkMjhlMDVjYzciLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJTQlhfMDAxNjQ5Iiwic2Vzc2lvbl9zdGF0ZSI6IjE2MDBkMzk2LWRmNDMtNDEyMy1iYzM4LTYwY2QzYzcyZWQ2ZCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL2xvY2FsaG9zdDo5MDA3Il0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJoaXUiLCJvZmZsaW5lX2FjY2VzcyIsImhlYWx0aElkIiwiT0lEQyIsImhpcCJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfSwiU0JYXzAwMTY0OSI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfX0sInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJjbGllbnRJZCI6IlNCWF8wMDE2NDkiLCJjbGllbnRIb3N0IjoiMTAuMjMzLjY5LjUyIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtc2J4XzAwMTY0OSIsImNsaWVudEFkZHJlc3MiOiIxMC4yMzMuNjkuNTIifQ.NKFBgp0xsLBGMvl_cs1Vx7iFNqfBKS4T1YS68tBk9T7LH6SdY0KPqQohkW29Ck7yF3GHDTtAPyvFEgnwKK_NnM1Pn2sECyE82-cy1TqtaeAdSHud2N4aIyc5eBktoSovAlBFy3plI9DerdGOwyApc2XSP_Uvj44snGqxw3OEasZzk-hxpctLhZR7S2tcxz8gJGAMCueTBR3Nw4hrVEjKr5QhmWobHXtmSQ_48g6DpOst5ShPXdpDPjcGG_IuqC4gKA8q_NW_47sWd4nJrDWJPBnPdbT8qC8mao2gfGTaUwZAPblWysVBcbmrAjE8UtTDrLStB1CtcM6bMgbvqD0H_g’
–header ‘Content-Type: application/json’
–header ‘Cookie: HttpOnly’
–data-raw ‘{
“hprId”: “ashishyogi1990@hpr.abdm”,
“password”: “Aky@9164”
}’

Response is still 401.

Please help, I have added my password for HP-ID used. Please note that I am able to access /login here but failing at HTTP request

cc @IntegrationSupport

ashishkyogi · December 6, 2022, 12:53pm

Error is similar to Getting unauthorized error in HFR APIs

ashishkyogi · December 7, 2022, 1:24pm

Any help please @IntegrationSupport @Areeb ?

IntegrationSupport · December 8, 2022, 4:28am

Hi Ashish, your client id does not have the required roles for this API. HP-ID role is required. We will raise this concern with our tech teams to do the needful.
@Ramandeep1 - kindly assign HP-ID role to SBX_001649

Ramandeep1 · December 8, 2022, 4:33am

Hi @ashishkyogi HP ID role have been provided to you.

Thanks

ashishkyogi · December 8, 2022, 6:00am

Thanks @IntegrationSupport @Ramandeep1 for quick turn-around

We will check and get back

ashishkyogi · December 8, 2022, 12:03pm

@IntegrationSupport @Ramandeep1: HP ID role authorised to make request but now when I tried this API

   {
    "code": "HIS-400",
    "message": "Request is invalid. Please enter the correct data.",
    "details": [
        {
            "message": "Must contain an upper case, a lower case, a number, a special character, and at least 8 or more characters. It should not contain any sequences (like 123).",
            "code": "HIS-1010",
            "attribute": {
                "key": "password",
                "value": "Aky@9164"
            }
        }
    ]
}

I even tried the passwords liee AshishKum@rY0gi and AkIc@9164 but these also threw the same error.
PS: I am able to login here via UI with same password as mentioned above.
I am wonderng if the right error code is thrown ?
Please provide the guidance.

Thanks
Ashish

ashishkyogi · December 8, 2022, 12:17pm

@IntegrationSupport @Ramandeep1 : Here is one more request :

curl -X 'POST' \
  'https://hpridsbx.abdm.gov.in/api/v2/auth/authPassword' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJBbFJiNVdDbThUbTlFSl9JZk85ejA2ajlvQ3Y1MXBLS0ZrbkdiX1RCdkswIn0.eyJleHAiOjE2NzA1MDIzMTUsImlhdCI6MTY3MDUwMTcxNSwianRpIjoiNTMzNjU3ZWItMmY3ZS00MTg3LWFkYmEtN2NiZGM4YzRhMWNiIiwiaXNzIjoiaHR0cHM6Ly9kZXYubmRobS5nb3YuaW4vYXV0aC9yZWFsbXMvY2VudHJhbC1yZWdpc3RyeSIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiI4OGU3NWMyMC1mMzcyLTQxZmYtOTc3OS0zZjJkMjhlMDVjYzciLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJTQlhfMDAxNjQ5Iiwic2Vzc2lvbl9zdGF0ZSI6ImMzMjk3YjdiLWM2NTAtNDIxOC04YWZmLTNlMmRhYmE4ZGMxYiIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL2xvY2FsaG9zdDo5MDA3Il0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJoaXUiLCJvZmZsaW5lX2FjY2VzcyIsImhlYWx0aElkIiwiT0lEQyIsImhpcCIsImhwX2lkIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19LCJTQlhfMDAxNjQ5Ijp7InJvbGVzIjpbInVtYV9wcm90ZWN0aW9uIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSIsImNsaWVudElkIjoiU0JYXzAwMTY0OSIsImNsaWVudEhvc3QiOiIxMC4yMzMuNjcuMTMyIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtc2J4XzAwMTY0OSIsImNsaWVudEFkZHJlc3MiOiIxMC4yMzMuNjcuMTMyIn0.KA996zi88F19YTm_iYnHW8o4_p5-eV-IYJDms4zMcidb7xr4QHBAN48XCQ4T1hpE3i6COE-zVD2ZYeqd76Qgs3wsqt0ao6xtLZeyMZ9TSyNQXJJn_GmcnqgJx0lGrynXTpAmNeMkSN64LfNHn8O43tKr7F_FGa60ZEIMN2cIgOS5NS7uJc8meHKh31Wa0TS-rclOBlUkJX2-Ts4lusFRmVTObSgv1JWQ5WgO1hFkZeIFFwNLyD3ZgD8RfDf2FYhRa7QQDEhCRaH06lD2i3J99hOXry7p6Va5mLLkyFmPJxOcXJz8F0qXxgI-g0BIDmYU-85VNU7NLGN9dybXBG4ssA' \
  -H 'X-HIP-ID: SBX_001649' \
  -H 'Content-Type: application/json' \
  -d '{
    "hprId": "ashishyogi1990@hpr.abdm",
    "password": "Aky##9891Yogi"
}'

Response :

{

"code": "HIS-400",

"message": "Request is invalid. Please enter the correct data.",

"details": [

    {

        "message": "Must contain an upper case, a lower case, a number, a special character, and at least 8 or more characters. It should not contain any sequences (like 123).",

        "code": "HIS-1010",

        "attribute": {

            "key": "password",

            "value": "Aky##9891Yogi"

        }

    }

]

}

ashishkyogi · December 9, 2022, 6:05am

@IntegrationSupport @Ramandeep1 : Can you please suggest what could be the reason of above issue?

ashishkyogi · December 12, 2022, 5:22am

@Ramandeep1 and @IntegrationSupport: Can you please help us with this?

ashishkyogi · January 3, 2023, 6:05am

Hi @IntegrationSupport, can you help me this issue.