403 Forbidden Access on all methods of Admin API

[shahidmuzaffar98]

Hi,

I was trying to get the users present in my duo account with the admin API by calling the method get_users(), but everytime when I call this method it lands in 403 Access Forbidden Error. Same is the problem with all other methods when I try to call them.

`>>> admin_obj = admin.Admin(ikey='XXXXXXXXXXXM5Q', skey='XXXXXXXXXXXXXXXXXXXXXXXXX2XW2e', host='api-xxxxxxx.duosecurity.com')

admin_obj.get_users() Traceback (most recent call last): File "", line 1, in File "/home/shahid/.local/lib/python3.10/site-packages/duo_client/admin.py", line 689, in get_users return list(self.get_users_iterator()) File "/home/shahid/.local/lib/python3.10/site-packages/duo_client/client.py", line 409, in json_paging_api_call (objects, metadata) = self.parse_json_response_and_metadata(response, data) File "/home/shahid/.local/lib/python3.10/site-packages/duo_client/client.py", line 485, in parse_json_response_and_metadata raise_error('Received %s %s' % ( File "/home/shahid/.local/lib/python3.10/site-packages/duo_client/client.py", line 471, in raise_error raise error RuntimeError: Received 403 Access forbidden

admin_obj.get_bypass_codes() Traceback (most recent call last): File "", line 1, in File "/home/shahid/.local/lib/python3.10/site-packages/duo_client/admin.py", line 3095, in get_bypass_codes return list(self.get_bypass_codes_generator()) File "/home/shahid/.local/lib/python3.10/site-packages/duo_client/client.py", line 409, in json_paging_api_call (objects, metadata) = self.parse_json_response_and_metadata(response, data) File "/home/shahid/.local/lib/python3.10/site-packages/duo_client/client.py", line 485, in parse_json_response_and_metadata raise_error('Received %s %s' % ( File "/home/shahid/.local/lib/python3.10/site-packages/duo_client/client.py", line 471, in raise_error raise error RuntimeError: Received 403 Access forbidden `

[DuoKristina]

Did you grant sufficient privileges to the Admin API application you created in Duo? It needs "Grant read resource" to retrieve objects like users.

[jiva]

@DuoKristina This is an issue for me too. Requests to AdminAPI endpoints with existing credentials are 403ing. Permission Grant read resource has already been set.

[shahidmuzaffar98]

Did you grant sufficient privileges to the Admin API application you created in Duo? It needs "Grant read resource" to retrieve objects like users.

Thanks Kristina, I got to know the solution in the duo forum itself. Just had to provide sufficient privileges for the admin API.

[shahidmuzaffar98]

@DuoKristina This is an issue for me too. Requests to AdminAPI endpoints with existing credentials are 403ing. Permission Grant read resource has already been set.

Hi Jiva,

Just follow the following steps -

Login to your duo dashboard

Open the application section

If you haven't ste up your admin API, do so by going into the protect application (right top corner)

Once done, mark the privileges you want to set up for admin API.

[jiva]

@DuoKristina @shahidmuzaffar98

FWIW this is still an issue for me - I granted all available permissions to my set of credentials and calls to admin_api.get_users() continue to throw RuntimeError: Received 403 Access forbidden errors.

My application was set up and working fine and the API/SDK just started throwing these errors a couple days ago with no code changes on my part.

[jiva]

Well the answer seems to be that this is API is for paying users and I was on a new account within the trial period, so my access was abruptly cut-off.