Open rniedosmialek opened 6 years ago
I've just run the api test using the new API key and it passes without issues. So I'm not really sure why it happens.
This console page lists the available keys. Does the page include your new key? If so, is the key associated with a usage plan?
The admin view does show the new key and that the old one has been removed.
I am not sure about the key associated to a usage plan. I have reviewed the API’s created by the stack and see no reference to this key in any of the configuration nor the old key.
I can execute a list components, incidents, and maintenances items with the API and passing the key in the header with x-api-key but when I perform any other operation is return unauthorized. Could the key be good but permissions some where we not updated properly for the new key created?
On Nov 15, 2018, at 6:01 AM, Kishin Yagami notifications@github.com wrote:
I've just run the api test https://github.com/ks888/LambStatus/tree/master/packages/lambda/api_test using the new API key and it passes without issues. So I'm not really sure why it happens.
This console page https://console.aws.amazon.com/apigateway/home?#/api-keys lists the available keys. Does the page include your new key? If so, is the key associated with a usage plan?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ks888/LambStatus/issues/142#issuecomment-439032351, or mute the thread https://github.com/notifications/unsubscribe-auth/ABqbCzdhNi3sxs4aQ9y4B8ffsOq5528Eks5uvWWlgaJpZM4YeE_R.
The red square below indicate a usage plan.
APIs to get a list components, incidents, and maintenances items need no permission. So it works even if the api key is wrong.
It does not show me a usage plan but an association to the release. Is this something I need to create on my own?
On Nov 15, 2018, at 6:37 AM, Kishin Yagami notifications@github.com wrote:
The red square below indicate a usage plan. https://user-images.githubusercontent.com/8448120/48556200-a1f4bc80-e926-11e8-919d-4f6b391733d0.png APIs to get a list components, incidents, and maintenances items need no permission. So it works even if the api key is wrong.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ks888/LambStatus/issues/142#issuecomment-439042337, or mute the thread https://github.com/notifications/unsubscribe-auth/ABqbC3ITHIVt4p4KTcwf2MtCiQEqEgZMks5uvW4HgaJpZM4YeE_R.
Correction on my last response as it appears I was one level to deep in the Api section. I have two usage plans associated with the API key which both associate to the same stage
On Nov 15, 2018, at 6:37 AM, Kishin Yagami notifications@github.com wrote:
The red square below indicate a usage plan. https://user-images.githubusercontent.com/8448120/48556200-a1f4bc80-e926-11e8-919d-4f6b391733d0.png APIs to get a list components, incidents, and maintenances items need no permission. So it works even if the api key is wrong.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ks888/LambStatus/issues/142#issuecomment-439042337, or mute the thread https://github.com/notifications/unsubscribe-auth/ABqbC3ITHIVt4p4KTcwf2MtCiQEqEgZMks5uvW4HgaJpZM4YeE_R.
for the record i also had to manually associate them in api gateway, and then all is good
I decided to create a new API key and remove the previous. That was successful but now when I make API calls for POST,PATCH, or DELETE I receive "message": "Unauthorized". This was working with the previous API key but as part of a rotation process we rest it. Any suggestion on where to look at to why the new API is rejected and how to verify it is validating against the new key generated by the application stack?