Getting error while trying to generate access token for a particular tenant.

Options

Comments

  • In addition you need to provide an authorization header:

    Authorization: Basic <value>

    Where <value> is base64 encoded '<clientId>:<clientSecret>'.

    Best to use postman authorization tab for this which will do this automatic:


  • ps: Better never post a password on internet

  • As per your suggestion, I have entered the required things, like the URL to access token

    https://na-1-dev.api.opentext.com/tenants/<mytenant'sid>/oauth2/token

    in client ID and client secret, in that, I have entered the credential that I got while creating an application and entered my email address and password that I used to sign up in OT developer.

    Also, I have tried to generate an Access token using the authentication tab and also using the body method I have declared all things in JSON format and made a request still getting an error.

    But still, we are not able to generate token we are getting unauthorized error. Please find the attached document for error info.


  • ps: forgot to hide the password before attaching screenshot.

  • Can you please try client credentials grant and confirm if you are able to obtain the token?

    have you reset the password for the tenant?

  • Eshan, I have tried both way , used Client Credential method and password method. but i am not able to generate token, and also Can you please tell me, which client ID and Client we have to use , i have to use credential of API key that will get generate from admin console or credential of application that we got after generating an application. and also i have a doubt that before putting that credentials we have to encode them in Base64 or we have to put same as JSON file that we got ?

  • Roger K
    Roger K E Community Moderator
    edited February 11, 2022 #8
    Options

    Further back in the thread when discussing the Basic Auth setup, you stated this ... "entered my email address and password that I used to sign up in OT developer".

    For tenant access this is not going to be correct. The userid you used to sign-up for access to the developer will be the user id of the tenant admin of the tenant concerned. However, the password will not be the same ... it is local to the tenant. So you will need to obtain a tenant password for this user.

    Within Console click on the tenant tab and then click the i next to Tenant Service Account and the Reset Password option on the right (you cannot use the Change Password option as you do not currently have the tenant password). User the reset flow to set the password to whatever you want ... and then use that password in the Authorization set-up in the screenshot above.

  • Roger,

    Thanks for suggesting, After resetting the password I am able to generate an access token.

  • How to resolve this issue?

  • Roger K
    Roger K E Community Moderator
    edited June 13 #11
    Options

    Assuming you have followed the thread above, made the necessary changes and are still seeing issues … please post the first part of the UUID which is your OrgId here and I will take a look at your account.

    Other than timeout of your trial these issues are typically addressed by the items mentioned in the thread above.

    Are you working with an Standalone application or looking to integration with a SaaS subscription?
    If the former …I assume the developer app which you are using to authenticate is actually deployed to the tenant you are looking to authenticate with?
    If you care looking to access a SaaS subscription like Core Content you cannot simply create a client directly on a subscription in the tenant. This will not work, as these clients are accepted by the gateway. You need to create an extension application from within the Organization and use the clients associated with that app.

  • @Roger K , Thanks for your comments.
    I have created an organization—> App inside a Tenant.
    Now i need to access the token API, but unfortunately token api is giving error.
    OrgId: 1a4302a0-d8a1-45fc-8c1f-b17beb8744ea

  • Roger K
    Roger K E Community Moderator
    edited June 13 #13
    Options

    OK - so the issue is the hostname in the auth url. A couple of months ago the self-service trial sign-up was changed to allow you to pick from several new regions, when previously they were all in the dedicated Build&Test region (na-1-dev).

    So since you chose the US region for your trial you should use us.api.opentext.com as the api_host.

    We have identified a number of documentation areas which are hard-coded to na-1-dev as the host for trials. Where you see this please replace the region code of na-1-dev with us.

  • @Roger K , Yes with the hostname "us" i am getting token.
    Thanks a lot.

  • Karen Weir
    Karen Weir E Community Administrator
    Options

    Thank you @Roger K . @ArpanJana , we have many content updates planned to clarify this scenario, thank you for posting.

  • Sander_Beutick_OT_PS
    Options

    Yes,

    this helped me too. i joined trial in the us.chosing that in postman did the trick. good idea to update the manual ;)

  • Karen Weir
    Karen Weir E Community Administrator
    Options

    Thanks again for posting @ArpanJana , @Sander_Beutick_OT_PS

    Per Roger's note, we have updated the content to clarify regions and auth:

  • Sander_Beutick_OT_PS
    Options

    Hi,

    Thank you for the updated documentation. for my 'us' organization, i can use postman and curl to obtain an oath token.

    but the swagger url at : https://developer.opentext.com/services/developertools/developer-admin/apis/developer-administration-api

    does not provide a means to use the 'us' as region. if i am mistaken please let me know. otherwise, can this be added to that page? also when targeting an endpoint via swagger, will this then work for a 'us' based region?

  • Roger K
    Roger K E Community Moderator
    Options

    @Sander_Beutick_OT_PS Yes it is supported. We are in the process of getting around some of the older swagger content to update the listed servers.

    For now assume that all services are available in the us, ca and au regions. And the majority of services are also available in na-1, eu-1, and na-1-dev regions.

  • Sander_Beutick_OT_PS
    Options

    Yes, ok. but the authorize option does not provide to generate a token using the correct region as it is missing us in that dropdown so it is not possible to use the swagger

  • Roger K
    Roger K E Community Moderator
    Options

    The content change to add the us region is in progress. Please check back in a few days.

  • Karen Weir
    Karen Weir E Community Administrator
    Options

    Our apologies for the delay in providing updated content, all APIs are corrected. I appreciate your patience!

  • Sander_Beutick_OT_PS
    Options

    Thank you all. great helping out. something else: now we are using primarily us, ca or au i think, but would it be possible for European devs to select a European trial region or does that not matter?

  • Roger K
    Roger K E Community Moderator
    Options

    There is a EU region for production deployment - however at present it is not open for self-service trials.

  • Sander_Beutick_OT_PS
    Options

    So when i now look at swagger in the developer site i see us in the dropdown. for the authorizaytion however it keeps showing:

    so , is this just a hardcoded example of na-1-dev, or is it still using this as server to authorize against?

  • Roger K
    Roger K E Community Moderator
    edited July 1 #26
    Options

    The switch to allowing you to pick a region for your trial is comparatively recent - trials used to only be in the na-1-dev region. It looks like that piece of the API testing UI may have been hardcoded to the na-1-dev region and so needs updating. I will check with the team that own it.

  • Sander_Beutick_OT_PS
    Options

    Alternatively i can download the yaml file and open that in swaggerhub and then edit out the hardcoded part, but swaggerhub is not free and it would be great to be able to use the developer site :)