Snipe-it: API redirecting to Login via CLI or responding unauthorized via Postman

You have to pass the Accept: application/json header as well.

https://snipe-it.readme.io/v4.6.3/reference#authenticating-with-the-api

~$ curl -i http://192.0.0.181/api/v1/hardware -H "Authrization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0jMDBmYTJkNzBhNWUxYzViNTI0MmZkMzQwZGE4MzZhMzRkMGE1ZjIyMTk3MGNkYzRhMzY0ZTNjNDY0MDZjYzZhYTU0MDA3ZjUyOTRkODM1In0.eyJhdWQiOiIxIiwianRpIjoiZGMwMGZhMmQ3MGE1ZTFjNWI1MjQyZmQzNDBkYTgzNmEzNGQwYTVmMjIxOTcwY2RjNGEzNjRlM2M0NjQwNmNjNmFhNTQwMDdmNTI5NGQ4MzUiLCJpYXQiOjE1NDc0NTYwNzQsIm5iZiI6MTU0NzQ1NjA3NCwiZXhwIjoxNTc4OTkyMDc0LCJzdWIiOiIyIiwic2NvcGVzIjpbXX0.bisfUkZmMsa5H4Ls1agFiEga0rNitt2VaObq3iglwRNtrS2h2wF3RbZcTYY4xNwfS3EZzByi3-DDUjwz3QVlseNrIMSKo-Az5xJzQDDRaHoJRjRAPEOqUWYY5ueSf87a0tuQSy3AR6GwwjM0R5jKd7lz8QXozqKKTjj4MErHdv_tmatSgTOenMrLbr1j-Z3WSZAI59pv-KtG52ZthEILXCC0K570HwhT3S_n717fNxkpUSKz9OVNdkxBLUn1sCIjZjoiaAwoTThjj-2_mxOSSA3x-V2XkCZ4PbIu6jUp97O9EKj6Srx1JQcNyscNk6DMq-reLy2CHxF1Xvp-y-PKRNjIwrmxXnsEBRyfODJqD37mQ6YOIM5P3EttI4Kk_FZzLpKWQ-rhZdYedfgIKDeveqf-2ZzLNJl8_ScLH1lk4MJeg534H5eVW5wY1Y_ctn9YH5pUT2TH3zY1a6SVb7JJBczzalP8vUnHWxYdygNB2D5SQaD0k9DhfZ9OfpbKAHHg7tGXoqRS3pTa557xLxbwS2thMlEwEE3HC9z4Wu8txvYT_tnGT2L7pVBCd3tS52PgrS9RRic_kcmebEjmxU4LfaQGvVHqrMz8l6-30cNzGfkERY0bZoBkpaS0InuLWAbzK8emdbJKanU7ILZDFKRziLDPthS2kzxsB1X75IBlLEo" -H "Content-Type: application/json" -H "Accept: application/json"

HTTP/1.1 401 Unauthorized
Date: Tue, 15 Jan 2019 10:30:11 GMT
Server: Apache/2.4.18 (Ubuntu)
Cache-Control: no-cache, private
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
X-XSS-Protection: 1;mode=block
X-Frame-Options: SAMEORIGIN
Set-Cookie: snipeit_session=k70dvtpzzzwpy1XKnUhWru9f9wsNzHWtZ472OPTx; expires=Wed, 23-Jan-2019 18:30:11 GMT; Max-Age=720000; path=/; httponly
Content-Length: 25
Content-Type: application/json
X-Cache: MISS from XXXXXXX
X-Cache-Lookup: MISS from XXXXXXX
Via: 1.1 XXXXXXX (XXXXX)
Connection: keep-alive

{"error":"Unauthorized."}

Still getting Unauthroized :(

You spelled "Authorization" wrong, as Authrization

Oh, I'm Sorry, slowly losing my head^^

curl -i http://192.0.0.181/api/v1/hardware -H "Authorization: Bearer eyJ0eXAioOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImRjMDBmYTJkNzBhNWUxYzViNTI0MmZkMzQwZGE4MzZhMzRkMGE1ZjIyMTk3MGNkYzRhMzY0ZTNjNDY0MDZjYzZhYTU0MDA3ZjUyOTRkODM1In0.eyJhdWQiOiIxIiwianRpIjoiZGMwMGZhMmQ3MGE1ZTFjNWI1MjQyZmQzNDBkYTgzNmEzNGQwYTVmMjIxOTcwY2RjNGEzNjRlM2M0NjQwNmNjNmFhNTQwMDdmNTI5NGQ4MzUiLCJpYXQiOjE1NDc0NTYwNzQsIm5iZiI6MTU0NzQ1NjA3NCwiZXhwIjoxNTc4OTkyMDc0LCJzdWIiOiIyIiwic2NvcGVzIjpbXX0.bisfUkZmMsa5H4Ls1agFiEga0rNitt2VaObq3iglwRNtrS2h2wF3RbZcTYY4xNwfS3EZzByi3-DDUjwz3QVlseNrIMSKo-Az5xJzQDDRaHoJRjRAPEOqUWYY5ueSf87a0tuQSy3AR6GwwjM0R5jKd7lz8QXozqKKTjj4MErHdv_tmatSgTOenMrLbr1j-Z3WSZAI59pv-KtG52ZthEILXCC0K570HwhT3S_n717fNxkpUSKz9OVNdkxBLUn1sCIjZjoiaAwoTThjj-2_mxOSSA3x-V2XkCZ4PbIu6jUp97O9EKj6Srx1JQcNyscNk6DMq-reLy2CHxF1Xvp-y-PKRNjIwrmxXnsEBRyfODJqD37mQ6YOIM5P3EttI4Kk_FZzLpKWQ-rhZdYedfgIKDeveqf-2ZzLNJl8_ScLH1lk4MJeg534H5eVW5wY1Y_ctn9YH5pUT2TH3zY1a6SVb7JJBczzalP8vUnHWxYdygNB2D5SQaD0k9DhfZ9OfpbKAHHg7tGXoqRS3pTa557xLxbwS2thMlEwEE3HC9z4Wu8txvYT_tnGT2L7pVBCd3tS52PgrS9RRic_kcmebEjmxU4LfaQGvVHqrMz8l6-30cNzGfkERY0bZoBkpaS0InuLWAbzK8emdbJKanU7ILZDFKRziLDPthS2kzxsB1X75IBlLEo" -H "Content-Type: application/json" -H "Accept: application/json"
HTTP/1.1 401 Unauthorized

still not working :(

curl --request GET --url https://develop.snipeitapp.com/api/v1/hardware --header 'accept: application/json' --header 'authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImVmMGVhY2Y4MjAyYzgwZWI2M2JkNmIwZDc0OGYwY2FkYzU2Y2ZlMzgyNzY4ODY0N2EwNmU4ZTBlNmYwZDgwODNjZmMyMzI2YWYyYTZlMTFkIn0.eyJhdWQiOiIxIiwianRpIjoiZWYwZWFjZjgyMDJjODBlYjYzYmQ2YjBkNzQ4ZjBjYWRjNTZjZmUzODI3Njg4NjQ3YTA2ZThlMGU2ZjBkODA4M2NmYzIzMjZhZjJhNmUxMWQiLCJpYXQiOjE0OTMzMzI2MjgsIm5iZiI6MTQ5MzMzMjYyOCwiZXhwIjoxODA4ODY1NDI4LCJzdWIiOiIyIiwic2NvcGVzIjpbXX0.NU7ZRIt-d4b0o8uv9ipo1vSWcg1svbmPp47kHErafm9iuK4FjygKd2_4Hp73HKAmjiYcEn3r39pwNh2t9BMFnTXv0KeDGC8zfZ9z7OJN_a59LPoarWBFzCsYETyAm-CeeFnfdj9Cr0ZeGOnnaPuWPYxicwKFeqJI4Hn8nCymcamDGE0u4WOO95ihGOAen4_fqpj-kkBDsvsGhB-cQxeuKdlbvO1yOsKmgQv-kQuxiFMn1zgU7P02mC6XXrbw6jTm7JOaBSbvqSwNtsrSKZkim1jxLsQ4dm36lFmeMkU6hZvNSUnxg8JwbmoxQ_3tZlG3IJh3Sc9ZUi-AEAQ4bbGzi_xNS9fenIdzLDaSiv_esYyNOYXqOuSBk8Yr-720N9OcVjGLnPrV3RtmPisV1aLFgKWLImtlyQgUq3d5LA3QXz8Q_8isvO9Am1u8ri2plbHGJLJ6GRW_mYcBEYMwUozaeXTUe_FUSSO8gpGtO9Hpa5SbERY272_tojyVXpYPaPdUYYmS9CP332jBNESPT8wGwpOM-iddeVo_n82w3dHmDEdp1Brbs3_vKk0AcgvDLsAbd4dZZO-UqddVx6SDb3HLw1Pmw1wGGYHA6w8wWQAiS9kg2xMcz5i75HOULaN3miqYvcPCvHpI2CBfuvdplI8QNm_XzFPmoQRu_5kR8knzla4'  --header 'content-type: application/json'

This works without issue, so I'm not sure what you're doing wrong here.

Your key against your server was working fine. So we completeley reinstalled our Snipe-Server with 2 People carefully. All is working now, except the API-Communication via REST. IS there anything regarding apache or so, that we have to take care of? Thanks for your support until now.

No, there isn't anything special you should need to do with Apache. If you copy+paste my line from above, just swapping out the endpoint and the token, do you get the same result?

Hi there, i helped at the installation and configuration. So we have a clean new install on Ubuntu with Apache, website is working. I just copy & pasted your link and i get the results back. I swapped https://develop.snipeitapp.com/api/v1/hardware for http://192.0.0.181/api/v1/hardware and swapped my token (which i created on the website -> Manage API Keys) and we get {"error":"Unauthorized."}% back.

Is the API only working with https? Is it another call if we don't use https? Any other idea were we can start to look?

SSL is always recommended, but definitely not required.

Is it possible that the user the token is associated with doesn’t have access to the assets listing?

The user which created the token was the global super user. Just created a test user with only all asset permissions and create api Key permission. Created key with this user, same call, same result :(

Hi again,
we just updated to the latest stable version (4.6.13) in hope it would eventually fix our API Problem. Everything works fine except the API :/... We tried exactly what we tried on Jan 18 and we get {"error":"Unauthorized."}% back. We have no clue where to debug this behavior. We would very much appreciate a little help ;) It would be great if we could use the API.

Ok, we found it.
we had:
AllowOverride None
Options None

instead of

AllowOverride All
Options -Indexes

in our Apache config. Now everything works great. You can close this issue :)

Is this still relevant? We haven't heard from anyone in a bit. If so, please comment with any updates or additional detail.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Don't take it personally, we just need to keep a handle on things. Thank you for your contributions!

This issue has been automatically closed because it has not had recent activity. If you believe this is still an issue, please confirm that this issue is still happening in the most recent version of Snipe-IT and reply to this thread to re-open it.

I'm having the same issue, only I have AllowOverride All and Options -Indexes set and still get Unauthorized response.

For me I had to generate an api key as a super user and then it worked. If I generated the key as an admin (with privileges just below super user) and used that key, it gave me an http 401 but the super user api key worked every time.

Ok, we found it.
we had:
AllowOverride None
Options None

instead of

AllowOverride All
Options -Indexes

in our Apache config. Now everything works great. You can close this issue :)

this was the right hint. Now it works.