Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2139
Views
0
Helpful
2
Replies

[RESOLVED] Yet another 401 Error from Prime REST API

ww9rivers
Level 1
Level 1

‎02-23-2016 11:16 AM

Hi, all,

I have a similar issue with Prime 2.2.3's REST API like these two cases:

https://communities.cisco.com/thread/63660

https://communities.cisco.com/thread/61982

However, the 401 (Not authorized) only occurs when I run my Python script, which uses Python's request module. My debug log shows the API it tried to access is:

https://<prime-server>/webacs/api/v1/data/Devices.json, params={'.full': 'true'}, verify=False

When I test the REST API point using Firefox's RESTClient, it worked fine:

Request:

URL: https://<prime-server>/webacs/api/v1/data/Devices.json?.full=true

Response headers:

    

  1. Status Code: 200 OK
    2. 

  2. Cache-Control: private
    3. 

  3. Content-Range: instances 0-99/1428
    4. 

  4. Content-Type: application/json
    5. 

  5. Date: Tue, 23 Feb 2016 18:43:23 GMT
    6. 

  6. Expires: Wed, 31 Dec 1969 19:00:00 EST
    7. 

  7. Server: Apache-Coyote/1.1
    8. 

  8. Transfer-Encoding: chunked
    9. 

  9. X-NBI-TIME: 89
    10.

My Python script has been run as a daily cron job, collecting information from two Prime servers. The script has worked fine on both Prime servers until 2/19, when one of the two server started to respond with 401.

Thanks in advance for any insights.

[Update] -- It seems that I cannot reply to this post in any way, so I'll try updating it.

It turned out that I had two issues: a 401 error, which was resolved by restarting the Prime service.

Then, there was a 503 error after 5 requests / responses, which led me back to look at post 63660 again: I thought my code was not sending "Connection: keep-alive", but a little more debugg log from Python's HTTP mode revealed that something did that on my behalf.

So I added a line in my code to explicitly send the "Connection: close" header as post 63660 suggested: That did the trick for me.

As for Prime itself: My networking guys told me that no change had been made. I suspect that some OS patching on the box may have changed the underlying Python library to add in that "Connection: keep-alive" header.

Message was edited by: ww9rivers

Labels:
0 Helpful
2 Replies 2

smp
Level 4
Level 4

‎02-23-2016 12:11 PM

That URL looks bad to me.

https://<prime-server>/webacs/api/v1/data/Devices.json, params={'.full': 'true'}, verify=False

Shouldn't the "verify=False" be part of the definition of the REST URL inside your Python script to prevent verifying the SSL certificate, and not part of the actual GET request? I would also look at the definition of the URL in your Python script to get rid of those braces - Prime might be enabling an attack-protection routine. And even if the braces weren't there, I'm not sure the parameter format is valid for a URL.

I think Prime should see the URL that it receives should be formatted like this:

/https://<prime-server>/webacs/api/v1/data/Devices.json?.full=true

0 Helpful

Spencer Zier
Cisco Employee
Cisco Employee

‎02-23-2016 12:36 PM

Were no changes made to either the script or Prime?  If not, then please check to ensure your script is not using persistent connections.  If you're using non-local AAA (like TACACS), try increasing the retry count and timeout that you have configured in Prime.

https://developer.cisco.com/site/prime-infrastructure/
0 Helpful
Customers Also Viewed These Support Documents