Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
918
Views
0
Helpful
6
Replies

Cisco DevNet  Catalyst Center Always-On SanBox - Token issue

Go to solution
Netmart
Level 3
Level 3

‎07-21-2024 09:16 PM

Hello,

I am using Catalyst Center Always-On and wanted to run one simple scripts, for example to retrieve token by running a REST API.

 

For some reason, it appears that I am receiving the response for a token in request in html format indicated by the following error: 

 

  File "/usr/lib64/python3.9/json/decoder.py", line 355, in raw_decode

    raise JSONDecodeError("Expecting value", s, err.value) from None

json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

 

Below you will find an excerpt of the code:

#!/usr/bin/python

import requests

import json

import urllib3

from requests.auth import HTTPBasicAuth

urllib3.disable_warnings()


my_dna_ctr="sandboxdnac2.cisco.com"

my_user="devnetuser"

my_password="Cisco123!"

tkn_headers={"Content-Type": "application/json"}

my_tkn_uri="https://"+my_dna_ctr+"/dna/system/api/vi/auth/token"

my_tkn_req=requests.post(my_tkn_uri, auth=HTTPBasicAuth(my_user, my_password),headers=tkn_headers,verify=False)

my_access_token=my_tkn_req.json()["Token"

 

Next to the token issue, when I try to access the DNAC GUI menu, after entering the provided credentials, I receive

HTTP ERROR 431

Please advise.

 

I appreciate any help/input.

 

 

 

 

 
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcel Zehnder
Spotlight
Spotlight
In response to Netmart

‎07-23-2024 01:30 AM

Yes, seems like some Sandboxes are setup with API encryption which disables basic auth. See also https://community.cisco.com/t5/devnet-sandbox/unable-to-do-rest-api-s-to-catalyst-centers/m-p/5145222/highlight/true#M10202


View solution in original post

0 Helpful
6 Replies 6

Go to solution
Anne165Hernadez
Level 1
Level 1

‎07-21-2024 10:36 PM - edited ‎07-22-2024 08:44 PM

Hello,

To fix the JSONDecodeError when retrieving a token using the Catalyst Center Always-On REST API, print the response content to diagnose the HTML error. Ensure your API endpoint and credentials are correct, and verify the headers. Add exception handling to catch and display errors. For HTTP ERROR 431, clear your browser cookies and ensure your requests don't have overly large headers. Here's a revised script snippet for troubleshooting:

python
import requests
from requests.auth import HTTPBasicAuth

my_dna_ctr = "sandboxdnac2.cisco.com"
my_user = "devnetuser"
my_password = "Cisco123!"
tkn_headers = {"Content-Type": "application/json"}
my_tkn_uri = "https://"+my_dna_ctr+"/dna/system/api/v1/auth/token"

try:
my_tkn_req = requests.post(my_tkn_uri, auth=HTTPBasicAuth(my_user, my_password), headers=tkn_headers, verify=False)
my_tkn_req.raise_for_status()
my_access_token = my_tkn_req.json()["Token"]
print("Access token:", my_access_token)
except requests.exceptions.RequestException as e:
print(f"Request failed: {e}")
except json.JSONDecodeError as e:
print(f"JSON decode error: {e}")
print("Response content:", my_tkn_req.text)


Best regards,

login sso charter com

 

 

 

0 Helpful

Go to solution
Marcel Zehnder
Spotlight
Spotlight

‎07-22-2024 12:46 AM

Hi 

There is a typo in your url: "/dna/system/api/vi/auth/token" should be "/dna/system/api/v1/auth/token"

Also check if AES encryption is enabled (https://<DNAC-HOST>/dna/systemSettings/settings?settings-item=encryption-settings), as this setting would disable basic authentication.

0 Helpful

Go to solution
Netmart
Level 3
Level 3
In response to Marcel Zehnder

‎07-22-2024 02:32 PM

Thank you Marcel. The typo has been fixed.

 

:
my_tkn_req: {"error":"Basic Authorization is not allowed"}
Traceback (most recent call last):

:

19, in <module>
my_access_token=my_tkn_req.json()["Token"]
KeyError: 'Token'

It sounds that the Cisco Sandbox does not accept HTTP Basic Authentication?

I successfully tested same script against a different DNAC environment.

 

 

0 Helpful

Go to solution
Marcel Zehnder
Spotlight
Spotlight
In response to Netmart

‎07-23-2024 01:30 AM

Yes, seems like some Sandboxes are setup with API encryption which disables basic auth. See also https://community.cisco.com/t5/devnet-sandbox/unable-to-do-rest-api-s-to-catalyst-centers/m-p/5145222/highlight/true#M10202


0 Helpful

Go to solution
Netmart
Level 3
Level 3
In response to Marcel Zehnder

‎07-28-2024 10:09 PM

Thank you Marcel.

I initiated a new lab. And it seems that Base64 encoding is active.

I confirmed by checking the System Setting of DNAC sandbox.

Otherwise, as you already hinted, the following format has to be used:

AES Key Encryption

Cisco DNA Center support is extended for AES key encryption for token APIs, which is an optional feature that computes and formats the authorization header of token APIs in a base 64 encoded string of 256-bit AES key.

The format of the string is CSCO-AES-256 credentials=Base64Encode(AESEncrypt(username:password , aes256 key)).

The AESEncrypt:

Ø first encrypts the username:password pair with a 256 bits AES key

Øand then Base64Encode encodes the result in base 64 string format.

 

source: https://developer.cisco.com/docs/dna-center/authentication-and-authorization/#basic-authentication

0 Helpful
Customers Also Viewed These Support Documents