Solved: 403 on Camera Snapshot API

Alegis · ‎05-05-2019

Hi,

I would like to create snapshots from the Cameras, but my requests always return 403 - Forbidden. The account used has full admin privileges.

The request is of type:

curl -X POST \
https://api.meraki.com/api/v0/networks/L_111111111111111111/cameras/QQQQ-QQQQ-QQQQ/snapshot \
-H 'X-Cisco-Meraki-API-Key: abc123def456etc'

Following the redirect to the shard api (n270.meraki.com)

I've tried with and without Content-Type: application/json and Accept: application/json headers
Sense MV API is enabled on the camera

The network id has been retrieved from going to the organizations API and retrieving all the networks.
The serial ID has been retrieved from the networks API for the specific network, and retrieving all the cameras within (with their serialId listed).

Any idea what I could check out next? Other APIs such as analytics zone on that camera do work with my api key.

BrechtSchamp · ‎05-07-2019

Well I suppose you already checked these but just to be sure:

-API access enabled in the Organization > Settings for the org in which the camera's network resides

-API key you're using is linked to an account that has full admin access to that org

-Make sure the camera is running the latest firmware as snapshots aren't supported on older firmware.

View solution in original post

BrechtSchamp · ‎05-06-2019

I'm on Windows, so the quotes are a different kind for me, but this worked for me:

curl -L -H "X-Cisco-Meraki-API-Key: azertyuiop123456789" -X POST "https://api.meraki.com/api/v0/networks/L_123456789/cameras/A11A-B22B-C33C/snapshot"

You don't seem to have the -L in there, it's important because this is a POST request, and these tend to need to follow the redirects.

Alegis · ‎05-06-2019

Hi Brecht,

Thanks for your response. Unfortunately it gives the same result here; Postman follows redirects automatically and when using curl before I did replace the URL with n270.meraki.com (the shard URL from the response). I tried with your command and it results in the same response:

< HTTP/1.1 403 Forbidden
* Connection #1 to host n270.meraki.com left intact

Any thoughts on what I can further check regarding company or account settings?

BrechtSchamp · ‎05-07-2019

Well I suppose you already checked these but just to be sure:

-API access enabled in the Organization > Settings for the org in which the camera's network resides

-API key you're using is linked to an account that has full admin access to that org

-Make sure the camera is running the latest firmware as snapshots aren't supported on older firmware.

Alegis · ‎05-07-2019

Hi Brecht,

Turns out the account had admin rights, but only read rights; and the snapshot API requires write access. Everything seems to work with write enabled. Wonder if there's a way to grant fewer privileges with access to the camera snapshot api.

Thanks for checking & the help.

Kind regards,

BrechtSchamp · ‎05-07-2019

Well I think the per-network full admin rights are probably sufficient for the snapshots. So you can create admins per network. Full org access is probably overkill. Now that it works you can start finetuning.

If you need to limit the access to camera's only you'll need to put them in a separate network.