[ZBXNEXT-8012] API user.checkAuthentication returns error when using an API token Created: 2022 Sep 22  Updated: 2023 Apr 17  Resolved: 2023 Apr 17

Status: Closed
Project: ZABBIX FEATURE REQUESTS
Component/s: API (A)
Affects Version/s: 6.0.9
Fix Version/s: 6.0.14rc1, 6.2.8rc1, 6.4.1rc1, 7.0.0alpha1, 7.0 (plan)

Type: New Feature Request Priority: Minor
Reporter: nelsonab Assignee: Reinis Detlavs (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Causes
causes ZBX-22635 SCIM requests fail with error "Class ... Closed
Sprint: Sprint 93 (Oct 2022), Sprint 94 (Nov 2022), Sprint 95 (Dec 2022), Sprint 96 (Jan 2023), Sprint 97 (Feb 2023), Sprint 98 (Mar 2023), Sprint 99 (Apr 2023)
Story Points: 1

 Description   

Steps to reproduce:

  1. Generate an API token for a user
  2. Attempt to connect to the API user.checkAuthentication using the supplied token
  3. API returns an error

 

 

Sending: {"jsonrpc": "2.0", "method": "user.checkAuthentication", "params": {"sessionid": "TRIMMED_VALID_USER_TOKEN"}, "id": 0}

Response Body: {'jsonrpc': '2.0', 'error': {'code': -32602, 'message': 'Invalid params.', 'data': 'Invalid parameter "/sessionid": value is too long.'}, 'id': 0}

 

 

User Token is valid for other API operations however.

 

Expected:
Data is returned as to weather or not the token is valid fore use.

 Comments   
Comment by nelsonab [ 2022 Sep 22 ]

This is important for API libraries to check that the API token is valid upon startup and to throw an error there where it is appropriate, rather than when attempting another query.

Comment by Aigars Kadikis [ 2022 Sep 26 ]

I can confirm 32 character hex token is working fine with method 'user.checkAuthentication', but when using 64 character hex token ("Administration" => "General" => "API tokens") is printing a problem:

{
    "jsonrpc": "2.0",
    "error": {
        "code": -32602,
        "message": "Invalid params.",
        "data": "Invalid parameter \"/sessionid\": value is too long."
    },
    "id": 0
}
Comment by dimir [ 2022 Sep 26 ]

aigars.kadikis Did you mean "User settings -> API tokens" instead?

Comment by Alexander Vladishev [ 2022 Oct 04 ]

Currently this method doesn't accept API tokens. Only 32 character session IDs is acceptable. I will move this ticket to the ZBXNEXT project as a feature request.

Comment by Reinis Detlavs (Inactive) [ 2022 Oct 20 ]

Implemented in development branch feature/ZBXNEXT-8012-6.0.

Comment by Reinis Detlavs (Inactive) [ 2023 Feb 14 ]

Implemented in: 

Generated at Wed Apr 30 07:16:50 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.