This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] Changes to RIPE Atlas API auth status codes on 2 Oct
- Next message (by thread): [atlas] RIPE Atlas Quarterly Planning Q4 2023
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Chris Amin
camin at ripe.net
Mon Oct 2 13:09:59 CEST 2023
This change has now been made, so some endpoints will return a 401 status code instead of 403. As a reminder, you can keep the previous behaviour for the rest of this year by including the following HTTP header in your requests: X-Compat: auth-2023 or alternatively, thanks to my generalized calendar confusion: X-Compat: auth-2022 This migration measure will be dropped some time in January (of whatever year comes after this one). Regards, Chris On 19/09/2023 10:38, Chris Amin wrote: > Dear colleagues, > > Currently the RIPE Atlas REST API (https://atlas.ripe.net/api/v2/) > returns a 403 Forbidden status code in two cases: > > * When a request requires authentication but the user has not provided > any credentials, or has provided incorrect credentials > * When a user has authenticated correctly, but they or their API key > lacks the permissions needed for a particular request > > Distinguishing between these two cases is important because in the first > case the client can potentially get access by authenticating, and in the > second case there is no point in retrying authentication with the same > credentials. > > In order to enable this distinction, and to generally conform to web > standards and best practices, on Monday, 2nd October we will change the > REST API so that a completely unauthenticated request will receive a > response with a 401 Unauthorized status code. The 403 Forbidden status > code will still be returned for users and API keys that are > authenticated but lack the necessary permissions for the request. > > As a temporary migration measure, the API will keep the same behaviour > (always return 403) if either: > > * The "Referer" header contains "RIPE Atlas Tools" and a version string > <= 3.1.1, or > * An "X-Compat" header is set and contains the string "auth-2022" > > This temporary measure is guaranteed to work for the rest of 2022, after > which it will be removed and the API will always make the 401/403 > distinction. > > Kind regards, > Chris Amin > RIPE Atlas team >
- Next message (by thread): [atlas] RIPE Atlas Quarterly Planning Q4 2023
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]