This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] Changes to RIPE Atlas API auth status codes on 2 Oct
- Previous message (by thread): [atlas] Issues with Atlas back-end
- Next message (by thread): [atlas] Changes to RIPE Atlas API auth status codes on 2 Oct
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Chris Amin
camin at ripe.net
Tue Sep 19 10:38:29 CEST 2023
Dear colleagues, Currently the RIPE Atlas REST API (https://atlas.ripe.net/api/v2/) returns a 403 Forbidden status code in two cases: * When a request requires authentication but the user has not provided any credentials, or has provided incorrect credentials * When a user has authenticated correctly, but they or their API key lacks the permissions needed for a particular request Distinguishing between these two cases is important because in the first case the client can potentially get access by authenticating, and in the second case there is no point in retrying authentication with the same credentials. In order to enable this distinction, and to generally conform to web standards and best practices, on Monday, 2nd October we will change the REST API so that a completely unauthenticated request will receive a response with a 401 Unauthorized status code. The 403 Forbidden status code will still be returned for users and API keys that are authenticated but lack the necessary permissions for the request. As a temporary migration measure, the API will keep the same behaviour (always return 403) if either: * The "Referer" header contains "RIPE Atlas Tools" and a version string <= 3.1.1, or * An "X-Compat" header is set and contains the string "auth-2022" This temporary measure is guaranteed to work for the rest of 2022, after which it will be removed and the API will always make the 401/403 distinction. Kind regards, Chris Amin RIPE Atlas team
- Previous message (by thread): [atlas] Issues with Atlas back-end
- Next message (by thread): [atlas] Changes to RIPE Atlas API auth status codes on 2 Oct
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]