API Security Login
To receive a session token id from RSA Archer, I'm calling its security login API and receiving "LoginNotValid" over HTTP 200 response.
Could you please suggest if Username need to be part of specific Access Control Group or any other configuration required?
I'm trying to call RSA exposed login API via Postman.
HTTP POST https://<hostname>/RSAarcher1/platformapi/core/security/login
- api call
- api login
- api security login
- API Users
- Archer API
- RSA Archer
- RSA Archer API Users
- RSA Archer Suite
This message mainly means that your credentials are not correct. Verify credentials, verify that domain is needed or not, verify user status just in case.
E.g. I get the same message when I purposely provide incorrect password to API.
I'm able to login to Web User Interface of RSA Archer using the same Username and Password.
I have checked that I am part of no particular domain and my account status is active.
A user/application calling RSA Archer exposed APIs, need to be part of some group or domain?
Not really, especially if you were able to login.
Then I can think of:
1. Your password may contain some special characters which require escaping.
2. /api /platformapi nodes are not set as anonymous authentication.
Thank You IIya.
1. Password does contain special character # but I don't think that needs escaping.
2. How do I validate if /api or /platformapi nodes are set as they should?
Hoping by that you're pointing at API URL endpoint that contains /patformapi , since we are at v6.6 then /platformapi should be used rather /api in the API URLs, as captured in the API documentation.
Both nodes are still working as support backward compatibility for now. Kinda strange issue overall, but nevertheless the error still pointing at the credentials.
What if you try to use other accounts? Or other instance?
Kindest regards, I remain,
Thank You IIlya. I will check try that.
Also, is it also true that for each API call, a new Service Account or Usename (System Administrative Role?) will be required in case I need to have multiple API calls in parallel ?
Same way, why you cannot have the same user to login from different places without kicking each other. Some sort of integrity.
Feel free to vote for: