SOTI Pulse Logo

BadRequest at token creation

MA
Meindl Andreas
BestSecret GmbH

Hi,

we try to get a access token für the soti api with a rest call. But unfortunatly we get everytime a "Bad Request" 

Our code is:

var url = "https://soti.corp.bestsecret.com/MobiControl/api/token";
var urlParameters = "?grant_type=password&username=user&password=pw&scope=&client_id=id&client_secret=secret";
var httpClient = new HttpClient();
httpClient.BaseAddress = new Uri(url);
httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage response = httpClient.GetAsync(urlParameters).Result;

api apiclientservice api-client
7 years ago
SOTI MobiControl
ANSWERS
S
SMod@Soti
7 years ago

Hi Meindl,

Which scripting/programming language are you using to request the token?

Here are few questions I would like your answers on:

  • Is UrlParameters variable going in the body of the request?
  • Why is the Client ID and Secret in there and not in the header?
  • I could not find the header for above request. If it just contains the media type (which you have set to application/json, which is also wrong) and not the Client ID and Secret, then it won't authenticate.

The body must contain the MobiControl username and password so that the API can authenticate with the MobiControl system.

Please refer to the API documentation on creating a proper request for a token available here: https://soti.corp.bestsecret.com/MobiControl/api

Let me quote the pertinent part of the documentation for you:

Request an Access Token

Make a POST request that includes an “Authorization:” header containing the API client ID and secret, and the body containing either MobiControl administrator credentials or an authorization code.

The Authorization header field must be constructed as follows:
   - Combine the “client ID” and “client secret” into a string separated by a colon. For example: “ClientID:ClientSecret”. Note that these fields cannot otherwise contain a colon.
   - Encode the resulting string using the RFC2045-MIME variant of Base64, except not limited to 76 char/line.
   - Prefix “Basic” before the encoded string.

The body of the request must contain the following parameters and will depend on your grant type. For “Resource Owner” grant type:
   - grant_type: set to “password”
   - username: of the Mobicontrol administrator (“administrator” in the example below)
   - password: of the MobiControl administrator (“1” in the example below)

For “Authorization Code” grant type:
   - grant_type: set to “authorization_code&=[authorization code]”

Example of the request for “Resource Owner” grant type:

POST https://server.domain.tld/MobiControl/api/token HTTP/1.1Host: server.domain.tldAuthorization: Basic QXBwbGljYXRpb24xOkFwcGxpY2F0aW9uMVBhc3N3b3JkContent-Type: application/x-www-form-urlencodedContent-Length: 53grant_type=password&username=Administrator&password=1

Example of the request for “Authorization Code” grant type:

POST https://server.domain.tld/MobiControl/api/token HTTP/1.1Host: server.domain.tldAuthorization: Basic QXBwbGljYXRpb24xOkFwcGxpY2F0aW9uMVBhc3N3b3JkContent-Type: application/x-www-form-urlencodedContent-Length: 53grant_type=authorization_code&code=[authorization code]


In response, the output will contain the following properties:
   - access_token: The access token to be used in every subsequent API request.
   - token_type: The type of token. Will always be set to “bearer”.
   - expires_in: The value in seconds of the token validity. If the token is expired, the client needs to issue an additional token request to retrieve a new token value.

Example of the response:

{"access_token":"AAEAAK0OiDDPciqCR5sZ6Nu6c8wIvURVwCTxslETUGpxDfmf6uzkXAg9MKzfJqm4k9ADBYIaOsT20wllKWQgQvH5sYkaIWxtOZ9OntAkxwPnwBRO7rNqCGj9yfg-COpYCdr2GEMl5SzaAPx2_WBQ3SwhKuGWuuDxVMzRWdAW1r36JY6N9Fp-rYK3CtoNs4ibqswOs7qSPzuwo_K9l9_c5oCz7d6qJxJdhKoh3MC8vqFXxJSXIEAwXnL7KWtrhanIcj_m0abZWfvR7e5npIHDcHH-bfVmc6wp-SsKJ-FyG7_zg2Fd8HjvoqivTqRO5i1RSpaPpOa318g2FMIw-Lh6I5K0FAOUAQAAAAEAABW2-Dr_0-vrbZGMubz8ZGqpo6Z67n3JqBIFPgMOPotNHVJSUc_2HbozYt7smfuCIeIvE0gd84ti3LBJXSkiOBPJmxp-WhdC1IbB7y2W5G8D4l5MD3VbDTz6ov_VnZGpRc-h7Q9Knn1VykQTHo4NknDUdVkqDe3VHQsjtn12QINEzb04Ch-RpudIHnKG-P-jhIIszo2M0_Po8_UaHVwrpPtwhUCzqOU_Gus1nS694dP-8rXqjtbLxh_5GB1iQQBitMd-VgD8XzQrLqqHa6HcK1C41ZyA1Ot2_47vOKNrf_Mg6Ig8quYMpUypOdwFl9_Nb815TN-eSuDwQsSKnSnHDvTH8bSz9O0vHoiPexh2Weuf2N0KGZUlpC0OLy3oRb0d_aBOUdpnoIJ59Gc95H7yTAnNPRuBnX0wDnvTFNkuN7ezKzfP2rNmfKPeoj0Xyf2FhGiSHgBJUuNpWwGJkz50tVX5nPl42Ow2ua9pLZqPg-GJQnmXwukVgV6w4dDoRsFVYbrRSdp-quU4pyNfj987GWM","token_type":"bearer","expires_in":3600}

Please let me know if you have any questions.

Thanks,

MA
Meindl Andreas
7 years ago

Hi,

we are using C#. 

Our problem ist still that we cant get a access token with a rest call. its everytime a bad request.

We could create a accress_toke in "postman" and there we get one but that doesnt help 

S
SMod@Soti
6 years ago

Hi Meindl,

Are you still experiencing this issue?

API Call to get the token requires an Authorization Header. The Authorization header field must be constructed as follows:
   - Combine the “client ID” and “client secret” into a string separated by a colon. For example: “ClientID:ClientSecret”. Note that these fields cannot otherwise contain a colon.
   - Encode the resulting string using the RFC2045-MIME variant of Base64, except not limited to 76 char/line.
   - Prefix “Basic” before the encoded string.

Here's what a call to get the token would look like in C#:

var client = new RestClient("https://ServerFQDN/mobicontrol/api/token");
var request = new RestRequest(Method.POST);
request.AddHeader("cache-control", "no-cache");
request.AddHeader("Authorization", "Basic Y2U0YzA2YTE1ZjE3NDhiNzhiMTIwZDI0YWQ1N2I3N2U6MQ==");
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
IRestResponse response = client.Execute(request);

Please feel free to PM me for further details.

Thanks,

Similar Discussions