Resin request error: Unauthorized and data loss

alovbg · July 11, 2018, 10:09pm

Hello. For some reason I am getting Resin.request.error: Unauthorized when I try to update the device tags. Firstly, I spotted it on node.js sdk and after that I am experiencing it on the python one. So the major problem after this is that I tried to update the tags with your API directly and I end up having ruined all tags for 100 devices. The API I used: https://api.resin.io/v4/device_tag?$filter=tag_key eq ‘’ When testing locally, I change the tag succesfully but when I started it in a python script which began updating them I ended up making all tags with one value… This is the request I am making:

data = json.dumps({“device”: str(device_id), “value”: str(tag_value)})
response = requests.patch(
update_existing_tag_url.format(tag_key),
headers={“content-type”:“application/json”,“Authorization”:“Bearer {}”.format(auth_token)},
data = data
)

Can we somehow revert to yesterday backup? (if there is such)

zwalchuk · July 11, 2018, 10:18pm

Taking a look at this now. I don’t believe we have a way to restore tag values that have been overridden by the API, but I am checking with the team. We can take a look at the script to see where the issue might have occurred, can you share what update_existing_tag_url does?

alovbg · July 11, 2018, 10:19pm

update_existing_tag_url = “https://api.resin.io/v4/device_tag?$filter=tag_key eq ‘{}’” This is a variable for the API url I used.

zwalchuk · July 11, 2018, 10:35pm

The issue with the script may be that the spaces in the request are not URI encoded (%20), so everything after tag_key is lost.

We’re still investigating our options for recovery, but for future use we strongly recommend testing any scripted API calls on non-production devices, as these types of errors can inadvertently cause major configuration changes.

alovbg · July 11, 2018, 10:37pm

Agree. I used it on a non-production before that with the same url. Isn’t it parsing the space to %20 by default?

zwalchuk · July 11, 2018, 10:41pm

Yes, after looking at it a bit more that’s probably not the issue. If you run a similar script using a GET request rather than a PATCH, are you able to correctly narrow down to specific devices?

alovbg · July 11, 2018, 10:44pm

Yes. I am getting tags information on this url: https://api.resin.io/v4/device_tag

alovbg · July 11, 2018, 10:47pm

BTW do you know why am I getting Unauthorized when I update tags through the sdks?

zwalchuk · July 11, 2018, 10:50pm

Do you know if you’re using a session token or an API key for authentication? It might be helpful to see an example of how you’re using the SDK, so we can better troubleshoot.

alovbg · July 11, 2018, 10:51pm

I am using a session token for the API and credentials for the SDKs. I tried with the API key as well. Logged in but couldn’t update.

alovbg · July 11, 2018, 11:05pm

resin = Resin()
credentials = {‘username’:"", ‘password’:""}
resin.auth.login(**credentials)

On python. I think I shouldn’t be seeing this when authenticated with username and password. I know that the session token is valid 7 days.

sradevski · March 17, 2020, 8:41am

Hi, let’s move the conversation to the new thread you started (Balena Python SDK "Unauthorized" exception) as this one is somewhat different and it’s better to keep issues isolated. Cheers!

Kourosh · March 17, 2020, 5:03pm

Sure, I’ll delete it here