get_billing_and_telephony_credits.py ("RuntimeError: Received 403 Access forbidden")

Question

get_billing_and_telephony_credits.py ("RuntimeError: Received 403 Access forbidden")

BugWizard opened this issue 3 years ago · 10 comments

Currently set to Role "Owner" however when I do run the "get_billing_and_telephony_credits.py" I get this error =>

Traceback (most recent call last):
File "c:\Users\46707\python_testingNmore\duo_client_python\examples\get_billing_and_telephony_credits.py", line 35, in
child_accounts = accounts_api.get_child_accounts()
File "c:\Users\46707\python_testingNmore\duo_client_python\venv\lib\site-packages\duo_client-4.3.2-py3.9.egg\duo_client\accounts.py", line 15, in get_child_accounts
response = self.json_api_call('POST',
File "c:\Users\46707\python_testingNmore\duo_client_python\venv\lib\site-packages\duo_client-4.3.2-py3.9.egg\duo_client\client.py", line 390, in json_api_call
return self.parse_json_response(response, data)
File "c:\Users\46707\python_testingNmore\duo_client_python\venv\lib\site-packages\duo_client-4.3.2-py3.9.egg\duo_client\client.py", line 456, in parse_json_response
(response, metadata) = self.parse_json_response_and_metadata(response, data)
File "c:\Users\46707\python_testingNmore\duo_client_python\venv\lib\site-packages\duo_client-4.3.2-py3.9.egg\duo_client\client.py", line 483, in parse_json_response_and_metadata
raise_error('Received %s %s' % (
File "c:\Users\46707\python_testingNmore\duo_client_python\venv\lib\site-packages\duo_client-4.3.2-py3.9.egg\duo_client\client.py", line 469, in raise_error
raise error
RuntimeError: Received 403 Access forbidden

I have made sure to set my IP as the only one to be able to access the Admin Api. As the owner I have also set all the permissions in the Admin Api duo portal to true.

Answer 1 · 2021-11-12T18:37:39.000Z

@BugWizard That specific example (get_billing_and_telephony_credits.py) is for the Accounts API, which is separate (sort of) from the Admin API. A different integration type and set of credentials is used for the Accounts API, since that is usually only of use to MSP or customers that manage multiple Duo accounts. If you were just running examples to test with, you probably want to avoid that one if you don't need it; but if you specifically do need to access account information, you'll need to contact Duo Support for Accounts API access if you don't already have it.

See more info on the Accounts API at https://duo.com/docs/accountsapi

Let us know if you have any questions, and thanks for using Duo.

Answer 2 · 2021-11-14T13:21:59.000Z

Hi again! So If I need to access the data on how much a singel sms auth cost I need to use the Accounts API? //Viktor-------- Ursprungligt meddelande --------Ämne: Re: [duosecurity/duo_client_python] get_billing_and_telephony_credits.py ("RuntimeError: Received 403 Access forbidden") (Issue #152)Från: Aaron Till: duosecurity/duo_client_python Kopia: Viktor Ohlsson ,Mention @BugWizard That specific example (get_billing_and_telephony_credits.py) is for the Accounts API, which is separate (sort of) from the Admin API. A different integration type and set of credentials is used for the Accounts API, since that is usually only of use to MSP or customers that manage multiple Duo accounts. If you were just running examples to test with, you probably want to avoid that one if you don't need it; but if you specifically do need to access account information, you'll need to contact Duo Support for Accounts API access if you don't already have it. See more info on the Accounts API at https://duo.com/docs/accountsapi Let us know if you have any questions, and thanks for using Duo. —You are receiving this because you were mentioned.Reply to this email directly, view it on GitHub, or unsubscribe.Triage notifications on the go with GitHub Mobile for iOS or Android.

Answer 3 · 2021-11-15T14:43:24.000Z

@BugWizard I'm not sure that either API can tell you how many credits an SMS auth will require? Based on my reading of the telephony-related API calls for both APIs:
https://duo.com/docs/adminapi#telephony-credits-used-report
https://duo.com/docs/accountsapi#get-telephony-credits
there's very little telephony information accessible.

In general, though, the Admin API is used for getting information about a single account, and the Accounts API is used for getting that same information about child accounts.

Answer 4 · 2021-11-15T16:16:23.000Z

@BugWizard The Admin API Telephony reporting endpoint can tell you how many credits were used for an individual SMS authentication event that already happened: https://duo.com/docs/adminapi#telephony-logs

If you want to know how many credits SMS to a given country will cost view our rate card here: https://duo.com/docs/telephony-credits#rate-card.

Answer 5 · 2021-11-16T14:47:04.000Z

I see!
How would one go about if they wanted to GET only the information of all the Users using the SMS as a way to login?(sms_passcode)?
I apologize for all these noob questions..

I have tried to make custom request for '/admin/v2/logs/authentication' and get the sms_passcode unsuccessfully.

Answer 6 · 2021-11-16T15:44:54.000Z

@BugWizard I think this method on the Admin class would do it:
get_authentication_log(api_version=2, factors=["sms_passcode"])
As described in https://duo.com/docs/adminapi#authentication-logs
In a real application, you'd probably want to use the mintime and maxtime to ensure you don't fetch the same authentication multiple times.

You might want to check out our log sync application (https://github.com/duosecurity/duo_log_sync) which is designed to extract Duo logs to an external log tool, if you have something like a SIEM available.

Hope this helps.

Answer 7 · 2021-11-23T14:38:55.000Z

Hi sorry to bother again.. I tested the "get_authentication_log(api_version=2, factors=["sms_passcode"])" and it works marvelous thank you, how ever I am having trouble trying to fetch the DATA from over 180 days ago, is there any quick fix I can make in my request to get older events? :)

Answer 8 · 2021-11-23T14:42:17.000Z

The upper limit is 180 days, as noted in the introduction to the Authentication Logs section of the Admin API documentation:

Returns a paged list of authentication log events ranging from the last 180 days up to as recently as two minutes before the API request.

Answer 9 · 2021-11-23T14:54:56.000Z

oohh that's the default then? I see. Tank you! .. I should've spotted it in the docs :)

Answer 10 · 2021-11-23T15:03:58.000Z

No worries. Please close this issue if you don't have any further questions.