403 Forbidden Access on all methods of Admin API
Closed this issue · 6 comments
Hi,
I was trying to get the users present in my duo account with the admin API by calling the method get_users(), but everytime when I call this method it lands in 403 Access Forbidden Error. Same is the problem with all other methods when I try to call them.
`>>> admin_obj = admin.Admin(ikey='XXXXXXXXXXXM5Q', skey='XXXXXXXXXXXXXXXXXXXXXXXXX2XW2e', host='api-xxxxxxx.duosecurity.com')
admin_obj.get_users()
Traceback (most recent call last):
File "", line 1, in
File "/home/shahid/.local/lib/python3.10/site-packages/duo_client/admin.py", line 689, in get_users
return list(self.get_users_iterator())
File "/home/shahid/.local/lib/python3.10/site-packages/duo_client/client.py", line 409, in json_paging_api_call
(objects, metadata) = self.parse_json_response_and_metadata(response, data)
File "/home/shahid/.local/lib/python3.10/site-packages/duo_client/client.py", line 485, in parse_json_response_and_metadata
raise_error('Received %s %s' % (
File "/home/shahid/.local/lib/python3.10/site-packages/duo_client/client.py", line 471, in raise_error
raise error
RuntimeError: Received 403 Access forbiddenadmin_obj.get_bypass_codes()
Traceback (most recent call last):
File "", line 1, in
File "/home/shahid/.local/lib/python3.10/site-packages/duo_client/admin.py", line 3095, in get_bypass_codes
return list(self.get_bypass_codes_generator())
File "/home/shahid/.local/lib/python3.10/site-packages/duo_client/client.py", line 409, in json_paging_api_call
(objects, metadata) = self.parse_json_response_and_metadata(response, data)
File "/home/shahid/.local/lib/python3.10/site-packages/duo_client/client.py", line 485, in parse_json_response_and_metadata
raise_error('Received %s %s' % (
File "/home/shahid/.local/lib/python3.10/site-packages/duo_client/client.py", line 471, in raise_error
raise error
RuntimeError: Received 403 Access forbidden
`
Did you grant sufficient privileges to the Admin API application you created in Duo? It needs "Grant read resource" to retrieve objects like users.
@DuoKristina This is an issue for me too. Requests to AdminAPI endpoints with existing credentials are 403ing. Permission Grant read resource has already been set.
Did you grant sufficient privileges to the Admin API application you created in Duo? It needs "Grant read resource" to retrieve objects like users.
Thanks Kristina, I got to know the solution in the duo forum itself. Just had to provide sufficient privileges for the admin API.
@DuoKristina This is an issue for me too. Requests to AdminAPI endpoints with existing credentials are 403ing. Permission
Grant read resourcehas already been set.
Hi Jiva,
Just follow the following steps -
Login to your duo dashboard
Open the application section
If you haven't ste up your admin API, do so by going into the protect application (right top corner)
Once done, mark the privileges you want to set up for admin API.
@DuoKristina @shahidmuzaffar98
FWIW this is still an issue for me - I granted all available permissions to my set of credentials and calls to admin_api.get_users() continue to throw RuntimeError: Received 403 Access forbidden errors.
My application was set up and working fine and the API/SDK just started throwing these errors a couple days ago with no code changes on my part.
Well the answer seems to be that this is API is for paying users and I was on a new account within the trial period, so my access was abruptly cut-off.