i3tog (i3tog) asked a question.
Hello,
I am trying to call the /api/v1/myaccount endpoint as a non-administrative user. The documentation (https://developer.okta.com/docs/reference/api/myaccount/*get-me) mentions that "Any user with a valid session can issue this request to get basic information about their account." That sounds perfect for my project, however, the example references using an api_token to call the service, not a session token. I have tried using the session token from a previously successful /api/v1/authn API call in the Authorization header and as a cookie but I receive the following response:
HTTP/1.1 403 Forbidden
Date: Mon, 22 Nov 2021 23:11:31 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
...(some response headers redacted)...
x-content-type-options: nosniff
Strict-Transport-Security: max-age=315360000; includeSubDomains
set-cookie: sid=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
{
"errorCode": "E0000005",
"errorSummary": "Invalid session",
"errorLink": "E0000005",
"errorId": "oaeu4uY8YKgQleiVfHbs-xWgg",
"errorCauses": []
}
Can someone explain where I would retrieve the proper session token for a non-administrative, authenticated user to make this call?
Thank you!
Stephen
Hello, @i3tog (i3tog)
Good afternoon the "errorCode": "E0000005" usually occurs when the API token you are using doesn't have sufficient permissions or exist an Invalid Authorization header in the request, or an invalid API token. Troubleshooting options:
For more details, see the Reactive User section in the Users API dev doc.If you need further assistance creating this integration you can also feel free to post this question on our Okta Developer Forums: https://devforum.okta.com,This is a place for the Okta developer community to interact, You can always open a case with Okta Support if you would like further assistance in this setup.Have a great day ahead
Regards