Other: HVR API Login Send Bad Request When Body Is Missing Refresh
Answered
With HVR 6.2.5/6, when you call "{{root_url}}/auth/v1/password" with the following body
{
"username": "{{client_id}}",
"password": "{{client_secret}}"
},
it returns a 200 message with an access token. However, when you try to use that token the HVR API returns a 401, expired token.
If you change the body to
{
"username": "{{client_id}}",
"password": "{{client_secret}}",
"refresh": "token"
},
a token is generated that works successfully. The "refresh" element was not required in earlier patches, such as 6.2.5/3.
Since the "refresh" element is now required to generate a valid token, please have the API return a 400 error when a login request is sent without it.
-
Official comment
Greg,
Thank you for your feedback. We'll look into this. Very fair request if you ask me.
Thanks,
Mark.
Please sign in to leave a comment.
Comments
1 comment