InfluxDB v2 API - Authorization not found writing to bucket

InfluxDB 2
1

Hello, I am relatively new to InfluxDB but I have been having issues authenticating with the API. I am referring to the API documentation to properly authenticate and write to my bucket. I scoped an API token with Read/Write access for the bucket I am writing to.

The API token information is as follows (sensitive info removed from all code snippets, retrieved from calling /api/v2/authorizations):

{
  "id": "08dda35eb66d4000",
  "token": "xxxx_xxxxxxxxxxx_xxxxxx_xxxxx==",
  "status": "active",
  "description": "Veeam Bucket R/W",
  "orgID": "0dda9e31682bab19",
  "org": "MY ORG",
  "userID": "08dd9356202d4000",
  "user": "veeam",
  "permissions": [
          {
                  "action": "read",
                  "resource": {
                          "type": "buckets",
                          "id": "67cba1fb1f2723df",
                          "orgID": "0dda9e31682bab19",
                          "name": "Veeam",
                          "org": "MY ORG"
                  }
          },
          {
                  "action": "write",
                  "resource": {
                          "type": "buckets",
                          "id": "67cba1fb1f2723df",
                          "orgID": "0dda9e31682bab19",
                          "name": "Veeam",
                          "org": "MY ORG"
                  }
          }
  ],
  "links": {
          "self": "/api/v2/authorizations/08dda35eb66d4000",
          "user": "/api/v2/users/08dd9356202d4000"
  },
  "createdAt": "2022-02-04T21:07:18.873073786Z",
  "updatedAt": "2022-02-04T21:07:41.78886211Z"
}
]

My user is (retrieved from /api/v2/users/{userid})

{
        "links": {
                "self": "/api/v2/users/08dd9356202d4000"
        },
        "id": "08dd9356202d4000",
        "name": "veeam",
        "oauthID": "xxx",
        "status": "active"
}

My org is (/api/v2/orgs/{orgid}):

{
        "links": {
                "buckets": "/api/v2/buckets?org=MY ORG",
                "dashboards": "/api/v2/dashboards?org=MY ORG",
                "labels": "/api/v2/orgs/0dda9e31682bab19/labels",
                "logs": "/api/v2/orgs/0dda9e31682bab19/logs",
                "members": "/api/v2/orgs/0dda9e31682bab19/members",
                "owners": "/api/v2/orgs/0dda9e31682bab19/owners",
                "secrets": "/api/v2/orgs/0dda9e31682bab19/secrets",
                "self": "/api/v2/orgs/0dda9e31682bab19",
                "tasks": "/api/v2/tasks?org=MY ORG"
        },
        "id": "0dda9e31682bab19",
        "name": "MY ORG",
        "description": "",
        "createdAt": "2022-01-29T00:27:01.998959549Z",
        "updatedAt": "2022-01-29T00:27:01.998961565Z"
}

Finally, my bucket to write to is (/api/v2/buckets/{bucketid}):

{
        "id": "67cba1fb1f2723df",
        "orgID": "0dda9e31682bab19",
        "type": "user",
        "name": "Veeam",
        "retentionRules": [
                {
                        "type": "expire",
                        "everySeconds": 2592000,
                        "shardGroupDurationSeconds": 86400
                }
        ],
        "createdAt": "2022-01-29T00:31:40.693599432Z",
        "updatedAt": "2022-01-29T00:31:40.693601537Z",
        "links": {
                "labels": "/api/v2/buckets/67cba1fb1f2723df/labels",
                "members": "/api/v2/buckets/67cba1fb1f2723df/members",
                "org": "/api/v2/orgs/0dda9e31682bab19",
                "owners": "/api/v2/buckets/67cba1fb1f2723df/owners",
                "self": "/api/v2/buckets/67cba1fb1f2723df",
                "write": "/api/v2/write?org=0dda9e31682bab19\u0026bucket=67cba1fb1f2723df"
        },
        "labels": []
}

I have a curl request for sending Veeam data back to my InfluxDB:

veeamInfluxDBURL="http://localhost"
veeamInfluxDBPort="8086"
veeamInfluxBucketID="67cba1fb1f2723df"
veeamInfluxDBOrgID="0dda9e31682bab19"
veeamInfluxDBToken="xxxx_xxxxxxxxxxx_xxxxxx_xxxxx=="

curl -i -X POST "$veeamInfluxDBURL:$veeamInfluxDBPort/api/v2/write?bucket=$veeamInfluxBucketID&org=$veeamInfluxDBOrgID&precision=s" \
  -H 'Content-type: text/plain; charset=utf-8' \
  -H 'Authorization: Token $veeamInfluxDBToken' \
  -H 'Accept: application/json' \
  --data-binary "veeam_em_overview,host=$veeamRestServer veeamBackupServers=$veeamBackupServers,veeamProxyServers=$veeamProxyServers,veeamRepositoryServers=$veeamRepositoryServers,veeamRunningJobs=$veeamRunningJobs,veeamScheduledJobs=$veeamScheduledJobs,veeamSuccessfulVmLastestStates=$veeamSuccessfulVmLastestStates,veeamWarningVmLastestStates=$veeamWarningVmLastestStates,veeamFailedVmLastestStates=$veeamFailedVmLastestStates"

However this results in the following 401 unauthorized response:

HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8
X-Influxdb-Build: OSS
X-Influxdb-Version: 2.1.1
X-Platform-Error-Code: unauthorized
Date: Fri, 04 Feb 2022 22:03:22 GMT
Content-Length: 55

{"code":"unauthorized","message":"unauthorized access"}

And this log on InfluxDB:

Feb 04 22:03:22 influxdb1 influxd-systemd-start.sh[164020]: ts=2022-02-04T22:03:22.678078Z lvl=info msg=Unauthorized log_id=0ZPxQVIW000 error="authorization not found"

I have essentially quadruple checked my bucket ID, org ID, and API Token, and I can’t figure out why it will not authenticate. Any tips would be appreciated.

2

Hello, answered on GitHub as well, but as I can see, you are using ID, but the script says to use it like this:

veeamInfluxDBURL="http://YOURINFLUXSERVERIP" #Your InfluxDB Server, http://FQDN or https://FQDN if using SSL
veeamInfluxDBPort="8086" #Default Port
veeamInfluxDBBucket="veeam" # InfluxDB bucket name (not ID)
veeamInfluxDBToken="TOKEN" # InfluxDB access token with read/write privileges for the bucket
veeamInfluxDBOrg="ORG NAME" # InfluxDB organisation name (not ID)

Or, on my case for example:

veeamInfluxDBURL="https://yourinfluxserver" #Your InfluxDB Server, http://FQDN or https://FQDN if using SSL
veeamInfluxDBPort="8086" #Default Port
veeamInfluxDBBucket="telegraf" # InfluxDB bucket name (not ID)
veeamInfluxDBToken="MYLONGTOKEN" # InfluxDB access token with read/write privileges for the bucket
veeamInfluxDBOrg="Blog Jorge de la Cruz" # InfluxDB organisation name (not ID)

That should work

3

Hello @crockk,
You might also find this useful:

4

As stated in our conversation on GitHub, I attempted this first as that was, indeed, how the script says to use it. Just to be crystal clear, here I am using your method but still getting the same authentication errors:

veeamInfluxDBOrg="My+Org"        # using + for spaces, otherwise I get 400 bad request due to whitespace
veeamInfluxDB='Veeam'
veeamInfluxDBToken='xxxxxx=='          # read/write token, which I have verified works with influx CLI
veeamInfluxDBURL="http://localhost"    # not running behind any proxy/SSL
veeamInfluxDBPort="8086"

curl -i -X POST "$veeamInfluxDBURL:$veeamInfluxDBPort/api/v2/write?bucket=$veeamInfluxDB&org=$veeamInfluxDBOrg&precision=s" \
      -H 'Content-type: text/plain; charset=utf-8' \
      -H 'Authorization: Token $veeamInfluxDBToken' \
      -H 'Accept: application/json' \
      --data-binary "veeam_em_overview,host=$veeamRestServer veeamBackupServers=$veeamBackupServers,veeamProxyServers=$veeamProxyServers,veeamRepositoryServers=$veeamRepositoryServers,veeamRunningJobs=$veeamRunningJobs,veeamScheduledJobs=$veeamScheduledJobs,veeamSuccessfulVmLastestStates=$veeamSuccessfulVmLastestStates,veeamWarningVmLastestStates=$veeamWarningVmLastestStates,veeamFailedVmLastestStates=$veeamFailedVmLastestStates"

Response:

Writing veeam_em_overview to InfluxDB
HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8
X-Influxdb-Build: OSS
X-Influxdb-Version: 2.1.1
X-Platform-Error-Code: unauthorized
Date: Mon, 07 Feb 2022 22:16:39 GMT
Content-Length: 55

{"code":"unauthorized","message":"unauthorized access"}

I am not particularly interested in solving this issue any longer however, as I have switched from direct API requests to using:

influx write -b $veeamInfluxDB $DATA

Thanks for your time

5

Ah, yes my mistake.

Appreciate a lot your time debugging this, and glad you found a workaround!

Will keep my eyes open in case somebody else reports the issue.

Feedback and ideas always welcome, take care.