- Topics: Active | Unanswered
#1 2024-01-21 13:59:32
- cuc1368012734
API SDK principal-update action does not work
Hello,
I have a problem with the API for Adobe Connect for Training Standard version 12 hosted.
I log in as a user with rights Administrators system group. I can list meetings, folders, users. But I can't add new user.
When I call the API action principal-update to insert a new user, I get a status code: "no-access" and a subcode: "denied".
If I log into the web interface as the same user, I can manually add users without problems. But not via API.
Anyone have an idea how to fix this?
Thanks, Petr Zahradnik
Offline
#2 2024-01-25 10:58:04
- Andrew Chemey
Re: API SDK principal-update action does not work
Petr,
I did not have any problems using this API to create a new user. I tested with an HTTP-GET (typing directly in the browser URL) and an HTTP-POST (using a test application).
Remember that to create a new user, you should not include a principal-id. There are a few fields that are required. Here's what I used in the browser directly:
https://envolvemedia.adobeconnect.com/api/xml?action=principal-update&email=deleteuser@envolvemedia.com&type=user&first-name=delete&last-name=user&password=connect12&has-children=false
To run this API:
1. I logged into Adobe Connect as an Administrator
2. In the same browser, I opened a new tab
3. I typed that URL into the new tab
If you do something similar (changing your domain) - what happens?
-Andrew
Offline
#3 2024-01-25 21:30:05
- PetrZahradnik
Re: API SDK principal-update action does not work
Hello Andrew,
Thank you for answer. I do it exactly the same. I tried all options. This way, in a browser with a logged-in user, where cookies are used, using the obtained session, directly from your application. And I can't add users.
For example:
https://meet65584981.adobeconnect.com/api/xml?action=principal-update&type=user&first-name=Petr&last-name=Zahradnik&email=test@clexpert.cz&password=aaa123bbb&has-children=0
I can also add login and send-email=1, but the same problem.
Error in result XML:
status code="no-access" subcode="denied"
The only thought that occurred to me is the possibility that hosted Adobe Connect for Webinars Standard without the Webinar Pro Pack does not support adding users this way. But it's weird.
10 years ago I was using Adobe Connect (Adobe Flash based) where I had my own 3rd level domain like yours and adding users using the API worked fine there.
Petr Zahradnik
Offline
#4 2024-01-26 09:29:29
- Andrew Chemey
Re: API SDK principal-update action does not work
Petr,
Would you reach out to me, directly (andrew.chemey@envolvemedia.com). I am not aware of anything that would prevent the APIs from working in your instance.
Regards,
Andrew
Offline
#5 2024-01-26 18:26:58
- Andrew Chemey
Re: API SDK principal-update action does not work
Petr,
I had a lapse in memory. I figured out your issue. Your account has CSRF enabled for XML-APIs (found by being logged-in as an Administrator at: Admin > Account > More Settings > CSRF Settings > Enable CSRF Protection for XML API.
NOTE: During my tests with you, previously, I just used the browser, on an account that does not have CSRF protection enabled. I have a connect.js file I built that has the ability to call all APIs and includes the OWASP_CSRFTOKEN to work with accounts that has it enabled. So my applications are designed to work.
This means that:
1. You will need to search for/include a parameter called OWASP_CSRFTOKEN in your API
2. You'll need to use an HTTP-POST (and will not be able to use HTTP-GET such as typing API commands into a browser).
NOTE: I tend to use Postman, but there are a number of other tools you can use for sending HTTP-POST commands for testing purposes
To get/use the CSRF token, I tend to:
* Call common-info API and then parse both:
- results.OWASP_CSRFTOKEN.token
- results.common.cookie
These will be used for all future commands until logout is called
* Call login API (passing both parameters above), such that: https://{DOMAIN}/api/xml?action=login&login=ADMIN_LOGIN&password=ADMIN_PASSWORD&OWASP_CSRFTOKEN=a129df7d301a67711cfb974a28b1d6416f6c84ea03a1aecbf4ccb5a269fff7f9&session=na12breezfp6oi4t3wyewab31
* Call principal-update API to create the new user: https://{DOMAIN}/api/xml?action=principal-update&email=deleteuser@envolvemedia.com&type=user&first-name=delete&last-name=user&password=connect12&has-children=false&OWASP_CSRFTOKEN=a129df7d301a67711cfb974a28b1d6416f6c84ea03a1aecbf4ccb5a269fff7f9&session=na12breezfp6oi4t3wyewab31
Here is the result:
Feel free to respond in this forum, or you can reach out, if you still need assistance.
Regards,
Andrew
Last edited by Andrew Chemey (2024-01-26 18:27:16)
Offline