400 bad request error while calling ejabberd api

0
votes

I am getting 400 bad request error while calling "/api/get_roster" endpoint of ejabberd. I had kept "get_roster" in the scope while requesting the oauth token.

400 bad request error in ejabberd

I guess there is some issue with the permissions. Here is my configuration file:

https://www.dropbox.com/s/his89bx39qhvr1h/ejabberd2.yml?dl=0

I have tried to follow the official documentation. As per the API permission guide, I have also tried adding following properties:

api_permissions:
  - "Admin access":
    - who:
      - admin
    - what
      - "\*"
      - "!stop"

But there was no change. I have following questions:

  1. What am I doing wrong here?
  2. What are possible scopes?
3
ejabberdejabberd-api
As per document, Note:: To use get_roster scope, you need to have mod_admin_extra enabled. Otherwise, the command is unknown and you will get an invalid_scope error. - Girdhar Sojitra
I have mentioned mod_admin_extra in the modules section of yml file. I did not get invalid_scope error. I am able to acquire token. It is just that when I use that token in POST call to API Endpoint, it says 400 bad request. - Vikas Roy
What version of ejabberd you are using? - Darshan
I am using ejabberd 16.01. - Vikas Roy

3 Answers

0
votes

Your request should contain Authorization header as below:

curl -v -X POST -H "Authorization: Bearer <Oauth_token>" http://localhost:5280/api/get_roster -d '[]'
0
votes

You can refer to this link for more details. If you are accessing as admin you can use commands_admin_access rule to provide access to api commands and specify the commands you want to access as follows:

commands:
  - add_commands:
    - get_roster
commands_admin_access: configure
0
votes

You are using very old version of Ejabberd. Latest is 17.04 which has lots of changes in API permission framework from 16.01 . api_permission related configuration came in 16.12 version. Please refer this for more detail.