Forum

Message Boards Message Boards

Back

Finder API authentication/authorisation issues

Toggle
Dear message board administrator,

Did you change the Finder API authentication/authorisation process?

I seem to be getting 403 HTTP responses when trying to download data when I was getting 200 responses and was able to download the data in the recent past (i.e. middle of January). I am still able to request a token from your token provider but when sending the HTTP request to download I receive the 403 response.

Can you please assist with this query as soon as possible?

PS 1. I have noticed that your EO browser has also changed which was also using the Finder API.
PS 2. Do you have a software amendment/deployment policy that I could read as well please?

Kind regards,
Dimitrios
0 (0 Votes)

RE: Finder API authentication/authorisation issues
Answer
11 February 2019 5:35 as a reply to Dimitrios Michelakis.
Dear Dimitrios,

It's strange, because we haven't implemented any changes to EO Browser and Finder API.
The only update we have made is related to ordering new products.
Most probably, the root of the problem is API token lifespan, which is set to 300 seconds and after that another token request should be made.
Of course, you can automatize it by applying script in Python that would refresh your token every five minutes.

Best regards,
Mateusz
0 (0 Votes)

RE: Finder API authentication/authorisation issues
Answer
13 February 2019 2:54 as a reply to Mateusz Sykucki.
Hi Mateusz,

Thanks for your reply - it sounds like a possible solution since revisiting my code I can see that I collect the token for all my areas of interest which may be creating the problem. I will amend the code and come back to mark this as an answer or ask for more details!

Kind regards,
D.
0 (0 Votes)

RE: Finder API authentication/authorisation issues
Answer
13 February 2019 3:49 as a reply to Mateusz Sykucki.
Hi Mateusz ,

Unfortunately that seems not to be the case (i.e. the 300 seconds for each token) - I am running the following script in my ubuntu server machine and still fails with 403 (i.e. just for for one request) - that shouldn't be the case right?

12345678910111213141516171819202122232425
USERNAME=my_user
PASSWORD=my_pass

export KEYCLOAK_TOKEN=$(curl -d 'client_id=CLOUDFERRO_PUBLIC' \
                             -d "username=${USERNAME}" \
                             -d "password=${PASSWORD}" \
                             -d 'grant_type=password' \
                             'https://auth.creodias.eu/auth/realms/DIAS/protocol/openid-connect/token' | \
                             python -m json.tool | grep "access_token" | awk -F\" '{print $4}')

URL=https://finder.creodias.eu/resto/collections/Sentinel1/ca59dd0d-e2fd-567e-be54-3e2e10c1c5b9/download?token=$KEYCLOAK_TOKEN

wget $URL --verbose

 % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2729  100  2617  100   112   5739    245 --:--:-- --:--:-- --:--:--  5984
The name is too long, 1378 chars total.
Trying to shorten...
New name is download?token=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ5RUhvWks0aWR2WHFmeExZWFhabjFmTi1YSU1UTXJvdTJ2NmVIQXI5ZWE0In0.eyJqdGkiOiI2NDcyYTNhYi0wNjIwLTRjNWMtYjAxNS0zOTZhZTkwMGNjYWQiLCJleHAiOjE1NTAwNzMzNTAsIm5iZiI6MCwiaWF0IjoxNTUwM.
--2019-02-13 15:45:48--  https://finder.creodias.eu/resto/collections/Sentinel1/ca59dd0d-e2fd-567e-be54-3e2e10c1c5b9/download?token=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ5RUhvWks0aWR2WHFmeExZWFhabjFmTi1YSU1UTXJvdTJ2NmVIQXI5ZWE0In0.eyJqdGkiOiI2NDcyYTNhYi0wNjIwLTRjNWMtYjAxNS0zOTZhZTkwMGNjYWQiLCJleHAiOjE1NTAwNzMzNTAsIm5iZiI6MCwiaWF0IjoxNTUwMDcyNzUwLCJpc3MiOiJodHRwczovL2F1dGguY3Jlb2RpYXMuZXUvYXV0aC9yZWFsbXMvZGlhcyIsImF1ZCI6IkNMT1VERkVSUk9fUFVCTElDIiwic3ViIjoiZmI1ZWVjMzUtY2I4Ni00ZTU1LTkyNTgtMGE5NDU0Y2VhY2QyIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiQ0xPVURGRVJST19QVUJMSUMiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiI5OWMzOTc1YS0xMmRmLTQ1ZDItYWViYy00ZDQ4ZDczNzgwM2IiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwibmFtZSI6IkRpbWl0cmlvcyBNaWNoZWxha2lzIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiZGltaXRyaW9zLm1pY2hlbGFraXNAZWNvbWV0cmljYS5jb20iLCJnaXZlbl9uYW1lIjoiRGltaXRyaW9zIiwiZmFtaWx5X25hbWUiOiJNaWNoZWxha2lzIiwiZW1haWwiOiJkaW1pdHJpb3MubWljaGVsYWtpc0BlY29tZXRyaWNhLmNvbSJ9.s8OAulSpict9MBNK1AHL3nXDfQffWg1WdkxPLfUMJoA3Da5va3qABCr0SKj8F6QkSQC0IYVU3vHLUU1jMay9beiEji8P7xxKfs7SD_GTp1jFqf_bEhDLMXbrxyh_rmv0oIUClFvfm9hiGpp27098Xh28zbxL25whhg56t5UTNymga1HR0_ptq8LnQVs1HMd79Yjdr58cAahLKNhfduinv4Z4LGtW5LOcQCLp74fBwHu0xQG5gpneJaERpVbjlTYCKmg-4ioS1PB7-CuA5T5v_VTHlVoBFRva7lTa_kTr1Ekf2-9iFzmncI3WlDX3o_UjoknDAtGxwXMFAL8aeyPwEg
Resolving finder.creodias.eu (finder.creodias.eu)... 185.48.233.248
Connecting to finder.creodias.eu (finder.creodias.eu)|185.48.233.248|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2019-02-13 15:45:49 ERROR 403: Forbidden.
0 (0 Votes)

RE: Finder API authentication/authorisation issues
Answer
13 February 2019 6:49 as a reply to Dimitrios Michelakis.
Hi Dimitrios,

Due to backend maintenance works, that I didn't know about, the syntax and address used for requesting downloads has changed, and now it looks like:
https://zipper.creodias.eu/download/product_uuid?token=
rather than
https://finder.creodias.eu/resto/collections/Sentinel1/product_uuid/download?token=

We'll try to apply fix which redirects to the previous address as soon as possible. Meanwhile, please use the new URL for data downloading.
Sorry for misguiding you.

Best regards,
Mateusz
0 (0 Votes)

RE: Finder API authentication/authorisation issues
Answer
14 February 2019 8:36 as a reply to Mateusz Sykucki.
Hi Mateusz,

Thanks for letting me know - this information certaintly clarifies the problem.

I am testing CreoDIAS to understand sustainability and resilience of your service. Can you please point me to the documentation referring to your service availability, update policies etc?

Also I would like to understand more on the different commercial models that you have available - can you put me in touch with one of your business development staff?

Kind regards,
D.
0 (0 Votes)

RE: Finder API authentication/authorisation issues
Answer
14 February 2019 1:34 as a reply to Dimitrios Michelakis.
Dear Dimitrios,

You will be hearing from our Business Development Team shortly.

Regarding our documentation, please take a look at following documents:

https://creodias.eu/public-reporting-dashboards
https://creodias.eu/iso-certified

Best regards,
Mateusz
0 (0 Votes)

RE: Finder API authentication/authorisation issues
Answer
14 February 2019 12:03 as a reply to Mateusz Sykucki.
Hi Mateusz,

Thanks for passing my details to your BD team - the links you have included in your previous post do not work though. I am getting a general slack page saying there is no content in those pages.

Kind regards,
D.
0 (0 Votes)

RE: Finder API authentication/authorisation issues
Answer
14 February 2019 1:38 as a reply to Dimitrios Michelakis.
Dear Dimitrios,

You're right - direct link looked different.
Take a look at
https://creodias.eu/public-reporting-dashboards
https://creodias.eu/iso-certified
Best regards,
Mateusz
0 (0 Votes)

RE: Finder API authentication/authorisation issues
Answer
20 February 2019 8:23 as a reply to Dimitrios Michelakis.
Hi Dimitrios,

Regarding your question please also find another document: Appendix: Service Level https://creodias.eu/appendix-service-level
Regading the update policies:
1. We do updates according to best practices of ITIL.
2. We do not update/upgrade the systems in Client's domain/projects/vitrual machines/storage.

Regards,
Marcin Gil
0 (0 Votes)