Unauthorized access service with StorageService.UpdateDocumentWithId

Question

Hello,

I am experiencing new error with App42 Cloud interface. We are using it almost half of year without problem on iOS and Android. Now we've migrated our code to Win8 and Windows Phone 8.

We are using cocos2dx SDK implementation for all platforms.

Yesterday I made several tests on WP8 and Windows 8.

1. Windows 8 is working ok

2. Windows Phone 8 - Finding documents is ok but when I want to insert or update existing document I've got error about unauthorized access. The Request is exactly the same as on Win8. 99% of code is the same (the only difference is in low level: curl on WP8 vs. http_request on Win8).

Can you please tell me in which case the server returns this error? What can be wrong?

Best,

Jiri

Answer 1

Hi,

UnAuthorized Access (1401) Exception comes when signature is false.

There are different reasons behind it:

      - Either your API Key & Secret Key is not correct

      - Or the device time is not correct on which app is running, i.e. time stamp is not correct while making the request.

      - The post body is not a valid json etc.

You can check these things inside InsertJsonDocument API code:

       map<string, string> signParams;

        string timestamp = Util::getTimeStamp();

        populateSignParams(signParams);

        signParams["dbName"] = dbName;

        signParams["collectionName"] = collectionName;

       string storageBody = BuildStorageBody(json);

        signParams["body"] = storageBody;

       string signature = Util::signMap(secretKey, signParams);

The above code is responsible for creating the signature, you can go through it and check what is going wrong.

If possible, please print the signParams, headers and URL and share with us so that we can also try to detect what is wrong in the request params.

Let us know if you need any other info related to this.

Comments

Thank you.

I cannot see any error in our data. Here is dump:

URL:
"https://api.shephertz.com/cloud/1.0/storage/update/dbName/DL_INVENTORY/collectionName/character/facebookId/1375652327?"

Headers:
+        [0]    "loggedInUser:1375652327"
+        [1]    "apiKey:1ca6ab84c248849cdadcb2ce9abea428f133a58b46f853fdfbda9b752c56842b"
+        [2]    "timeStamp:2014-08-21T16:50:36.000Z"
+        [3]    "signature:WfY9D7VNyPuZSm1Fl3CnbNcAVPs%3D"
+        [4]    "version:1.0"


Body:
{"app42":{"storage":{"jsonDoc":"{\"ach_params\":{\"a\":{\"30\":\"1\",\"31\":\"1\",\"32\":\"1\",\"33\":\"1\",\"34\":\"1\",\"35\":\"1\",\"45\":\"1\",\"46\":\"1\",\"47\":\"1\"},\"rep\":false},\"ach_values\":{\"a\":{\"30\":\"1\",\"31\":\"1\",\"32\":\"1\",\"33\":\"2\",\"34\":\"2\",\"35\":\"2\",\"45\":\"1\",\"46\":\"1\",\"47\":\"1\"},\"rep\":false},\"boss\":{\"rep\":false},\"character\":{\"a\":{\"1\":\"124\"},\"rep\":false},\"chieftain\":{\"rep\":false},\"enemy\":{\"a\":{\"4\":\"1\",\"7\":\"1\"},\"rep\":false},\"facebookId\":\"1375652327\",\"inventory\":{\"a\":{\"-1\":\"1\",\"0\":\"8947\",\"10\":\"1\",\"101\":\"1\",\"131\":\"1\",\"161\":\"1\",\"300\":\"1\"},\"rep\":true},\"outfit\":{\"a\":{\"1\":\"131\"},\"rep\":true},\"stats_max\":{\"a\":{\"0\":\"67\",\"2\":\"189\",\"3\":\"197\",\"4\":\"1\"},\"rep\":false},\"stats_total\":{\"a\":{\"0\":\"67\",\"1\":\"1\",\"2\":\"189\",\"3\":\"197\",\"4\":\"1\"},\"rep\":false},\"timestamp\":1408639836,\"version\":1}\n"}}}

This returns:

        _result    401    int
+        _body    "{\"app42Fault\":{\"httpErrorCode\":401,\"appErrorCode\":1401,\"message\":\"UnAuthorized Access\",\"details\":\"Client is not authorized\"}}"
        isSuccess    false
        httpErrorCode    401
        appErrorCode    1401
+        errorDetails    "Client is not authorized"
+        errorMessage    "UnAuthorized Access"


I've checked timestamp, json is valid, signature should be ok since FindDocument calls are successful with the same configuration.

Thank you for any help.

Jiri

---

Hi,
Everything looks fine from the logs you shared. It will be easy for us to track the issue if you can share the SDK code you are using for now. You can share the code on support@shephertz.com. Please remove your API_KEY from the above comment for security reasons.