Welcome to the Onshape forum! Ask questions and join in the discussions about everything Onshape.
First time visiting? Here are some places to start:- Looking for a certain topic? Check out the categories filter or use Search (upper right).
- Need support? Ask a question to our Community Support category.
- Please submit support tickets for bugs but you can request improvements in the Product Feedback category.
- Be respectful, on topic and if you see a problem, Flag it.
If you would like to contact our Community Manager personally, feel free to send a private message or an email.
Receiving 401 Unauthorized when trying to export an STL or parasolid from Onshape API
Cappie_Pomeroy
Member Posts: 14 ✭
I have tried both from my local computer and using the API explorer application. Every other OAuth2Read API call that I've used works as expected both locally and in the API explorer. I've tried the /parts/d/:did/[wvm]/:wvm/e/:eid/partid/:partid/stl endpoint and the /partstudios/d/:did/[wvm]/:wvm/e/:eid/stl as well as the parasolid ones. I've used workspace id, version id, and microversion id both locally and in the API explorer. All result in
`{"message":"Unauthenticated API request", "status":401}`
Any ideas?
Tagged:
0
Best Answer
-
Ethan_K Member, Onshape Employees Posts: 57Hi Cappie,
This is one of the only endpoints that returns a 307 to a modeling server. My guess is that the HTTP client you are using (requests) is set up not to authenticate on a redirect. That is a reasonable default because they want to be careful about implicitly sending credentials with subsequent requests. However, in this circumstance you have to send the credentials in or else you will correctly get a 401. You can verify whether or not your request has the appropriate headers by printing the headers out that were sent over the wire... see here for how to do that: https://stackoverflow.com/questions/20658572/python-requests-print-entire-http-request-raw . In the Onshape client (still in beta) we custom handle the 3xx codes by turning off automatic redirect logic, and handling the redirect directly: https://github.com/onshape-public/onshape-clients/blob/master/python/onshape_client/oas/rest.py#L233 .
Hope that helps!4
Answers
This is because our STL call requires following a 307 redirect to the modeling server slated to deliver the tessellation. Upon redirection, you need to re-sign the request with the new parameters, since the request now points to a different resource path, and API key signing integrates the path and query params into the signature. We currently don't handle this correctly in the API explorer, but there is a bug already filed for this. In many clients, the way to support this is to turn off the automated redirect that they provide, and instead handle it manually in a try/catch for 3xx codes that takes the redirect and calculates the new headers for it. You can see an example of this here: https://github.com/onshape-public/onshape-clients/blob/30e9242c5544b35fcb1bb9797334a29443b1d3d8/python/onshape_client/rest.py#L255 . Note that if you are using OAuth, the automated redirect should just work as it doesn't need path-specific signing.
Hope that helps!
This is one of the only endpoints that returns a 307 to a modeling server. My guess is that the HTTP client you are using (requests) is set up not to authenticate on a redirect. That is a reasonable default because they want to be careful about implicitly sending credentials with subsequent requests. However, in this circumstance you have to send the credentials in or else you will correctly get a 401. You can verify whether or not your request has the appropriate headers by printing the headers out that were sent over the wire... see here for how to do that: https://stackoverflow.com/questions/20658572/python-requests-print-entire-http-request-raw . In the Onshape client (still in beta) we custom handle the 3xx codes by turning off automatic redirect logic, and handling the redirect directly: https://github.com/onshape-public/onshape-clients/blob/master/python/onshape_client/oas/rest.py#L233 .
Hope that helps!
Also thanks for pointing out the security flaw of passing along headers I will only use this on the endpoints you specified.
Just a clarification on this answer. Do you need to recalculate the headers for the redirect using the new url, path and queries or should the redirect have the same headers as the initial request?