Forum Discussion

Nimbostratus

May 03, 2014

Providing right credential to connect the F5 device using RestAPI is always throwing 401 error

Hi All, Here I am using RestAPI to connect to the device. I am always getting the http 401 error even my credentials are right and able to reach the same url using webbrowser. Can anybody h...

Nimbostratus

Mar 14, 2017

any information on what version(s) this has been corrected in? I just upgraded to 12.1.1 and i have users who are not able to use the RestAPI. They get 401. What right does the user require? I would hope that it would reflect the same rights structure and not require them to be admin.

nyif5_225400
Nimbostratus
Aug 02, 2017
Hi I am having the same 401 auth error. Did any one get the resolution. Or we just need to use the admin user for RestAPI ?
Jad_Tabbara__J1
Cirrostratus
Aug 02, 2017
You need to use admin user for RestApi
brad_11480
Nimbostratus
Aug 02, 2017
Really?? admin user only? There is no security model for the RestAPI? This renders the use of the RestAPI to be very limited in scope. It certainly can't be used for monitoring systems as the credentials would be required on those systems to call the RestAPI.

This means that anyone who needs to use it basically has the 'keys to the kingdom' and can use those credentials to do whatever they wish on the systems.

Note that generating a token is useless alternative since they expire in 8 hours.

Ref below comment about it being corrected in a subsequent 'hotfix' I'm on 12. no relief.
Brad_Parker
Cirrus
Aug 02, 2017
Take a look at this article, https://devcentral.f5.com/articles/rbac-with-icontrolrest-on-big-ip-24491