JSON API: Unauthorized access error while creating or exercising

I’m able to query the data via Daml JSON-API but when I’m trying to create a new contract or exercise a choice via contractID getting error in sandbox:

[http-json-ledger-api-akka.actor.default-dispatcher-74] INFO com.daml.http.Endpoints - Responding to client with HTTP 401 Unauthorized, context: {instance_uuid: “7b260c35-be20-4617-9ee8-e7d7077f3d6f”, request_id: “09baad21-8f2b-4ee0-8349-c7422197f750”}

Token: const token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwczovL2RhbWwuY29tL2xlZGdlci1hcGkiOnsibGVkZ2VySWQiOiJlZjY1YmI4NS1hY2JmLTQ0NzYtYmI1MS1iNTE3ZGY1ZmUyNGMiLCJhcHBsaWNhdGlvbklkIjoidGVzdE1hcmtldCIsImFjdEFzIjpbIkJPTlkiXX19.vj2t3Xr3ISTURsi7d-QEhjEbobBS6JvdADe4ltQE8xc";

the token is derived via jwt.io passing this as payload:

  "https://daml.com/ledger-api": {
    "ledgerId": "ef65bb85-acbf-4476-bb51-b517df5fe24c",
    "applicationId": "testMarket",
    "actAs": [

Sample Payload:

Exercise via contractID:

    contractData = {
    "templateId": "Main.BusinessObjects.Bond:Bond",
    "contractId": "#0:0",
    "choice": "IssueBond",
    "argument": {
        "_isin": "ISIN-8",
        "_issuer": "BONY",
        "_investor": "TESLA",
        "_quantity": 999.99

Axios Call

axios.post(`http://localhost:7575/v1/exercise`, {
        headers: {
            'Content-Type': 'application/json',
            'Authorization': 'Bearer ' + token
        data: contractData

Creation of new contract:

contractData = {
        "templateId": "Main.BusinessObjects.Bond:Bond",
        "payload": {
            "isin": "ISIN-6",
            "issuer": "BONY",
            "investor": "TESLA",
            "quantity": 999.99

Axios Call

axios.post(`http://localhost:7575/v1/create`, {
            headers: {
                'Content-Type': 'application/json',
                'Authorization': 'Bearer ' + token
            data: contractData

Why am I getting this error for exercising and creation but not for query? How can I debug why authorization is failing?

1 Like

Hi @NagatoPeinI1 and welcome to the forum, your token itself looks fine. A few questions to narrow this down:

  1. Which SDK version are you using?
  2. Can you reproduce the error via a curl command like the following?
curl localhost:7575/v1/create -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwczovL2RhbWwuY29tL2xlZGdlci1hcGkiOnsibGVkZ2VySWQiOiJlZjY1YmI4NS1hY2JmLTQ0NzYtYmI1MS1iNTE3ZGY1ZmUyNGMiLCJhcHBsaWNhdGlvbklkIjoidGVzdE1hcmtldCIsImFjdEFzIjpbIkJPTlkiXX19.vj2t3Xr3ISTURsi7d-QEhjEbobBS6JvdADe4ltQE8xc" -d '{"templateId": "Main.BusinessObjects.Bond:Bond", "payload": {"isin": "ISIN-6", "issuer": "BONY", "investor": "TESLA", "amount": 999.9}}'
  1. Are you using the JSON API with the in-memory backend (the default) or with the postgres backend?

Thank you @cocreature

  1. I’m using version: 1.18.0

After running the curl command getting this output:

PS D:\DAML-excersie\daml_test_bond> curl localhost:7575/v1/create -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwczovL2RhbWwuY29tL2xlZGdlci1hcGkiOnsibGVkZ2VySWQiOiI4ZDI1OWJiMS1kZWM0LTQ4ZGQtODQ1Yy1lMTVmOThiMWM3MGUiLCJhcHBsaWNhdGlvbklkIjoibWFya2V0IiwiYWN0QXMiOlsiQk9OWSJdfX0.MFeFOlrYX48tfZHv1ClMvMWxjZfFr5RQoNdtmIsz8AI" -d '{"templateId": "Main.BusinessObjects.Bond:Bond", "payload": {"isin": "ISIN-6", "issuer": "BONY", "investor": "TESLA", "amount": 999.9}}'       
Invoke-WebRequest : Cannot bind parameter 'Headers'. Cannot convert the "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwczovL2RhbWwuY29tL2xlZG
jZfFr5RQoNdtmIsz8AI" value of type "System.String" to type "System.Collections.IDictionary".
At line:1 char:34
+ ... 1/create -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVC ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Invoke-WebRequest], ParameterBindingException
    + FullyQualifiedErrorId :
  1. ledger is in-memory
Initialized sandbox version 1.18.0 with ledger-id = 8d259bb1-dec4-48dd-845c-e15f98b1c70e, port = 6865, dar file = List(.daml\dist\PrimaryMarket-0.0.1.dar), time mode = wall-clock time, ledger = in-memory, auth-service = AuthServiceWildcard$, contract ids seeding = strong
Running the initialization script.

Ah didn’t realize you are on Windows. Confusingly, Windows has a curl alias for a completely different command which is not curl. You can get the actual curl from curl for Windows.

{"errors":["JsonReaderError. Cannot read JSON: <'{templateId:>. Cause: spray.json.JsonParser$ParsingException: Unexpected character ''' at input index 0 (line 1, position 1), expected JSON Value:\n'{templateId:\n^\n"],"status":400}curl: (3) Port number ended with 'T'
curl: (6) Could not resolve host: payload
curl: (3) [globbing] unmatched brace in column 1
curl: (6) Could not resolve host: ISIN-10,
curl: (6) Could not resolve host: issuer
curl: (6) Could not resolve host: BONY,
curl: (6) Could not resolve host: investor
curl: (6) Could not resolve host: TESLA,
curl: (6) Could not resolve host: amount
curl: (3) [globbing] unmatched close brace/bracket in column 6

This is the error with CURL

Looks like powershell doesn’t parse the string properly. I’m not super familiar with powershell but from a quick search, maybe give the following a shot:

curl localhost:7575/v1/create -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwczovL2RhbWwuY29tL2xlZGdlci1hcGkiOnsibGVkZ2VySWQiOiI4ZDI1OWJiMS1kZWM0LTQ4ZGQtODQ1Yy1lMTVmOThiMWM3MGUiLCJhcHBsaWNhdGlvbklkIjoibWFya2V0IiwiYWN0QXMiOlsiQk9OWSJdfX0.MFeFOlrYX48tfZHv1ClMvMWxjZfFr5RQoNdtmIsz8AI" -d "{`"templateId`": `"Main.BusinessObjects.Bond:Bond`", `"payload`": {`"isin`": `"ISIN-6`", `"issuer`": `"BONY`", `"investor`": `"TESLA`", `"amount`": 999.9}}"