'ledgerId missing in access token' says /v1/create

Hi,

I have an access token with payload

{
  "sub": "alice",
  "aud": "https://daml.app.template.example.com",
  "exp": 1707556819
}

When I send a POST request to /v1/create with the access token, JSON api returns

{"errors":["ledgerId missing in access token"],"status":401}

I find that confusing because user tokens aren’t required to have ledgerId. What do I misunderstand here?

1 Like

Just a guess, but since you didn’t specify a “scope”, you are using an audience based token. But your “aud” field looks like it has an invalid format. Likely the someParticipantId is parsed to ledgerId somewhere and causing the misleading error message.

Could be. For the record, I added all fields that json api reported missing, and removed all fields that I could without json api complaining (so the smallest set of fields that json api happily accepted), and here is what I got:

{
  "sub": "alice",
  "aud": "https://daml.app.template.example.com",
  "ledgerId": "userParticipant",
  "applicationId": "alice",
  "actAs": ["alice::1220ea091546054ae5bf4b927d1a67fddf86592ad71e323fdd6ee1c5b96295582b91"]
}

This doesn’t conform to any of the token formats (scope-based, audience-based or custom) in the documentation, which is odd.