Reputation: 1210
Ejabberd Server responding with error 10, you are not authorized to call this command
I am trying to hit the endpoint /register on my ejabberd server
i am getting the following error -
{ status: 'error',
code: 10,
message: 'You are not authorized to call this command.' }
The api_permissions section is as follows
api_permissions:
"console commands":
from:
- ejabberd_ctl
- mod_http_api
who: all
what: "*"
"admin access":
who:
- access:
- allow:
- ip: "127.0.0.1/8"
- acl: admin
- oauth:
- scope: "ejabberd:admin"
- access:
- allow:
- ip: "127.0.0.1/8"
- acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who: all
what:
- "status"
- "connected_users_number"
I am sending username and password in the auth request part of my header. The username is registered under the acl part of my ejabberd.yml file like so
admin:
user:
- "testuser@internal_ip_address"
N:B: I am sending the post request to http://127.0.0.1:5280/api/register from a nodejs script. I am getting the 'status connected' when i hit the .../api/status endpoint.
i have tried twicking my ejabberd.yml file and i still get that error. not sure how to give my user the right permissions to access the endpoint
Upvotes: 0
Views: 774
Answers (2)
Reputation: 1
I will show you a setup that worked for me :
1. First, register a user who will have the authorization to access the ejabberd API. In this example, the username is "admin", the password is "mypassword", and the domain is "localhost" : :\
ejabberdctl register admin localhost mypassword
2. Update ACL Configuration :
In the acl section of your configuration file(ejabberd.yml), add the following to define the admin user:
acl:
admin:
user:
- "admin@localhost"
3. Modify API Permissions :
In the api_permissions section, add this configuration to allow the admin user to execute API commands:
api_permissions:
"api commands":
from:
- mod_http_api
who:
- acl: admin
what: "*"
4. Configure HTTP Listener:
In the listen section, on port 5280, ensure you add /api: mod_http_api to enable API requests:
port: 5280
ip: "::"
module: ejabberd_http
request_handlers:
/admin: ejabberd_web_admin
/api: mod_http_api
/.well-known/acme-challenge: ejabberd_acme
/xmpp: ejabberd_http_ws
5. Restart Ejabberd:
After making these changes, restart ejabberd using the command:
ejabberdctl restart
6. Test with Postman:
To test, use Postman to send an HTTP request with Basic Auth. Set the username to admin@localhost and the password to your admin password. Ensure you include the domain in the username.
Example Request:
GET http://localhost:5280/api/register?user=myUser&host=localhost&password=myPassword
Basic Auth:
- Username: admin@localhost
- Password: mypassword
Upvotes: 0
Reputation: 31
In this section add:
- "public commands":
- who: all
- what:
- "status"
- "connected_users_number"
- "register"
Upvotes: 1
Related Questions
- Cannot connect to Ejabberd: user is not authorized
- ejabberd connecting to admin "missing server"
- ejabberd: AccessRules: Account does not have the right to perform the operation
- Ejabberd Oauth: Access denied
- Ejabberd - ejabberd_auth_external:failure:103 External authentication program failed when calling 'check_password'
- eJabberd Register - Access denied by service policy
- Ejabberd user registration command fails with {error,access_rules_unauthorized}
- WARNING! ejabberd can not start Admin user is not created Please check your configuration
- Can't connect to ejabberd server anymore : unauthorized
- Connection attempt from disallowed node 'ejabberdctl-1@localhost'