How-to use token in api/v2.0 without Unauthorized

I installed ONLYOFFICE for testing via GitHub - ONLYOFFICE/Docker-CommunityServer: Collaborative system for managing documents, projects, customer relations and emails in one place. I started docker-compose.workspace.yml.

I want to test the API v2:

I retrieve a token with:

curl --request POST --header "Content-Type: application/json" --data '{"username":"user","password":"password"}' "http://server/api/2.0/authentication.json"

Then I use it in the request:

curl -I --request GET --header "Content-Type: application/json" -H "Accept: application/json" -H "Authorization: XXXXXX" "http://server/api/2.0/people"


HTTP/1.1 401 Unauthorized
Server: nginx/1.22.0
Date: Fri, 07 Jun 2024 13:59:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 12
Connection: keep-alive
WWW-Authenticate: Basic Realm="server"
X-AspNet-Version: 4.0.30319
Cache-Control: private

In one command:

curl -I --request GET --header "Content-Type: application/json" -H "Accept: application/json" -H "Authorization: $(curl --request POST --header "Content-Type: application/json" --data '{"username":"","password":"password"}' "http://server/api/2.0/authentication.json" -s | jq .response.token)" "http://server/api/2.0/people"

Hello @gaetan.schneller

As I can see you are using following method:

Please specify which method you are using here:

I test with people method, http://server/api/2.0/people
I directly use the token returned by the POST on “http://server/api/2.0/authentication.json” instead of XXXXXX
On the other hand, the authentication request returns me an ‘expires’ at the UTC date of the present moment, therefore for me 2 hours in the past

I follow API Backend - ONLYOFFICE Api Documentation

Please try using following structure for the GET request to /people:

curl --location --request GET "http://server/api/2.0/people" --header "Content-Type: application/json" --header "Accept: application/json" --header "Authorization: <auth_token>"

It’s my mistake, I forget @self.json at the end of request,

You can close the ticket

1 Like