Orchestrator Bucket API returns 403 error 'You are not authorized to perform this action"

Help Orchestrator
, ,
1

Hello,

I’m trying to put files into the UiPath Bucket in an on-prem Orchestrator through its API. I’m able to do this using Postman. However, when I call this API in an Chrome extension, it does work but, in like 5 out 10 requests it throws a 403 response saying “You are not authorized to perform this action”.

I used this link [Postman]
for reference and it works every time on Postman.

I did the following steps on Postman achieve this.

  1. Get authentication token:
    https://{orchestrator URL}/api/Account/Authenticate

  2. Get Write URL
    https://{orchestrator URL}/odata/Buckets(1)/UiPath.Server.Configuration.OData.GetWriteUri?path=[EXTERNAL]%20extension%20zip.eml&expiryInMinutes=0

  3. Upload the file to the URL from previous step 2

https://{orchestrator URL}:443/api/BlobFileAccess/Put?t=5477c266-22e9-4edc-995d-edfee3c2da7a&r=eyJFeCI6IjIwMjItMDgtMTZUMTc6MzU6NDMuMjg3MzMyMiswMDowMCIsIkJJZCI6IjRhZmJjNDAyLWU5MzItNDI4Mi04YjkyLWQxYTkzMjZlYzEyMSIsIkJGcCI6IltFWFRFUk5BTF0gZXh0ZW5zaW9uIHppcC5lbWwiLCJBbSI6MX0.&s=12iDKNgM1qIMIUXZdXFi92jlKvbljCBBmiWDXmCPYU0.

This works perfectly every time on Post man.
However, when I do the same API call on browser, sometimes it works and sometimes it gives the following error:

Here’s how I’m calling it in the extension:

Step1:

access_token =  await fetch(
              "https://***********/api/Account/Authenticate",
              {
                method: "POST",
                headers: {
                  "Content-Type": "application/json",
                },
                body: JSON.stringify({
                  password: "*******",
                  usernameOrEmailAddress: "*******",
                  tenancyName: "Default",
                }),
              }
            )
              .then((resp) => resp.json())
              .then((json) => {
                return json.result;
              });

Step 2:

async function getUploadURL(fileName, bucketID) {

    const URL = `https://**************/odata/Buckets(${bucketID})/UiPath.Server.Configuration.OData.GetWriteUri?path=${fileName}&expiryInMinutes=0`;
    
    let response = await fetch(URL, {
        method: "GET",
        headers: new Headers({
            "X-UIPATH-OrganizationUnitId":3,
            Authorization: `Bearer ${sessionStorage.getItem("token")}`
        })
    }).then(function (res) {
        return res.json();
    }).catch(function (error) {
        console.log("there was an error retrieving upload url for the files \n" + error);
        return error.json();
    });
    return response;

}

Step3:

async function uploadtoBucket(file, URL) {

    console.log("Upload to bucket was invoked")
    console.log("This is  the URL "+URL);
    let response = await fetch(URL, {
        method: "PUT",
        headers: new Headers({
            "x-ms-blob-type": `BlockBlob`
        }),
        body: file
    })
        .then(function (res) {
            return res;
        }).catch(function (error) {
            console.log("Error occured" + error);
            return error;
        });
    return response;

}

I can’t seem to figure out what I’m doing wrong. It’s not the token because I used the same token in postman and it went through. I tried clearing cookies. However it works if I call this API after 5-10 minutes. But then again after a few calls the orchestrator starts giving out the 403 response.

It would be a great help if someone could help me figure this out.

Thanks,
Subham Don

2

It is not clear of all the inner workings of the Bucket API endpoints and /api/BlobFileAccess as it is not fully documented. Best bet would be to reach out to Support directly if you are an Enterprise/Cloud Customer.

For example expiryInMinutes=0, while the document indicates the default is zero, what is the implication of this? Is it available indefinitely without expiry? Is there a default TTL before it expires?

Your PUT headers also appear to be static, perhaps double check that they match what you get from the GetWriteUri response body and/or use the response to populate the structure of your PUT request.

3

@codemonkee ,

Thank you for your response.

I tried your suggestion. Removed the expiryinMinutes and the static request headers.

I still get the same error.

image
image1275×173 10.4 KB

It works perfectly on Postman though