OctoPrint API with Access Control


#1

Background: I am working on a project that uses the Rest API of OctoPrint.

What is the problem?
Verified session keys do not have permission when access control is enabled.

I have:

  1. Put the applications details in the Config file of OctoPrint
  2. Obtained a temporary-session-key
  3. Signed and verified the session key (Gets response code 200)
  4. Use this key as my X-Api-Key when using the API
    5.Ensured that API is enabled in the settings

When access control is enabled and try to use the API (eg post a file to the printer at /api/files/local) I get a 403 forbidden. Note that the User API key and the one found in the settings menu works correctly.

When access control is disabled my app session key works correctly.

What did you already try to solve it?
Tried

  • with and without access control
  • Using the RSA keys found in the docs

Additional information about your setup (OctoPrint version, OctoPi version, printer, firmware, octoprint.log, serial.log or output on terminal tab, ...)

OctoPrint 1.3.8, directly on OctoPi, running in docker, and running for development on my local machine as described in the docs. Unsure if related, but the printer is a Wanhao Duplicator i3 plus, and the OctoPrint virtual printer.

Thanks,

Tom


#2

What does the response body contain? Also, please share your log.


#3

When using time-based session keys it's also good to verify that both server/client (Raspbian and your workstation) have the correct timezone and synchronized time.