Support Questions

Find answers, ask questions, and share your expertise

NiFi API & "Unable to validate the access token" error

avatar
Expert Contributor

Hello,

I'm getting the "Unable to validate the access token" when calling NiFi API, for all API end points that I checked. (I checked a few).

Following other posts in HCC, I'm first using the below call to get the access token, which is successful, it returns a token.

curl 'https://<nifi-server>:8077/nifi-api/access/token' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --data 'username=<username>&password=<password>' --compressed --insecure

In the 2nd API call where I use the token from the above call, I'm getting the "Unable to validate the access token" for just about all end-points I checked. Below is one where I'm calling the System Diagnostics end point and returns the error.

curl 'https://<nifi-server>:8077/nifi-api/system-diagnostics' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJjbj1SUkJvbGxhLG91PURhdGEgTWFuYWdlbWVudCxvdT1QT0Usb3U9UGVvcGxlLGRjPW1kYW5kZXJzb24sZGM9ZWR1IiwiaXNzIjoiTGRhcFByb3ZpZGVyIiwiYXVkIjoiTGRhcFByb3ZpZGVyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiUlJCb2xsYSIsImtpZCI6MzMsImV4cCI6MTQ5MjA5OTcyNiwiaWF0IjoxNDkyMDkyNTI2fQ.xIViD0Ea_fok6qV5ghnf65FPbO9Reh_MQxVG2Q1krl4%' --compressed --insecure

I checked the 2 posts about this error in HCC and per the suggestions there, 1) I made sure we have LDAP authentication enabled 2) I made sure I'm using the same server and port in both curl commands 3) I checked several API end points to rule out that my login does not have permissions to the specific API end point; I tried the following API end points and all of them return the same "Unable to validate the access token" error - flow/status, flow/history, flow/about, flow/search-results, processors/{id}

Do you guys see what's wrong with these API calls ?

Thanks in advance.

1 ACCEPTED SOLUTION

avatar
@Raj B

So, your basic flow is the sending systems pushes data to the load balancer and then the load balancer does a round robin approach to each node in the NiFi cluster?

What would the load balancer do if one of the nodes is down? Is it able to do automatic failover?

View solution in original post

19 REPLIES 19

avatar
Expert Contributor

@Wynner we are actually getting data in passive mode, it's being pushed to NiFi.

avatar

@Raj B

Are you using SFTP to push data?

avatar
Expert Contributor

@Wynner

our sending system pushes messages via TCP/IP and it's real-time, over 100+ messages per minute;

avatar
@Raj B

So, your basic flow is the sending systems pushes data to the load balancer and then the load balancer does a round robin approach to each node in the NiFi cluster?

What would the load balancer do if one of the nodes is down? Is it able to do automatic failover?

avatar
Expert Contributor

That's correct.

The load balancer can do heartbeat checks to see which node is alive or not and send messages to only the active nodes. It is for this heartbeat check that I wanted to make a rest API call to the NiFi nodes to see if the node is available or not.

Without LDAP/SSL it worked just fine, load balancer was able to heartbeat checks on the nodes, no issues in making the API call to NiFi node; it is only after adding LDAP/SSL that I'm having issues with the curl command to work.

avatar

@Raj B

If you are only looking for a heartbeat, the fact that you can get a token back should be enough. So, you only need the one curl command that works?

avatar
Expert Contributor
@Wynner

You're right, I didn't think about that.

But would receiving the API token by itself constitute that NiFi is up and running and fully functional ? I'm thinking yes (I'm not sure if a scenario is possible where you would get a token from an API call, but yet NiFi is not fully functional); I want to confirm that since we'll eventually be using that mechanism in our PROD environment.

avatar

@Raj B

I cannot see a situation where you would get a token back, but not be able to use NiFi.

avatar
Expert Contributor

@wynner, thanks for confirming;

and special thanks for following up with me on this question over the last few days and finally leading me to a solution that works.

avatar

Hi, How did you solve the issue with " Unable to validate the access token. "