POST ListCorpora endpoint gives 401 error

the API endpoint POST /v1/list-corpora returns a 401.
I have tried this with both an API key and OAUTH key and get the same “JWT Token failed to authenticate” message. I have used the API key successfully with the query gRPC so I know it is correct.

Am I missing something on my end or does my account need special permission to get this endpoint?

api_key = "my-api-key"

headers = {
  "Content-Typ": "application/json",
  "Accept": "application/json",
  "Authorization": f"{api_key}",
  "customer-id": f"{VECTARA_CUSTOMER_ID}"
}
base_url = "https://api.vectara.io/"
corpora_url = "v1/list-corpora"

payload = json.dumps({
  "filter": "string",
  "numResults": 0,
  "pageKey": "string"
})

response = requests.request("POST", f"{base_url}{corpora_url}", headers=headers, data=payload)

response.text
'{"code":16,"message":"JWT Token failed to authenticate.","details":[]}'

Hey there @that1guy15 , and welcome!

Just quickly (this is unrelated to the error you’re seeing) but Content-Typ should read Content-Type. Also, you’ll want to double check that you have a valid string for filter and pageKey in the payload object (or just drop these; they can be empty) and presumably you want some non-zero number for numResults as well.

In terms of authentication/authorization, as you note there are 2 types that Vectara supports: API key and OAuth. We haven’t enabled API key authentication for administrative actions (such as listing corpora), so for this particular API, you’ll need to use OAuth. When using OAuth tokens, you’ll need Authorization: Bearer <token>. The token you use there/that the OAuth service returns is a JWT token which should start with the characters ey if you look at it. e.g. your Authorization header should look something like Authorization: Bearer eyJ....

(If/when you use API keys for other APIs like adding content to a corpus or searching, you’ll want to drop the Authorization header entirely and instead have an x-api-key header.)

One other point is that you have to make sure that the identity you are authenticating as (the App Client or the API Key) needs to have proper permissions.

  • For list-corpora to work, the App Client should have at least CORPUS_ADMIN/COR role.

  • For query to work, the App Client should have at least QRY role on that corpus, and the Api Key should have that corpus added to it when you create the key.

Got it working. It was a combination of not having the right formate for the Authorization header and missing the right permissions on the API key like @justin mentioned below.

Thanks for the quick response!

1 Like