cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3050
Views
1
Helpful
7
Replies

{ "code": 40103, "message": "Invalid signature in request credentials", "stat": "FAIL" }

vaibhavc1
Level 1
Level 1

I can do GET command successful via postman, in below resultset . but when try POST with everything same and adding parameters to body as username with x-www-form-urlencoded type. It shows below error.
{
“code”: 40103,
“message”: “Invalid signature in request credentials”,
“stat”: “FAIL”
}

what can cause it in Postman for POST request


7 Replies 7

Amy2
Level 5
Level 5

DuoKristina
Cisco Employee
Cisco Employee

Also, are you url encoding the params in the request? There is a third-party Postman public workspace that some people are using that doesn’t encode the key-value pairs.

Duo, not DUO.

Do you mean encode the Secret and Integration Key?

No, I mean the parameters you are trying to pass in on the POST.

From the Admin API doc:

When URL-encoding, all bytes except ASCII letters, digits, underscore ("_"), period ("."), tilde ("~"), and hyphen ("-") are replaced by a percent sign ("%") followed by two hexadecimal digits containing the value of the byte. For example, a space is replaced with “%20” and an at-sign ("@") becomes “%40”.

Like, username=testuser1@example.com should be URL encoded as username=testuser1%40example.com.

If using Postman, is the Postman pre-request script used handling URL-encoding of the parameters (is there a function to URL-encode the params)?

Duo, not DUO.

Thanks so much for responding! I really appreciate it!
I still can get past the sign-in. For the DUO, I have to use my phone to get in to the program as an admin when I log in. Do you think that might be the issue on my side with the API? I am really new to Java and I am learning it on the go. I am using Basic Auth to log in and I thought I followed the instruction on doing a HMAC on the five items in the documentation with the secret key to get the password.

I suggest you take a look at the duo_client_java demonstration client, which also shows signing.

Duo, not DUO.

Thanks! Really appreciate the help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links