GitHub user koenhendriks edited a comment on the discussion: createAccount fails with "unable to verify user credentials and/or request signature"
Hi @kiranchavala I'm the dev that calls the Cloudstack API from our application. Today we ran into this issue again. ## Creating Domain and Account using API We have successfully created a new domain using the API with the with the following request : ``` https://cloud.ourenv.nl/zone01_haa01/api?apikey=xxMASKEDxx&command=createDomain&parentdomainid=760d4f82-faaa-438c-8991-66b744253e08&response=json&name=cs21723270&signature=xxMASKEDxx ``` **Result:** ```json { "domain": { "haschild": false, "id": "42742c35-1681-4940-9772-04862a2cf034", "level": 3, "name": "cs21723270", "parentdomainid": "760d4f82-faaa-438c-8991-66b744253e08", "parentdomainname": "vps", "path": "ROOT/ourenv/vps/cs21723270", "secondarystoragetotal": 0 } } ``` All good, now we try to create a account in this domain with the request: ``` https://cloud.ourenv.nl/zone01_haa01/api?apikey=xxMASKEDxx&command=createAccount&domainid=42742c35-1681-4940-9772-04862a2cf034&email=actualuser%40gmail.com&firstname=Actual&lastname=User&password=test&response=json&roleid=e8a96c9c-8782-40ea-880a-59ca60029a98&username=cs21723270&signature=xxMASKEDxx ``` **Result:** ```json { "createaccountresponse": { "uuidList": [], "errorcode": 401, "errortext": "unable to verify user credentials and/or request signature" } } ``` **Notice:** I didn't actually masked the password, we did try this with literally `test` to ensure we didn't have some escaping issues on special characters / url encoding. ## Creating Domain and Account using Cloudmonkey Using Cloudmonkey we replicated the exact same command with the same result: ``` (our-env) 🐱 > create account domainid=42742c35-1681-4940-9772-04862a2cf034 email=actualu...@gmail.com firstname=Actual lastname=User password=test roleid=e8a96c9c-8782-40ea-880a-59ca60029a98 username=cs21723270 ``` **Result** ``` 🙈 Error: failed to authenticate, please check the credentials ``` ## Try from scratch with Cloudmonkey We also tried this flow freshly on cloudmonkey creating the domain + account: ``` (our-env) 🐱 > create domain name=test parentdomainid=760d4f82-faaa-438c-8991-66b744253e08 ``` **Result** ```json { "domain": { "haschild": false, "id": "2adaea80-0594-48e2-bc1f-696e1aa5f9c8", "level": 3, "name": "test", "parentdomainid": "760d4f82-faaa-438c-8991-66b744253e08", "parentdomainname": "vps", "path": "ROOT/ourenv/vps/test", "secondarystoragetotal": 0 } } ``` All good, now create a account under this domain using CMK: ``` create account domainid=2adaea80-0594-48e2-bc1f-696e1aa5f9c8 email=t...@gmail.com firstname=test lastname=tester password=test roleid=e8a96c9c-8782-40ea-880a-59ca60029a98 username=tester ``` **Result:** ``` 🙈 Error: failed to authenticate, please check the credentials ``` ## Extra Info ### Permissions The user that creates the domain and tries to create the account has the `createAccount` set to `allow` ### Role we try to use when creating account The role id we try to set on the exists: ``` (our-env) 🐱 > list roles id=e8a96c9c-8782-40ea-880a-59ca60029a98 ``` **Result** ```json { "count": 1, "role": [ { "description": "Cloud Customers", "id": "e8a96c9c-8782-40ea-880a-59ca60029a98", "isdefault": false, "ispublic": true, "name": "customers", "type": "DomainAdmin" } ] } ``` GitHub link: https://github.com/apache/cloudstack/discussions/11396#discussioncomment-14100968 ---- This is an automatically sent email for users@cloudstack.apache.org. To unsubscribe, please send an email to: users-unsubscr...@cloudstack.apache.org
