Client credentials flow for technical user


we want to use a technical user for our external application to get access to the dataevents and the data of a project.

For this we have create a technical user with the owner role and we have used the OAuth client credentials flow with the scope “pantaris:api-v2” to get a access token in the form of a Bearer token.

The problem now is that i can use this Bearer to acces for example “”(200) but i have no rights on “”(401) and i also can not get a dataEventToken(403).
Is there anything I am doing wrong, maybe i use the wrong scope or is this not working with the technical user?

NOTE: We test it on pantaris LATEST.

Thanks in advandace for all help.

1 Like

Hi @christian.eppler and welcome in the forum,

right now the service-accounts are only implemented on api-v2 and third-party IAM.

So access/permission errors on other service like the file-service and data-events are fine.

Gona add this points to our todo-list before releasing this feature, if they are not already there :+1:

@thomas.schuerle Ok thanks for the fast answer. Is there a source of information where I can see if this change is implemented?

Another question which is connected to this is. It seem to me that the AMQP data event connection not work anymore since today?

Thanks in advance.

We provide information about changes here: Documentation | PANTARIS and for app-developers also deprecation notes here: Deprecations - PANTARIS.
However, we do not provide change information on test and staging system (like pantaris-latest).

Today we changed our infrastructure provider on latest. Looks like the interface has broken during that change. Will post an update, once working again. (Funny enaugh it’s still working on https)

1 Like

Is there any news, if AMQP is working again on

Yes, It’s working since yesterday evening again @marcel.mager

Hello @thomas.schuerle with the normal user token i was able to setup a AMQP connection on latests (until i can use the technical user). But i can not connect to but if i look here Documentation | PANTARIS it should exist there. Or do i understand it not correct and this feature is not deployed on prod?

no, it’s not available on production yet

Only to be sure what ist then the meaning of:
cite: * API: Add AMQP interface for data-event (Documentation | PANTARIS)
In this case only an interface without the functionality?

My last post was a bit short, sorry for the confusion. It’s was meant on the whole aspects of this topic including the Oauth things.

  • Service accounts / OAuth are limited to latest yet
  • AMQP-Interface was available on production, but is facing issues right now. Which are expected to be fixed on the next release at 17th of June
1 Like

AMQP is working again

1 Like

How do you guys create a Token with the auth flow? I am trying this in Thunderclient/Postman with the following configuration. But I still get NOT_AUTHORIZED when I try to fetch devices or projects. What am I doing wrong?

NOT_AUTHORIZED indicates the token was either not given or invalid or given in a wrong way.

From your screen, I assume you need to change Token Prefix from Token to Bearer. The token prefix is used for calponia tokens while oauth tokens are given with Bearer

Ok thanks for the advice. Now I get another error.

trying to fetch project information{ID}

  "error": {
    "id": "4147ef01cac10bb4532512776d83114d",
    "status": 500,
    "title": "An unexpected error occurred",
    "detail": "An unexpected error occurred while processing this request (4147ef01cac10bb4532512776d83114d)"

Technical user is owner of the project.
Anything that i missed?

I could reproduce the error. We’re analyzing it. I’ll keep you posted.

This error should be resolved by now. :fireworks:

1 Like

There is error when request to API with tech user OAuth token:

“error”: {
“status”: 403,
“title”: “Permission to execute this request was denied”,
“detail”: “The authorized user does not have the permission to execute this request.”

Another API works fine. Does this endpoint support OAuth authentication?

No, this endpoint does not support OAuth authentication, but you can simply connect to data-events using a valid Oauth token.

Hello Thomas,

I tried to subscribe for AMQP endpoint with OAuth token obtained for technical user.
But received next exception:

RabbitMQ.Client.Exceptions.AuthenticationFailureException: ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN. For details see the broker logfile.

Do you have any documentation about how to access data events with tech user? Is any specific scope should be requested for token?

Pretty much the same, like with other tokens.

  1. Obtain a token with
        client_id: technicalUser.clientId,
        client_secret: technicalUser.clientSecret!,
        scope: `pantaris:api-v2`,
        grant_type: 'client_credentials',

and pass it as username to the exchange. See docs for informations like URLs.