Getting 401 unauthorized when using redmine API included the api key

Question

I am trying to use the redmine-api. I am using cURL command. However I am getting a 401 error(UnAuthorize).

I checked Enable REST API in Administration -> Settings -> API. I am using correct API Key. My account is system admin.

Here is version information.

Environment:
  Redmine version                4.2.6.stable
  Ruby version                   2.7.6-p219 (2022-04-12) [x86_64-linux]
  Rails version                  5.2.8
  Environment                    production
  Database adapter               Mysql2
  Mailer queue                   ActiveJob::QueueAdapters::AsyncAdapter
  Mailer delivery                smtp
SCM:
  Subversion                     1.14.1
  Mercurial                      5.6.1
  Bazaar                         3.1.0
  Git                            2.30.2
  Filesystem                     
Redmine plugins:
  _query                         0.0.5
  additional_tags                1.0.4
  additionals                    3.0.5.2
  easy_baseline                  1.4
  easy_gantt                     1.13
  easy_gantt_pro                 1.10
  plantuml_macro                 0.0.1
  redmine_absolute_dates         0.0.4
  redmine_agile                  1.6.4
  redmine_checklists             3.1.21
  redmine_extended_reminder      0.0.2
  redmine_github_hook            3.0.1
  redmine_issue_evm              5.6.1
  redmine_issue_templates        1.1.0
  redmine_lightbox               1.0.1
  redmine_mermaid_macro          1.0.1
  redmine_messenger              1.0.13
  redmine_msteams                0.2.0
  redmine_searchable_selectbox   0.1.10
  redmine_serial_number_field    3.0.0
  redmine_slack                  0.2
  redmine_theme_changer          0.6.0
  redmine_wiki_extensions        0.9.4
  redmine_wiki_lists             0.0.11
  redmine_work_time              0.4.1
  view_customize                 3.1.0

• Success

curl -sS -X GET -u [email protected]:password \
   'https://project-redmine.test.co.jp/test/projects.json'

• Failed pattern 1

curl -sS -X GET -H 'X-Redmine-API-Key:here-is-key' \
    'https://project-redmine.test.co.jp/test/projects.json'

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

• Failed pattern 2

curl -sS -X GET 'https://project-redmine.test.co.jp/test/projects.json?key=here-is-key'

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

Answer 1

I solved 401 myself. Basic auth is enabled in my redmine, so 'Authorization:Basic here-is-token' is required.

Here is example cURL.

curl -sS -X GET -H 'Authorization:Basic here-is-basic-token' \
-H 'X-Redmine-API-Key:here-is-key' 'https://project-redmine.test.co.jp/test-pj/projects.json'

How to get Basic token, here is example python code.

import base64

username = 'username'
password = 'password'
token = base64.b64encode(f'{username}:{password}'.encode()).decode()

header = {'Authorization': f'Basic {token}'}

print(header)

Answer 2

In windows console I did it with this command:

curl -v -X POST -H "Content-Type: application/json" -d "{"username":"username","password":"password!"}" "http://redmine/login"