autodesk-forgeautodesk-realitycapture

"Token does not have the privilege for this request" when trying to create a photoscene


I am trying to create a photoscene. But I am getting an authentication error. I can't tell from the examples what I am doing wrong.

I ran this curl command:

curl -v 'https://developer.api.autodesk.com/photo-to-3d/v1/photoscene' -X 'POST' -H 'Content-Type: application/json' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsImtpZCI6Imp3dF9zeW1tZXRyaWNfa2V5In0.eyJ1c2VyaWQiOiJZUlZNSlNFNTdFVzMiLCJleHAiOjE1MzMwNjMxNzYsInNjb3BlIjpbImRhdGE6cmVhZCJdLCJjbGllbnRfaWQiOiJIQXFEdEtPN1ZidVJnSDBuTDBNRkowQjAyRWxCRUszbCIsImdyYW50X2lkIjoiZTdhdzM5bnNvU3ZIZVZrQ2w4SzhKUWt1WDVqaWJWU0siLCJhdWQiOiJodHRwczovL2F1dG9kZXNrLmNvbS9hdWQvand0ZXhwNjAiLCJqdGkiOiJBNlYyYUppRGpiWlU5bWVqeTJqdEpXUnh3OE9Td1JZTmpxbVBmNHlYZUhseERWVDRIVVVhOVpEMXp2VldWWHFhIn0.O-uBTW5ydubECaSecFa6lfIfU0oPAslCMcJ0r6ww4Zo' -d 'scenename=test_20180731110556' -d 'format=rcm,rcs,obj,report'  -d 'scenetype=object' -d 'gpstype=precise'  2> /tmp/test_20180731110556

I get this error message in STDOUT:

Token does not have the privilege for this request.

And this in STDERR:

  • Hostname was NOT found in DNS cache % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 52.40.81.206...
  • Connected to developer.api.autodesk.com (52.40.81.206) port 443 (#0)
  • successfully set certificate verify locations:
  • CAfile: none CApath: /etc/ssl/certs
  • SSLv3, TLS handshake, Client hello (1): } [data not shown]
  • SSLv3, TLS handshake, Server hello (2): { [data not shown]
  • SSLv3, TLS handshake, CERT (11): { [data not shown]
  • SSLv3, TLS handshake, Server key exchange (12): { [data not shown]
  • SSLv3, TLS handshake, Server finished (14): { [data not shown]
  • SSLv3, TLS handshake, Client key exchange (16): } [data not shown]
  • SSLv3, TLS change cipher, Client hello (1): } [data not shown]
  • SSLv3, TLS handshake, Finished (20): } [data not shown]
  • SSLv3, TLS change cipher, Client hello (1): { [data not shown]
  • SSLv3, TLS handshake, Finished (20): { [data not shown]
  • SSL connection using ECDHE-RSA-AES128-GCM-SHA256
  • Server certificate:
  • subject: businessCategory=Private Organization; 1.3.6.1.4.1.311.60.2.1.3=US; 1.3.6.1.4.1.311.60.2.1.2=Delaware; serialNumber=2401504; C=US; ST=California; L=San Rafael; O=Autodesk, Inc.; OU=IPG - Core Services; CN=developer.api.autodesk.com
  • start date: 2018-03-09 00:00:00 GMT
  • expire date: 2019-04-20 12:00:00 GMT
  • subjectAltName: developer.api.autodesk.com matched
  • issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
  • SSL certificate verify ok.

  • POST /photo-to-3d/v1/photoscene HTTP/1.1 User-Agent: curl/7.35.0

  • Host: developer.api.autodesk.com Accept: / Content-Type:
  • application/json Authorization: Bearer
  • eyJhbGciOiJIUzI1NiIsImtpZCI6Imp3dF9zeW1tZXRyaWNfa2V5In0.eyJ1c2VyaWQiOiJZUlZNSlNFNTdFVzMiLCJleHAiOjE1MzMwNjMxNzYsInNjb3BlIjpbImRhdGE6cmVhZCJdLCJjbGllbnRfaWQiOiJIQXFEdEtPN1ZidVJnSDBuTDBNRkowQjAyRWxCRUszbCIsImdyYW50X2lkIjoiZTdhdzM5bnNvU3ZIZVZrQ2w4SzhKUWt1WDVqaWJWU0siLCJhdWQiOiJodHRwczovL2F1dG9kZXNrLmNvbS9hdWQvand0ZXhwNjAiLCJqdGkiOiJBNlYyYUppRGpiWlU5bWVqeTJqdEpXUnh3OE9Td1JZTmpxbVBmNHlYZUhseERWVDRIVVVhOVpEMXp2VldWWHFhIn0.O-uBTW5ydubECaSecFa6lfIfU0oPAslCMcJ0r6ww4Zo
  • Content-Length: 88 } [data not shown]
  • upload completely sent off: 88 out of 88 bytes
  • HTTP/1.1 403 Forbidden < Access-Control-Allow-Credentials: true
  • Access-Control-Allow-Headers:
  • Session-Id,Content-Length,Accept-Encoding,x-ads-acm-check-groups,Content-Encoding,x-ads-acm-namespace,Content-Type,If-Modified-Since,Range,Accept,x-ads-acm-groups,Content-Range,x-requested-with,Expect,Access-Control-Allow-Credentials,If-None-Match,Access-Control-Allow-Origin,x-csrf-token,x-ads-test,Authorization,If-Match
  • Access-Control-Allow-Methods: POST,GET,OPTIONS,HEAD,PUT,DELETE,PATCH
  • Access-Control-Allow-Origin: < Content-Type: text/plain < Date: Tue,
  • 31 Jul 2018 18:05:56 GMT < Content-Length: 51 < Connection: keep-alive
  • { [data not shown] 100 139 100 51 100 88 80 138
  • --:--:-- --:--:-- --:--:-- 138
  • Connection #0 to host developer.api.autodesk.com left intact

My original request to create an access token was:

https://developer.api.autodesk.com/authentication/v1/authorize?response_type=token&client_id=HAqDtKO7VbuRgH0nL0MFJ0B02ElBEK3l&redirect_uri=http%3A%2F%2prod.sonautics.com/oauth/callback.php&scope=data:read%20data:write%20data:create%20"\n\n

Solution

  • This is caused by use of a three-legged token in your request.

    Even if there is no explicit mention in documentation regarding this, for Reality Capture API calls you should always use the two-legged tokens.

    By the way, to facilitate experiments with Reality Capture API I created a while ago a Postman collection that you can find here (and if needed it can show requests as curl calls).

    That very collection also contains some undocumented calls,
    described in The Hitchhiker's Guide to ... Reality Capture API blog post.