I'm trying to follow the ActiveCollab API documentation for authentication https://developers.activecollab.com/api-documentation/index.html, and things are not adding up. I'm using SOAPUI as my testing client, although I get the same error in Postman.
I've tried hitting the /issue-token endpoint, and I've only been able to get a 500 error with the following response:
{
"type": "ValueError",
"message": "DOMDocument::loadXML(): Argument #1 ($source) must not be empty",
"code": 0
}
I came across this repo https://github.com/activecollab/activecollab-feather-sdk and realized that the web version needs to make two calls.
First to https://activecollab.com/api/v1/external/login then a 2nd to https://app.activecollab.com/{client #}/api/v1/issue-token-intent.
However, when I make the first call, I only get an intent_id in the JSON response
{"intent_id": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"}
all the other documentation/questions I've come across seem actually to get a full JWT. Is there a permission that my user needs to have in Active Collab to make API calls? I can't find anything in the portal.
Update I am getting the same Intent_id rather than a larger JSON using CURL
curl -d "email=myemail@email.com&password=12345" https://activecollab.com/api/v1/external/login --ssl-no-revoke
returns
{"intent_id": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"}
The issue is that the first call to /api/v1/external/login returns intent, not intent_id along with instances your user belongs to.
I have reproduced the error by sending intent_id instead of intent to /api/v1/issue-token-intent. So just by correcting this, you should be good.
EDIT:
You have 2FA turned on.
You do the first request the same:
POST https://activecollab.com/api/v1/external/login
{
"email":"email@email.com",
"password": "password"
}
Then the intend_id that you got from that response send to the same endpoint along with authenticator code.
POST https://activecollab.com/api/v1/external/login
{
"intent_id": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"code": "XXXXXX"
}