AIO local action with error on aio-lib-state init and put function




I was trying to use the aio-lib-state and was running into different issues on my local maching.


Issues on "init"

first, I tryed to include just the sdk and init storage using the following code in my simple action:


const stateLib = require('@adobe/aio-lib-state')
const state = await stateLib.init()


but as soon as I trigger the action from the generic action UI, I get the following error in debugger:


error 403 - unauthorized request


it looks as it is trying to contact the Adobe API using the "guest" namespace.

To fix this, I updated "manifest.yml" to include the needed vars and provide them as params to my action:


THIS_AIO_runtime_auth: $AIO_runtime_auth
THIS_AIO_runtime_namespace: $AIO_runtime_namespace


 and in the action I changed the init to the following code:


const state = await stateLib.init({ ow: { namespace:params.THIS_AIO_runtime_namespace, auth:params.THIS_AIO_runtime_auth } })


Result: The error disappeared, it looks as if the init is successful...


Issues on state.put

as soon as I try to "put" or "get" using the following code:


await state.put('testKey','testValue')


 I get another error as soon as I trigger the rule:


/aio-lib-state:error {
  "sdk": "StateLib",
  "sdkDetails": {
    "key": "testKey",
    "value": "testValue",
    "options": {
      "ttl": 86400
  "code": "ERROR_FIREWALL",
  "message": "[StateLib:ERROR_FIREWALL] cannot access underlying DB provider because your IP is blocked by a firewall, please make sure to run in an Adobe I/O Runtime action"



Any hints how to solve this issue would really help 🙂


Remark: when I use just the init (without the params) and the same code I can "deploy" in the dev enivornment and run the action without any errors. so I believe there is really an issue somewhere in the connection between my local dev environment and the Adobe API endpoint ... 

Accepted Solutions (1)

Accepted Solutions (1)



Hi Urs, 


This is likely because the aio-lib-state (and aio-lib-file) only works within a Runtime namespace and not local environment. This is done as the tvm (token vending machine) that is used to initialize the service exchanges Runtime credentials for access to the service, and we added ip limitations for security reasons to ensure the service is only accessible from Firefly applications. If you deploy your actions this should work!



Answers (0)