Expand my Community achievements bar.

Workfront App Client OAuth2 Machine to Machine Credentials returns 401 after Preview Refresh

Avatar

Level 1
Level 1
12/9/24 12:53:47 PM

We have set up a Workfront  API App Client OAuth2 with Machine to Machine Credentials in our Preview environment. We use this to call /integrations/oauth2/api/v1/jwt/exchange route and authenticate our API integration. This worked fine last week but after the weekly refresh to our preview environment we are receiving this response.

{
    "statusCode": 401,
    "error": true,
    "type": "Unauthorized",
    "message": "Request failed with status code 401: You are not currently logged in."
}
 
The refresh did not delete the existing App, its just not being authorized.
 
We can create a new app, generate creds and get those to work BUT we don't want our integration to break every time a refresh occurs and go through the steps to recreate the app. Does anyone have any insight into why this is happening, can be prevented or another solution?
Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Workfront Workfront API

Views

239

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
4 Replies

Avatar

Community Advisor
Community Advisor
12/10/24 9:29:38 AM

not quite sure how you are doing this but is it possible that whatever your credentials are, only exist in the sandbox? If so, it's working as intended (probably?). We usually generate credentials in the production environment and then wait until the refresh and the credentials show up in the sandbox after this.

Views

170

Replies

3
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
12/12/24 2:38:53 PM
In response to skyehansen

OK that's interesting. We are creating separate credentials in sandbox, preview and production. Each from different service accounts. We don't want our preview environment to have the same credentials as production because we don't want those credentials to have access to modify production resources. 

Views

124

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
12/12/24 2:43:42 PM
In response to DennisBa1

If I'm understanding you correctly, I think you will find that whichever service account you set up in production (last week) will now be in preview and whatever you have set up for authentication in production, will work in preview. (that's my guess)

Views

120

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
12/13/24 8:01:01 AM
In response to skyehansen

I don't think OAuth Apps and Client credentials are synchronized. For example, I just tested my prod API credentials are not authenticating to preview.

Nor do I want them to be. I don't think API credentials from a non-production environment should have access to a production environment - breaks least privilege best practices.

Views

100

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Task now ready to start notification when predecessor is in a different project Solved

Views

144

Like

1

Replies

1
Refreshing Sandbox with Workfront-Unable to Schedule Solved

Views

133

Likes

0

Replies

1
Is there a way to create a line break instead of comma in "Other Groups" column in user report Solved

Views

179

Likes

0

Replies

3
Power BI connectivity to Workfront

Views

31

Likes

0

Replies

1
Workfront Timesheets Overtime

Views

20

Likes

0

Replies

0