authorization using the Authorization Code

[Cragdoo]

Trying to work with V11 REST APIs, I can get it working with username/password grant type but looking at the authorisation code way ....stuck trying to figure out how to form the request to get initial authorisation code. Following the instructions here https://helpcenter.veeam.com/docs/backu ... ml?ver=110

in the Authorization header — currently valid access token in the Bearer <access_token> format

I need specify an access token in the authorisation header to get the access code, but I need the authorisation code to get the access token ??? Do I just use grant_type=password to get the initial access token, then use that to then generate an access code? Am I missing something?

[Natalia Lupacheva]

Hi Craig,

Yes, you need to use a password to get an authorization code and then, when you get auth code, you can use it.
So you can first put grant_type = password to get authorization code and then change grant_type to use the value you've got on the first step.

Thanks!

[oleg.feoktistov]

Natalia is correct. However, I tested it in postman and it doesn't work that way. Sending an access token to /api/oauth2/authorization_code, I get 401 Unauthorized error. Though the token is valid and non-expired. I'm going to recheck it with QA the coming week and let you know on the outcome. Thanks!

[Cragdoo]

Thanks Oleg, funny you should mention the 401 error, I've been working with Squared Up and their API dashboards, and noticing when the API token expires, and we regenerate a new session token, a 403 is being return. Got their SEs looking from a Squared Up perspective, but if you're seeing similar issues with the Veeam API, could be related.

[oleg.feoktistov]

Not sure about Squared Up API, never used it. I think it could be anything.
As for our issue, we confirmed it as a bug, and the plan is to fix it in vNext. Thanks!