When using the SearchStax APIs, we sometimes encounter a message saying:
{"detail":"API key is not valid for requested scope."}
What is the “Scope?”
The API Key mechanism allows certain non-SearchStax users to perform a specific set of API operations on specific deployments of a specific account. If you step outside of that scope, the API Key is not valid.
In a little more detail:
- You must be the Owner or an Admin of a Platinum or Platinum Plus account to generate an API Key.
- Use the Authentication API to create the API Key.
- The API Key by itself is not good for anything. The account Owner or an Admin must associate the API Key with a specific deployment.
- At this point, anyone who possesses the API Key (anyone at all) can use SearchStax Provisioning API methods to:
- Manage Solr Basic Auth users on that specific deployment.
- Manage Solr configurations on Zookeeper in that specific deployment.
Note that the API Key is good for absolutely nothing else.
Why is it Out of Scope?
An “out of scope” error usually means there is something wrong with the request.
- A client with this issue had forgotten to associate the API Key with his deployment.
- Another client associated the API Key with a deployment, but then tried to use it on a different deployment.
- Sometimes the deployment is ss123456, but people try to give the API a node number such as ss12345-4 instead.
- A client set up the API Key properly, but then tried to use it with an API method that does not accept API Key authentication.
- Another client set up the API Key correctly to manage Zookeeper configsets, but forgot to open an IP Filter granting access to Zookeeper.
- In another instance, someone used the name of a Solr core when the API expected the name of a Zookeeper configset.
Questions?
Do not hesitate to contact the SearchStax Support Desk.