https://prefect.io logo
Title
a

Ashley Felber

01/12/2023, 6:00 PM
Hello, I have an agent set up on ECS. Before the holidays, it was working. I took down the service over the holidays since we're still in testing mode. I just created the service again and the task failed. It says 'httpx.HTTPStatus*Error*: Client error '401 Unauthorized' for url 'https://api.prefect.cloud/api/accounts/9fa02386-8bdd-4319-8000-fc4fa159acd7/workspaces/80e576e4-51f4-4634-a38a-beaa75bac5b9/flow_runs/filter'
1
Also when I try to just run a flow locally, it says Client error '401 Unauthorized' for url 'https://api.prefect.cloud/api/accounts/9fa02386-8bdd-4319-8000-fc4fa159acd7/workspaces/80e576e4-51f4-4634-a38a-beaa75bac5b9/health'
c

Christopher Boyd

01/12/2023, 6:30 PM
did your API key change?
a 401 is explicitly you are not allowed
a

Ashley Felber

01/12/2023, 6:32 PM
The API key has not change that I know. In the logs it shows the agent started, it just failed with the error at the step of check for flow runs. Also, the API key wouldn't affect the local run right? Seems strange that both are getting the 401 error.
c

Christopher Boyd

01/12/2023, 6:33 PM
if your local run is still configured with a cloud based API url, absolutely
it’s still trying to reach out to the API
trying to reproduce for you, without specifying anything in the headers, I get a 403, testing to put a bad api key in now
You can try this:
curl -v -H 'Authorization: Bearer <replace with your api key>' <https://api.prefect.cloud/api/accounts/9fa02386-8bdd-4319-8000-fc4fa159acd7/workspaces/80e576e4-51f4-4634-a38a-beaa75bac5b9/health>
With a good API key, I get back:
HTTP/2 200
date: Thu, 12 Jan 2023 18:46:52 GMT
server: istio-envoy
content-length: 4
content-type: application/json
x-envoy-upstream-service-time: 12
via: 1.1 google
content-security-policy: default-src 'none'; object-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-permitted-cross-domain-policies: none
referrer-policy: same-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

true%
With a bad api key:
HTTP/2 401
date: Thu, 12 Jan 2023 18:48:04 GMT
server: istio-envoy
x-deny: ext-authz
content-length: 47
content-type: application/json
x-envoy-upstream-service-time: 12
via: 1.1 google
content-security-policy: default-src 'none'; object-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-permitted-cross-domain-policies: none
referrer-policy: same-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

{"detail":"Invalid authentication credentials"}%
a

Ashley Felber

01/12/2023, 7:00 PM
Thanks for your help. The API key for the agent was expired so I updated and it's working. I'm not sure what was going on locally but I just reauthenicated my local profile and now that works as well.
🙌 1