REST API - unauthorized
com.vmware.vapi.std.errors
unauthorized
unauthorized error indicates that the user is not authorized to perform the operation. API requests may include a security context containing user credentials. For example, the user credentials could be a SAML token, a user name and password, or the session identifier for a previously established session. Invoking the operation may require that the user identified by those credentials has particular privileges on the operation or on one or more resource identifiers passed to the operation.
Examples:
- The operation requires that the user have one or more privileges on the operation, but the user identified by the credentials in the security context does not have the required privileges.
- The operation requires that the user have one or more privileges on a resource identifier passed to the operation, but the user identified by the credentials in the security context does not have the required privileges.
Counterexamples:
- The SAML token in the request's security context has expired. A com.vmware.vapi.std.errors.unauthenticated error would be used instead.
- The user name and password in the request's security context are invalid. The com.vmware.vapi.std.errors.unauthenticated error would be used instead.
- The session identifier in the request's security context identifies a session that has expired. The com.vmware.vapi.std.errors.unauthenticated error would be used instead.
For security reasons, the com.vmware.vapi.std.errors.error.data field in this error is unset, and the com.vmware.vapi.std.errors.error.messages field in this error does not disclose why the user is not authorized to perform the operation. For example the messages would not disclose which privilege the user did not have or which resource identifier the user did not have the required privilege to access. The API documentation should indicate what privileges are required.
- Representations:
- 
                    
- Attributes:
- 
                            Name Type Required Description messages * List<localizable_message> Yes Stack of one or more localizable messages for human error consumers. The message at the top of the stack (first in the list) describes the error from the perspective of the operation the client invoked. Each subsequent message in the stack describes the "cause" of the prior message. data dynamic_structure No. Some operations will not set this field when reporting errors. Data to facilitate clients responding to the operation reporting a standard error to indicating that it was unable to complete successfully. Operations may provide data that clients can use when responding to errors. Since the data that clients need may be specific to the context of the operation reporting the error, different operations that report the same error may provide different data in the error. The documentation for each each operation will describe what, if any, data it provides for each error it reports. The com.vmware.vapi.std.errors.argument_locations, com.vmware.vapi.std.errors.file_locations, and com.vmware.vapi.std.errors.transient_indication structures are intended as possible values for this field. com.vmware.vapi.std.dynamic_ID may also be useful as a value for this field (although that is not its primary purpose). Some services may provide their own specific structures for use as the value of this field when reporting errors from their operations. 
Copyright © 2014. All Rights Reserved.
