Error while executing UserAdd_API. Insecure argument passed

Modified on: Thu, 23 Jan, 2020 at 1:33 PM

Business Automation Business Automation:5.4 Business Automation:5.x

Symptoms

UserAdd_API request fails with the error:

<?xml version="1.0"?>
<methodResponse><fault>
<value><struct><member><name>faultCode</name><value><i4>-1</i4></value></member><member><name>faultString</name><value><string>SW5zZWN1cmUgYXJndW1lbnQgcGFzc2VkCgo=</string></value></member></struct></value>
</fault></methodResponse>

Cause

User password is specified in insecure form

Resolution

If API request returns an error, the error message is contained in the fault string; which is Base64 encoded. To decode it, please use some external sites like Base64 Decode.

SW5zZWN1cmUgYXJndW1lbnQgcGFzc2VkCgo= means "Insecure argument passed".

It is caused by the fact that user's password is specified without XXX prefix. Please refer to our documentation - UserAdd_API:

Important: Sensitive data is passed to the method. To avoid logging of sensitive data, the Password argument must be escaped as this described in the section Important: Avoid Sensitive Data Logging. Avoiding sensitive data is obligatory, otherwise request will fail.
...
To avoid logging of sensitive data during API calls to PBA, the "XXX" prefix should be added to the relevant arguments.

So it is necessary to add XXX in front of the password value and send API request again.

Internal content

Did you find it helpful? Yes No