"
I just figured out, that the API responds with an 401 for the case the authentication is fine (regarding key/secret) but the API-Access hasn't been granted.
Easy to reproduce: just not allow the user/group access to
Type Name
GUI System: Firmware
https://docs.opnsense.org/development/how-tos/api.html
=> the API responds with an 401 ({"status":401,"message":"Authentication Failed"})
That's IMHO not the best solution possible according to https://www.rfc-editor.org/rfc/rfc7235.html:
Easy to reproduce: just not allow the user/group access to
Type Name
GUI System: Firmware
https://docs.opnsense.org/development/how-tos/api.html
=> the API responds with an 401 ({"status":401,"message":"Authentication Failed"})
That's IMHO not the best solution possible according to https://www.rfc-editor.org/rfc/rfc7235.html:
Code Select
A server that receives valid credentials that are not adequate to gain access ought to respond with the
403 (Forbidden) status code.
