Unauthorized access to TaskList APIs

yasmeenhesham · November 26, 2023, 11:14am

Hi All,

I am trying to access Tasklists APIs from Postman, but I am getting unauthorized. I use Self-managed Camunda 8 Local installation.

cURL
curl --location ‘http://localhost:8080/v1/tasks/search’ --header ‘Content-Type: application/json’ --header ‘Authorization: Basic ZGVtbzpkZW1v’ --data ‘{
“state”: “CREATED”
}’

I use Basic Authentication: demo/demo

Any idea?

savi003 · November 26, 2023, 3:01pm

First you have to get the access Token

curl --location 'http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=tasklist' \
--data-urlencode 'client_secret=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'audience=tasklist'

You can find the client_id and client_secret from identity application

then you can use the token to hit the tasklist apis

curl --location --request POST 'http://localhost:8082/v1/tasks/search' \
--header 'Authorization: Bearer <your token>' \
--data ''

Also don’t forget to provide the required access in identity otherwise you will get a 401 response while hitting the tasklist APIs

yasmeenhesham · November 26, 2023, 3:12pm

Hi @savi003

Thanks for your reply.

How can I install Identity locally in self-Managed Camunda, as per deocumentation Manual installation on local machine | Camunda 8 Docs, We can’t setup Identity locally.

Is there any misunderstanding from my side?

savi003 · November 27, 2023, 1:49am

Sorry I misunderstood your question, I thought you were using docker. I haven’t used the local installation method.

amir0082 · March 15, 2025, 2:04pm

Hello. I did what you say about this topic in postman but this message show me: “message”: “the provided claims are invalid”

yasmeenhesham · March 17, 2025, 8:10am

Can you please provide the cURL?
Also, Please check the tasklist permissions in Identity as mentioned above.

nathansandi · March 17, 2025, 11:45am

Hello,

As mentioned earlier, token-based authentication only works if you have an identity established.

If you’re using basic authentication (demo/demo), you can test requests by capturing the session cookie and including it in your Postman requests.

One way to do this is by calling the login endpoint in Postman, passing the demo user credentials, and authenticating through that. Once authenticated, you can retrieve the session cookie and use it in subsequent requests.