Post API for bot using mattermost-preview docker image returns 401 error


Calling an API using a bot access token in docker mattermost-preview image (5.12.0) returns 401 Unauthorized even though the bot access token was used.

Steps to reproduce

  • Run command to start up mattermost-preview 5.12.0 server:
    docker run --name mattermost-preview -d --publish 8065:8065 --add-host dockerhost: mattermost/mattermost-preview:5.12.0
  • Add bot account by enabling Bot Accounts in Intergrations
  • Run the following commands to send a message using bot access token, the <channel-id>, <bot-access-token>, and <mattermost-url> has been replaced with the correct parameters
    curl -i -X POST -H 'Content-Type: application/json' -d '{"channel_id":"<channel-id>", "message":"This is a message from a bot", "props":{"attachments": [{"pretext": "Look some text","text": "This is text"}]}}' -H 'Authorization: Bearer <bot-access-token>' <mattermost-url>/api/v4/posts

Expected behavior

I assumed that the message would be posted in the channel that I selected.

Observed behavior

Status 401 Unauthorized was returned from the call and the following json object was outputted

{"id":"api.context.session_expired.app_error","message":"Invalid or expired session, please login again.","detailed_error":"","request_id":"dgg86moskjbm5km7zxo9uerday","status_code":401}

Inside the logs of the docker image the following line was found

{"level":"info","ts":1561294318.9415748,"caller":"mlog/log.go:164","msg":"Invalid session","error":"GetSession: Invalid session token=<bot-access-token>, err=<no value>, "}
1 Like

Same here. Have you been able to resolve the issue?

@andrey-yantsen @colorfusion When you created a bot account, two fields are created - the TOKEN ID and ACCESS TOKEN. I’m wondering if you by accident used the TOKEN ID as the bot access token? Token ID is the one recorded in the logs and shown in the Bot Accounts list.

To confirm it, you can create a new bot account and copy the token in the resulting “Setup successful” page, as attached below

Yeah, probably it’s related to Thanks.

1 Like