Forum Discussion
Error when working with the API
I want to pull a specific secret from a specific vault, but I can't do it. The token was created in the Service Account and made correctly, with access to read the required vault.
headers = {"Authorization": f"Bearer {OP_TOKEN}"}
url = f"https://api.1password.com/v1/vaults/{OP_VAULT_ID}/items/{OP_ITEM_ID}"
Response is:
403 Client Error: Forbidden for url: https://api.1password.com/v1/vaults/{OP_VAULT_ID}/items/{OP_ITEM_ID}
Where can be an issue?
We're using Teams Starter Pack
The query wouldn't be valid because 'api.1password.com' is not a valid URL as we do not have public facing APIs for the 1Password service. This is something we've definitely heard feedback for before so I can add your backing to the request.
At this time, your best option would be to setup a Connect Server for API calls specifically.
Alternatively, you could instead use a Service Account and our SDKs in your Lambda function which would connect directly to the 1Password service, just not through a standard REST API like the example you first posted. Below is an example pulling a secret from a vault using our Python SDK:
# Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points. value = await client.secrets.resolve( f"op://{created_item.vault_id}/{created_item.id}/username" ) print(value)
3 Replies
- estoler-ag
1Password Team
Hi valerykolganov,
Thanks for posting the question! Due to 1Password's security model and how we encrypt your data, you would want to setup a Connect Server to be able to programmatically access your vaults and items. Check out our docs here.
Ethan
- valerykolganovNew Contributor
It's possible! But I still would like to do it without a server, and use it directly.
My AWS Lambda function can't make a valid query, I want to figure it out- estoler-ag
1Password Team
The query wouldn't be valid because 'api.1password.com' is not a valid URL as we do not have public facing APIs for the 1Password service. This is something we've definitely heard feedback for before so I can add your backing to the request.
At this time, your best option would be to setup a Connect Server for API calls specifically.
Alternatively, you could instead use a Service Account and our SDKs in your Lambda function which would connect directly to the 1Password service, just not through a standard REST API like the example you first posted. Below is an example pulling a secret from a vault using our Python SDK:
# Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points. value = await client.secrets.resolve( f"op://{created_item.vault_id}/{created_item.id}/username" ) print(value)