Forum Discussion

valerykolganov's avatar
valerykolganov
New Contributor
14 days ago
Solved

Error when working with the API


I want to pull a specific secret from a specific vault, but I can't do it. The token was created in the Service Account and made correctly, with access to read the required vault.

headers = {"Authorization": f"Bearer {OP_TOKEN}"}
url = f"https://api.1password.com/v1/vaults/{OP_VAULT_ID}/items/{OP_ITEM_ID}"

Response is:
403 Client Error: Forbidden for url: https://api.1password.com/v1/vaults/{OP_VAULT_ID}/items/{OP_ITEM_ID}

Where can be an issue?
We're using Teams Starter Pack

  • estoler-ag's avatar
    estoler-ag
    14 days ago

    The query wouldn't be valid because 'api.1password.com' is not a valid URL as we do not have public facing APIs for the 1Password service. This is something we've definitely heard feedback for before so I can add your backing to the request.

    At this time, your best option would be to setup a Connect Server for API calls specifically.

    Alternatively, you could instead use a Service Account and our SDKs in your Lambda function which would connect directly to the 1Password service, just not through a standard REST API like the example you first posted. Below is an example pulling a secret from a vault using our Python SDK:

    # Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points.
    value = await client.secrets.resolve(
        f"op://{created_item.vault_id}/{created_item.id}/username"
    )
    print(value)

     

3 Replies

  • estoler-ag's avatar
    estoler-ag
    Icon for 1Password Team rank1Password Team

    Hi valerykolganov, 

    Thanks for posting the question! Due to 1Password's security model and how we encrypt your data, you would want to setup a Connect Server to be able to programmatically access your vaults and items. Check out our docs here.

    Ethan

    • valerykolganov's avatar
      valerykolganov
      New Contributor

      It's possible! But I still would like to do it without a server, and use it directly. 
      My AWS Lambda function can't make a valid query, I want to figure it out

      • estoler-ag's avatar
        estoler-ag
        Icon for 1Password Team rank1Password Team

        The query wouldn't be valid because 'api.1password.com' is not a valid URL as we do not have public facing APIs for the 1Password service. This is something we've definitely heard feedback for before so I can add your backing to the request.

        At this time, your best option would be to setup a Connect Server for API calls specifically.

        Alternatively, you could instead use a Service Account and our SDKs in your Lambda function which would connect directly to the 1Password service, just not through a standard REST API like the example you first posted. Below is an example pulling a secret from a vault using our Python SDK:

        # Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points.
        value = await client.secrets.resolve(
            f"op://{created_item.vault_id}/{created_item.id}/username"
        )
        print(value)