Forum Discussion

New Contributor

14 days ago

Solved

Error when working with the API

I want to pull a specific secret from a specific vault, but I can't do it. The token was created in the Service Account and made correctly, with access to read the required vault.

headers = {"Authorization": f"Bearer {OP_TOKEN}"}
url = f"https://api.1password.com/v1/vaults/{OP_VAULT_ID}/items/{OP_ITEM_ID}"

Response is:
403 Client Error: Forbidden for url: https://api.1password.com/v1/vaults/{OP_VAULT_ID}/items/{OP_ITEM_ID}

Where can be an issue?
We're using Teams Starter Pack

estoler-ag
14 days ago
The query wouldn't be valid because 'api.1password.com' is not a valid URL as we do not have public facing APIs for the 1Password service. This is something we've definitely heard feedback for before so I can add your backing to the request.
At this time, your best option would be to setup a Connect Server for API calls specifically.
Alternatively, you could instead use a Service Account and our SDKs in your Lambda function which would connect directly to the 1Password service, just not through a standard REST API like the example you first posted. Below is an example pulling a secret from a vault using our Python SDK:
# Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points. value = await client.secrets.resolve( f"op://{created_item.vault_id}/{created_item.id}/username" ) print(value)

3 Replies

estoler-ag
1Password Team
14 days ago
Hi valerykolganov,
Thanks for posting the question! Due to 1Password's security model and how we encrypt your data, you would want to setup a Connect Server to be able to programmatically access your vaults and items. Check out our docs here.
Ethan
- valerykolganov
  New Contributor
  14 days ago
  It's possible! But I still would like to do it without a server, and use it directly.
  My AWS Lambda function can't make a valid query, I want to figure it out
  - estoler-ag
    1Password Team
    14 days ago
    The query wouldn't be valid because 'api.1password.com' is not a valid URL as we do not have public facing APIs for the 1Password service. This is something we've definitely heard feedback for before so I can add your backing to the request.
    At this time, your best option would be to setup a Connect Server for API calls specifically.
    Alternatively, you could instead use a Service Account and our SDKs in your Lambda function which would connect directly to the 1Password service, just not through a standard REST API like the example you first posted. Below is an example pulling a secret from a vault using our Python SDK:
    # Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points. value = await client.secrets.resolve( f"op://{created_item.vault_id}/{created_item.id}/username" ) print(value)

Forum Discussion

Error when working with the API

3 Replies

Recent Discussions

Can't download attachment on 1P: integrity ash error

How to Use 1Password Connect with Docker Compose workloads?

How do I use the SSH agent in headless Linux?

Copy secret reference (using ID values)

authorization timeout when using CLI