[arin-tech-discuss] Would anybody explain what Unauthorized means?

Zhao, Sean Sean.Zhao at CenturyLink.com
Mon Jan 19 14:34:17 EST 2015 

Thanks a lot Garth!
I understand now! :)

Thanks

Sean Zhao
sean.zhao at centurylink.com

From: Garth Dubin [mailto:gdubin at arin.net]
Sent: Monday, January 19, 2015 12:15 PM
To: Zhao, Sean; 'arin-tech-discuss at arin.net'
Subject: RE: [arin-tech-discuss] Would anybody explain what Unauthorized means?

Sean,

I believe the reason behind these different errors is because in the first case, involving 198.36.189.64/29, you were trying to reassign the entire block.  Since the entire block was held by another organization, you got an unauthorized message.

In the second case, you still control the majority of the block.  However you previously reassigned some ranges within it.  The one I found was 65.127.10.176/29 but there may be others.  So in this case you have permission for the start IP you specified but there are networks within the range that have already been reassigned.

I hope this helps explain it.  Let me know if you have further questions.

Regards,

Garth Dubin
Software Integration Manager

________________________________
From: Zhao, Sean [Sean.Zhao at CenturyLink.com]
Sent: Monday, January 19, 2015 11:10 AM
To: Garth Dubin; 'arin-tech-discuss at arin.net'
Subject: RE: [arin-tech-discuss] Would anybody explain what Unauthorized means?
Thanks Garth!!

                If this is the reason, I have one more question regarding the same issue.

                I try to assign https://www.ote.arin.net/rest/net/NET-65-112-0-0-1/reassign?apikey=MYAPIKEY. Payload is
<net xmlns="http://www.arin.net/regrws/core/v1">
  <netBlocks>
    <netBlock>
      <cidrLength>27</cidrLength>
      <startAddress>65.127.10.160</startAddress>
      <type>S</type>
    </netBlock>
  </netBlocks>
  <netName>Q0119-65-127-10-160</netName>
  <orgHandle>CBC-208</orgHandle>
  <originASes>
    <originAS>209</originAS>
  </originASes>
  <parentNetHandle>NET-65-112-0-0-1</parentNetHandle>
  <version>4</version>
</net>

                It is exactly same case as I tried to assign 198.36.189.64/29 before, except the ip and mask no are different. I should get same "The API key is not authorized to make that request." , Response code is 401,Response message is Unauthorized.
But instead I got,

Response code is 400,
Response message : Bad Request
And response xml from Arin
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<error xmlns="http://www.arin.net/regrws/core/v1">
<add  itionalInfo/><code>E_ENTITY_VALIDATION</code>
<components>
<component>
<message>IP range overlaps with existing network(s).</message>
<name>startAddress</nam  e>
</component>
</components>
<message>Payload entity failed to validate; see component messages for details.</message>
</error>

They both, 65.127.10.160/27 and 198.36.189.64/29 are assigned to CBC-208. And I tried to assign both netBlocks to another company wrongly. I should get same error messages for both transaction. Correct?

Thanks

Sean Zhao
sean.zhao at centurylink.com<mailto:sean.zhao at centurylink.com>

From: Garth Dubin [mailto:gdubin at arin.net]
Sent: Monday, January 19, 2015 10:49 AM
To: Zhao, Sean; 'arin-tech-discuss at arin.net'
Subject: RE: [arin-tech-discuss] Would anybody explain what Unauthorized means?

Sean,

The authorization scheme currently just verifies whether you have permission to reassign the specified block.  Since it's already been reassigned to another organization, you technically do not have permission to reassign it again.  If you want to reassign it to a new party, you'd have to delete the existing reassignment and perform the reassign call again.

As for the error handling, I see your point and we can investigate how to make the messaging more detailed in a future release.  Please file an ACSP regarding the error messaging in the registration system so that we can track this request and prioritize along with other suggested improvements.  The form can be found here:

https://www.arin.net/public/acsp/index.xhtml

Regards,

Garth Dubin
Software Integration Manager

________________________________
From: arin-tech-discuss-bounces at arin.net<mailto:arin-tech-discuss-bounces at arin.net> [arin-tech-discuss-bounces at arin.net] on behalf of Zhao, Sean [Sean.Zhao at CenturyLink.com]
Sent: Monday, January 19, 2015 9:39 AM
To: Zhao, Sean; Jon Worley; 'arin-tech-discuss at arin.net'
Subject: Re: [arin-tech-discuss] Would anybody explain what Unauthorized means?
Just wonder if there is any luck there?

Thanks

Sean Zhao
sean.zhao at centurylink.com<mailto:sean.zhao at centurylink.com>

From: Zhao, Sean
Sent: Tuesday, January 13, 2015 9:36 AM
To: 'Jon Worley'; 'arin-tech-discuss at arin.net'
Subject: RE: [arin-tech-discuss] Would anybody explain what Unauthorized means?

Yes
url: https://www.ote.arin.net/rest/net/NET-198-36-189-64-1/reassign?apikey=MY-API-KEY
method is PUT
payload is

<?xml version="1.0" encoding="UTF-8"?>

<net xmlns="http://www.arin.net/regrws/core/v1">
  <netBlocks>
    <netBlock>
      <cidrLength>29</cidrLength>
      <startAddress>198.36.189.64</startAddress>
      <type>S</type>
    </netBlock>
  </netBlocks>
  <netName>Q0113-198-36-189-64</netName>
  <orgHandle>CBC-208</orgHandle>
  <originASes>
    <originAS>209</originAS>
  </originASes>
  <parentNetHandle>NET-198-36-189-64-1</parentNetHandle>
  <version>4</version>
</net>

Response code is 401
Response message is Unauthorized
The xml returned by Arin is

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<error xmlns="http://www.arin.net/regrws/core/v1">
<additionalInfo/>
<code>E_AUTHENTICATION</code>
<components/>
<message>The API key is not authorized to make that request.</message>
</error>



Thanks

Sean Zhao
sean.zhao at centurylink.com<mailto:sean.zhao at centurylink.com>

From: Jon Worley [mailto:jonw at arin.net]
Sent: Monday, January 12, 2015 5:43 PM
To: Zhao, Sean; 'arin-tech-discuss at arin.net'
Subject: Re: [arin-tech-discuss] Would anybody explain what Unauthorized means?

Hello Sean,

Can you please send the payload/URL to us via Ask ARIN?  It's difficult for us to give you an exact answer without looking at the full context.

If you have any further questions, comments, or concerns please respond to this message or contact me directly.

Regards,

Jon Worley
Principal Technical Analyst
ARIN Registration Services
https://www.arin.net/
hostmaster at arin.net<mailto:hostmaster at arin.net>
703.227.0660

From: <Zhao>, Sean <Sean.Zhao at CenturyLink.com<mailto:Sean.Zhao at CenturyLink.com>>
Date: Monday, January 12, 2015 at 11:45 AM
To: "'arin-tech-discuss at arin.net<mailto:'arin-tech-discuss at arin.net>'" <arin-tech-discuss at arin.net<mailto:arin-tech-discuss at arin.net>>
Subject: [arin-tech-discuss] Would anybody explain what Unauthorized means?

Hi,
                I was trying to swip an ip 198.36.189.64/29. I was expecting an error return from Arin because this ip has been assigned already. But when I was trying to assign this ip, the error message I got from Arin is
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<error xmlns="http://www.arin.net/regrws/core/v1"<http://www.arin.net/regrws/core/v1%22>>
<additionalInfo/><code>E_AUTHENTICATION</code>
<components/>
<message>The API key is not authorized to make that request.</message>
</error>

Somehow that does not make sense to me because this was assigned by me last week. That means I do have good APIKEY. I am trying to work on the error handling. So I am expecting to get error like "this ip has been assigned already" or "overlaps with existing network(s)".

Thanks

Sean Zhao
sean.zhao at centurylink.com<mailto:sean.zhao at centurylink.com>

This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-tech-discuss/attachments/20150119/df86d6c3/attachment.html>

More information about the arin-tech-discuss mailing list