API 401 Unauthorized - Cannot handle token with nbf prior to xxx

andyrav · Post by **andyrav** » Sat Jun 15, 2024 10:16 pm

Hi
the following was working in V2023, now failing in 2024.
I have emailed 2fa email, does this cause a issue.
I can get the token ok
put when i try and do a post, response is null

$url = "https://xxxx.net/api/";
$ch2 = curl_init();
$data = array(
	"method" => 'post',
	"reference" => rand(5, 15),
	"formdata" => json_encode($details),
);
curl_setopt($ch2, CURLOPT_URL, $url . 'add/tablename');
curl_setopt($ch2, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch2, CURLOPT_POST, 1);
curl_setopt($ch2, CURLOPT_POSTFIELDS, json_encode($data));
$headers = array();
$headers[] = 'X-Authorization: '.$token['JWT'];
$headers[] = 'Content-Type: application/json';
curl_setopt($ch2, CURLOPT_HTTPHEADER, $headers);
$result = curl_exec($ch2);
$errNo = curl_errno($ch2);
if ($errNo !== 0) {
	throw new NetworkException(curl_error($ch2), $errNo);
}
// check HTTP status code
$http_code = curl_getinfo($ch2, CURLINFO_HTTP_CODE);
curl_close($ch2);
$res = json_decode($result);

any ideas?
thanks

andyrav · Post by **andyrav** » Sat Jun 15, 2024 10:37 pm

old SSL session ID is stale, removing
Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Sat, 15 Jun 2024 14:35:46 GMT
< Server: Apache/2.4.58 (Ubuntu)
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
< Access-Control-Allow-Headers: X-Requested-With, Origin, X-Authorization
< Access-Control-Allow-Credentials: true
< Set-Cookie: PHPSESSID=ejfu256a24mc7ie46akfu6qccs; path=/; Secure; HttpOnly; SameSite=Strict;
< Transfer-Encoding: chunked
< Content-Type: application/json
<
Connection #0 to host xxx.xxx.net left intact
object(stdClass)#3 (3) {
["failureMessage"]=>
string(62) "Cannot handle token with nbf prior to 2024-06-15T14:35:56+0000"
["success"]=>
bool(false)
["version"]=>
string(7) "24.12.0"
}

Is is somthing do to with timezone?

timedatectl
Local time: Sat 2024-06-15 15:28:08 BST
Universal time: Sat 2024-06-15 14:28:08 UTC
RTC time: Sat 2024-06-15 14:28:08
Time zone: Europe/London (BST, +0100)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no

arbei · Post by **arbei** » Sun Jun 16, 2024 10:26 am

andyrav wrote:

$headers[] = 'X-Authorization: '.$token['JWT'];

Where is the $token['JWT'] from?

andyrav · Post by **andyrav** » Sun Jun 16, 2024 12:21 pm

I have another curl command above to get the token.
Which works find.

Do you have a working example for using php curl to login and add a record.
Thanke

arbei · Post by **arbei** » Sun Jun 16, 2024 4:49 pm

andyrav wrote:

I have another curl command above to get the token.

You better double check that command and make sure the token is created correctly with the expected time or timezone. Make sure the token is retrieved from the same API from the same server or you may have time difference. (The error message clearly said that "Cannot handle token with nbf prior to 2024-06-15T14:35:56+0000".) Also double check your advanced setting API expire time after login (seconds).

Otherwise everything is done on the same server and there should no timeout issue. Also don't try to store the JWT token longer than the expiry time. You may post your complete code for discussion.

andyrav · Post by **andyrav** » Mon Jun 17, 2024 9:28 pm

Many thanks, working now was API access time after login (seconds) was set to 10 seconds