Help Needed with Automating User Invitations via Vaultwarden API

Gecko_in_a_Vault · October 5, 2024, 10:02pm

Hello everyone,

I’m trying to automate user invitations using the Vaultwarden API. Despite my efforts to research, I keep encountering authorization errors. I can see from the server logs that the API requests are reaching the server. However, I’m unsure how to authorize correctly since I’m not very experienced with programming or API requests.

Here is my code:

import requests
import json

admin_token = "MyToken"
email_invite = "user@example.com"

payload = {
    "email": email_invite
}

headers = {
    'Content-Type': 'application/json',
    'Authorization': f'Bearer {admin_token}'
}

response = requests.post("https://vaultwarden.mydomain.com/admin/invite", 
                         headers=headers, 
                         json=payload)

print(response.json())

This is the response I receive:

{'error': '', 'errorModel': {'message': 'Authorization failed.', 'object': 'error'}, 'error_description': '', 'exceptionMessage': None, 'exceptionStackTrace': None, 'innerExceptionMessage': None, 'message': 'Authorization failed.', 'object': 'error', 'validationErrors': {'': ['Authorization failed.']}}

I know the request is reaching the server, as indicated by the following log entries:

[request][INFO] POST /admin/invite
[vaultwarden::api::admin][ERROR] Authorization failed.
[response][INFO] (invite_user) POST /admin/invite => 401 Unauthorized

The admin token I’m using is the same one I log in with on the admin webpage for my server. What am I doing wrong?

Kind regards,
Gecko

Gecko_in_a_Vault · October 7, 2024, 10:25am

With help of this Reddit comment I have figure out that I need a cookie and JWT to authorize. I have simplified and edited my python script to:

import requests
import json

response = requests.post("https://vaultwarden.mydomain.com/admin/invite", 
                         headers={'Content-Type': 'application/json'}, 
                         json={"email": "user@example.com"},
                         cookies={'Admin-Token': "MyToken"})

print(response.status_code)
print(response.json())

I am still truly unsure what I need to authenticate. No matter what I can come up with to use as the admin token I keep getting the 401 response and the same error in the response. Is the admin token the same as the password I use to log into the admin WebUI? Do I need to use the cookie that I can find after logging into the WebUI when I press F12 ?
How do I convert these to a JWT? I have tried using ChatGPT to figure it out and I still am completely unsure on what to do. AFAICT there is no documentation on how to use the API? If there is any, could somebody please refer me to it.

Thanks in advance for any help given!

Topic		Replies	Views
Automate user invitation in Vaultwarden for AD users, seeking API assistance Help	6	751	September 15, 2023
Log Files admin page Help	1	319	September 21, 2022
API always says unauthorized Help	7	203	June 7, 2024
API basics - how to pull a password Help	7	5750	October 7, 2024
Organization -> Settings -> API is missing Help	5	2075	February 9, 2022

Help Needed with Automating User Invitations via Vaultwarden API

Related topics