Integration Agent fails due to invalid Authentication

Not Yet Reviewed

Apologies in advance if this is a rookie mistake but I can't seem to get my first test integration agent off the ground and running.

I have been following the GIG's and am now on this one: . 

So far, I have installed and successfully got the Integration Agent running on one of our servers. I verified this by running `iadmin get-status`. When doing so, I am returned with the following


Event domain: applications
Name: ovens
Clients: [MG, APCLIENT]
Started: Nov 1, 2018 2:47:35 PM
Last request: none
Status: ACTIVE
Pending request count: 0
Normal priority inbound APXML queue size: 0
High priority inbound APXML queue size: 0
Normal priority outbound APXML queue size:
High priority outbound APXML queue size: 0


Then, I created a user just like in the GIG called `ovens` which was given permissions to both the form and the plan in question.

Then, I ran the command successfully to build an encrypted password file for this user and then pointed to it in my `config` file as such:


WEB_SERVICE_URL = "https://**********";


INITIATOR    = "ovens";
PASSWORD = "integrationservices/applications/ovens/.initiatorpasswd";


I also set up my XML file accordingly, and it looks just fine to me. Looks like this:

<?xml version="1.0" encoding="UTF-8"?>

-<integration-service version="1.0" xmlns="">




-<script lang="js">




-<mapped-input method="add">







-<encrypted-constant overwrite="true" type="string" name="xmpassword">





And then this leaves my final step which obviously fails which is the given test command in the GIG. Looks like this:

`APClient.bin.exe --map-data "applications|ovens" "[{\"targetName\":\"ovens\"}]" "oven1" "10:30 AM" "11:30 AM"`

After running this, the log file displays the following error:


2018/11/02 09:48:07.103 -0400 EDT [applications|ovens-1] WARN - Request: {"callbacks":[],"properties":{"oven_name":"oven1","timer_end_time":"10:34 AM","timer_start_time":"11:03 AM","xmpassword":""},"recipients":[{"targetName":"ovens"}]}
resulted in the following
Response: HTTP Status 403: {"type":"UNAUTHORIZED_ACCESS_ERROR","message":"User does not have the permission to access this service/functionality: Timer Finished"}
2018/11/02 09:48:07.106 -0400 EDT [inbound.applications.ovens.normal-1] ERROR - Integration Service (applications, ovens) was unable to process a request due to an unexpected exception: org.apache.http.client.HttpResponseException: {"type":"UNAUTHORIZED_ACCESS_ERROR","message":"User does not have the permission to access this service/functionality: Timer Finished"}. Request: <?xml version="1.0" encoding="UTF-8"?>
<transaction id="1"><header><method>add</method></header><data><apia_priority type="string">normal</apia_priority><oven_name>oven1</oven_name><timer_end_time>10:34 AM</timer_end_time><recipients>[{"targetName":"ovens"}]</recipients><timer_start_time>11:03 AM</timer_start_time><xmpassword type="string"></xmpassword><apia_process_group type="string">apia_default_group</apia_process_group><agent_client_id>applications|ovens</agent_client_id><apia_source type="string">apclient: /</apia_source></data></transaction>
org.apache.http.client.HttpResponseException: {"type":"UNAUTHORIZED_ACCESS_ERROR","message":"User does not have the permission to access this service/functionality: Timer Finished"}


I have tried so many different combinations of Users but nothing has worked at all so far. A lot of this is pretty foreign to me so some guidance would be greatly appreciated from the amazing xMatters team!



Date Votes

Please sign in to leave a comment.

  • Hey Adam,

    I know your following the GIG instructions, but they are a bit dated.

    I would try changing the role of the `ovens` user to be `REST Web Service User`.  That Role was created specifically to support service-based access to the xMatters APIs.

    Also, instead of calling the Form's Web Service URL, I would suggest instead creating an Inbound Integration that wraps and then calls the Form.  You can create a simple Inbound Integration that Creates a New xMatters Event and point it at the Form.  The benefit is that you now have inbound logging via the Activity Stream, that can also help identify where problems might exist.  You would replace the URL from the Form with the Inbound Integration's Basic Auth URL.

    Give that a try and let us know if things get different.




    Thanks Jordan.

    We were able to fix this by doing a few things.

    1) I noticed that my conf folder was accidentally moved into another folder at some point. This caused the agent to not run properly, something I noticed when restarting. Once moved back, running iadmin get-status showed it was back on line and active

    2) I made sure that in the configuration.js file of my specific agent that I set the WEB_SERVICE_URL to that of my corresponding inbound integration for this specific plan. I used basic auth and then copied the provided url, pasting it for the above WEB_SERVICE_URL.

    Now, thankfully, everything is connected and working properly! :) Hope this helps anyone else down the line.


    Remember to escape the params for the recipients if you are on a Windows machine. Should looks something like this, username excluded:


Didn't find what you were looking for?

New post