3.5 API Access Help

Hello,

I'm getting the error...

{
  "errors": [
    {
      "code": "Neo.ClientError.Security.Unauthorized",
      "message": "Invalid username or password."
    }
  ]
}

...when testing the v3.5 HTTP API. Below are my deployment steps, can someone assist?

  1. Deploy to Azure using the following script:
Click to expand!
#!/bin/bash

export LOCATION=<redacted>
export SUBSCRIPTION=<redacted>
export RG=<redacted>
export NAME=<redacted>
export ADMIN_USERNAME=<redacted>
export ADMIN_PASSWORD=<redacted>
export NEO4J_PASSWORD=<redacted>
export NETWORK_SECURITY_GROUP=<redacted>
export SOURCE_IP_ADDRESS=<redacted>

# Options: https://azure.microsoft.com/en-us/pricing/details/virtual-machines/

export VM_SIZE=Standard_A2m_v2
export ADDRESS_ALLOCATION=dynamic
export PUBLISHER=neo4j
export OFFER=neo4j-enterprise-3_5
export SKU=neo4j_3_5_5_apoc
export VERSION=latest
export IMAGE=$PUBLISHER:$OFFER:$SKU:$VERSION

az group create \
 --location $LOCATION \
   --name $RG

echo "Creating Resource Group named $RG"

az network nsg create \
 --resource-group $RG \
 --location $LOCATION \
 --name $NETWORK_SECURITY_GROUP 

echo "Assigning NSG rules to allow inbound traffic on Neo4j ports..."

prio=1000

for port in 7473 7474 7687; 

do
  az network nsg rule create \
  --resource-group $RG \
  --nsg-name "$NETWORK_SECURITY_GROUP" \
  --name neo4j-allow-$port \
  	--source-address-prefixes $SOURCE_IP_ADDRESS \
  --protocol tcp \
  --priority $prio \
  --destination-port-range $port
prio=$(($prio+1))
done 

echo "Creating Neo4j VM named $NAME"

az vm create --name $NAME \
--resource-group $RG \
--image $IMAGE \
--vnet-name $NAME-vnet \
--subnet $NAME-subnet \
--admin-username "$ADMIN_USERNAME" \
--admin-password "$ADMIN_PASSWORD" \
--public-ip-address-allocation $ADDRESS_ALLOCATION \
--size $VM_SIZE 

if [ $? -ne 0 ] ; then
echo "VM creation failed"
exit 1
fi 

echo "Updating NIC to have our NSG"

# Uses default assigned NIC name

az network nic update \
--resource-group "$RG" \
--name "${NAME}VMNic" \
--network-security-group "$NETWORK_SECURITY_GROUP" 
  
# Get the IP address of our instance

IP_ADDRESS=$(az vm list-ip-addresses -g "$RG" -n "$NAME" --query "[0].virtualMachine.network.publicIpAddresses[0].ipAddress")

echo "the IP address is $IP_ADDRESS"

export NEO4J_URI=bolt://$IP_ADDRESS 

# Change password; Can't get this to work

#echo "Checking if Neo4j is up and changing password...."
#while true; 
#do
#   if curl -s -I http://$IP_ADDRESS:7474 | grep "200 OK"; 
#	 then
#     echo "Neo4j is up; changing default password" 2>&1
#     curl -H "Content-Type: application/json" \
#       -XPOST -d '{"password":"'$NEO4J_PASSWORD'"}' \
#       -u neo4j:neo4j http://$IP_ADDRESS:7474/user/neo4j/password 2>&1 
#		 echo "Password reset, signaling success" 2>&1
#     break
#   fi   
#echo "Waiting for neo4j to come up" 2>&1
#   sleep 1
#done 

echo NEO4J_URI=$NEO4J_URI
exit 0
  1. Enter the default password, click "Connect"
Click to expand!

  1. Change the default password
Click to expand!

  1. Get the base64 encoding of the new password in un:pw format

echo 'neo4j:<redactedPW>' | base64

  1. Open Postman and test the API per Ch. 3.2 of the v3.5 docs
Click to expand!
  • Method: GET
  • URL: http://x.x.x.x:7474/user/neo4j
  • Headers:
    • Accept: application/json; charset=UTF-8
    • Authorization: Basic <the base64 output from step 4 above>

I tried omitting the Authorization header and instead passing Basic <base64-UN:PW> to Postman's Authorization options like API Key, OAUTH2, etc. but no go.

Thoughts?

Thank you

Further investigations...
I was able to get Postman's "Basic" Authorization option to return a status 200. Two strange observations:

  1. The actual Header would not work. Had to be a Postman-created Temp header
  1. Running echo 'neo4j:<redactedPW>' | base64 in my terminal resulted in a base64 encoded un:pw with only a single = on the end.
  • When you select "Basic Authorization" in Postman, you must enter the Neo4J UN/PW.
  • Postman will then encode this combo in base64...WITH TWO ='s on the end of the resulting string.
  • Still, adding the second = to the Actual Header did not result in a status 200 API call...
    Interesting!