Postman API authentication

CommunityMember90320

I have been trying to get an authenticated/authorized API to work and I just am not able to do it.  Can anyone help with what I may have wrong here? 

This is the detail from the Console:

11:30:10.374 POST https://auth.anaplan.com/token/authenticate: {
"Network": {
"addresses": {
"local": {
"address": "...",
"family": "IPv4",
"port": 54150
},
"remote": {
"address": "104.18.126.74",
"family": "IPv4",
"port": 443
}
},
"tls": {
"reused": false,
"authorized": true,
"authorizationError": null,
"cipher": {
"name": "TLS_AES_256_GCM_SHA384",
"standardName": "TLS_AES_256_GCM_SHA384",
"version": "TLSv1.3"
},
"protocol": "TLSv1.3",
"ephemeralKeyInfo": {
"type": "ECDH",
"name": "X25519",
"size": 253
},
"peerCertificate": {
"subject": {
"country": "US",
"stateOrProvince": "California",
"locality": "San Francisco",
"organization": "Anaplan, Inc.",
"commonName": "auth.anaplan.com",
"alternativeNames": "DNS:auth.anaplan.com"
},
"issuer": {
"country": "US",
"organization": "DigiCert Inc",
"commonName": "DigiCert TLS RSA SHA256 2020 CA1"
},
"validFrom": "Mar 2 00:00:00 2022 GMT",
"validTo": "Mar 2 23:59:59 2023 GMT",
"fingerprint": "::::::A::9::F::8:4:1:::::ED",
"serialNumber": "0...F"
}
}
},
"Request Headers": {
"content-type": "application/json",
"authorization": "CACertificate {....-----END CERTIFICATE-----",
"user-agent": "PostmanRuntime/7.29.2",
"accept": "*/*",
"cache-control": "no-cache",
"postman-token": "a25a0bbf-939b-4621-ad5a-36fa6bfaa171",
"host": "auth.anaplan.com",
"accept-encoding": "gzip, deflate, br",
"connection": "keep-alive"
},
"Response Headers": {
"date": "Wed, 29 Jun 2022 16:30:10 GMT",
"content-type": "application/json",
"content-length": "294",
"connection": "keep-alive",
"strict-transport-security": "max-age=31536000; includeSubDomains",
"x-content-type-options": "nosniff",
"cf-cache-status": "DYNAMIC",
"expect-ct": "max-age=604800, report-uri=\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\"",
"server": "cloudflare",
"cf-ray": "72300b9308cf05d2-IAD"
},
"Response Body": "{\"status\":\"FAILURE_BAD_CREDENTIAL\",\"statusMessage\":\"Authentication Failure. If you're unsuccessful after multiple attempts, your account may be locked. If you are using the Anaplan login page, click the 'Forgot Password' link. Otherwise, contact your Anaplan administrator or Anaplan Support.\"}"
}

joeymorisette

@CommunityMember90320 

 

Check out Anaplan's official postman collection here.

 

When using CA certs you are required to pass the public cert in the Authorization header like you have done, but it also requires a body that contains an encoded string of random data as well as that string signed with the associated private key to the public cert that has been registered on the Anaplan tenant. How to sign the string is laid out in our apiary.