Issue

When uploading a schema using the Panther Analysis Tool (PAT), I receive one of the following error messages:

• 403 Forbidden Error: Unhandled exception: "403, message='Forbidden', url='­....'

• 403 Unauthorized Error: aiohttp.client_exceptions.ClientResponseError: 401, message='Unauthorized', url='....'

Resolution

Resolving a 403 error

1. In your Panther Console, click on the gear icon (Settings) on the top right of your screen.

2. From the drop-down menu, click API Playground.

3. Click the GraphQL tab, and copy the value of the field API URL field.

4. Ensure you are using this API URL value in your PAT command. It should look something like the following:

   panther_analysis_tool update-custom-schemas --api-token YOUR_API_TOKEN 
   --api-host ­https://api.xxx.runpanther.net/public/graphql 
   --path YOUR_SCHEMA_PATH

Resolving a 401 error

1. Ensure that your API token has the appropriate permissions to perform the intended actions. For example, update-custom-schemas requires your API key to have the permissions View Log Sources and Manage Log Sources.

2. If you need to create a new API token with the appropriate permissions, wait for at least a couple of minutes after creating the token to use it.

Cause:

• 403 Error: This typically occurs because of an incorrect API URL.

• 401 Error: This can happen for the following reasons:

  • The API token lacks the appropriate permissions for the action being performed.

  • Propagation delays can cause temporary invalidation of newly created tokens.