As mentioned before we have some scripts that access Airwatch’s REST API.

Sadly a recent update to our SaaS instance to 8.3.1.0 lead to our scripts failing.

Below is a little post with the resolution.

What Happened?

Well, after our SaaS was updated to 8.3.1.0 all our API scripts started to fail with errors like the below:

2016-03-17 11:00:06,028 WARNING -------- Getting A List of Devices --------
2016-03-17 11:00:06,900 ERROR -------- Get request failed with 401 Client Error: Unauthorized --------

Returning the text from the GET request revealed the following error:

{"ErrorCode":1010,"Message":"Validation using Directory Authentication is disable for the tenant","ActivityId":"e0aeb541-7ebe-4d0f-bc46-27e62995bf01”}

Which was odd, as it was correct. The API calls were using Basic Authentication, yet the Airwatch was erroring as it seemed to be trying to use “Directory Authentication”.

Diving into the Airwatch console verified that we did indeed have Directory Authentication disabled & the API commands were certainly only using Basic Authentication (this can be found at System / Advanced / API / REST / Authentication, within the Airwatch console).

The Solution

5 days after logging a support call with Airwatch & then escalating with our Account Manager & we came to a solution.

Even though the scripts were using Basic Authentication & this was enabled in the Airwatch console, we had to enable Directory Authentication for API calls using Basic Authentication to work.

Airwatch advised this is a bug & should be addressed at some point.

As soon as we made & saved the above change, our API issues were resolved.

(Well mostly, but that’s for another post).