API Route vncwebsocket accessible via API Token

[SlaAp]

Hello everyone,

I have a question regarding the use of API tokens in Proxmox. I am trying to use the vncwebsocket API route via an API token, but I keep receiving an 401 error message stating "invalid authentication - 401 authentication failure"

Task log:

client connection: 127.0.0.1:50252
invalid authentication - 401 authentication failure
TASK ERROR: command '/usr/bin/termproxy 5900 --path /vms/110 --perm VM.Console -- /usr/bin/dtach -A /var/run/dtach/vzctlconsole110 -r winch -z lxc-console -n 110 -e -1' failed: exit code 1

Has anyone experienced using this specific API route with an API token? Is there a specific permission that needs to be set, or is this route somehow restricted to users with full login credentials?

Any help or suggestions would be greatly appreciated!

Thank you in advance!

---

Research:​

1. Does the token have the right permissions
   • Full Administrator permissions []
2. Is the token expired?
   • NO: Token is not expired []
3. Check the PVE source code that checks the token to see the auth method GitHub pve-xtermjs (main.rs)
   • Authentication happens here GitHub pve-xtermjs (main.rs) authenticate method
     • in source code does request to "http://localhost:{port}/api2/json/access/ticket" (i asume to validate token )
       • Simulate auth method using my own program (call the endpoint with the username and token as password)
         
         Result: 401 authentication failure
         
         Maybe i found it (explanation: The internal check fails so it results in a 401 so the websocket connection is therefore dropped)