Difficulty Authenticating API Requests via Swagger (Netwrix Identity Manager/Usercube) - Accepted values for Principal.Identity.AuthenticationType?

Hello,

I am trying to use the Swagger UI capability to test the Netwrix Identity Manager (NIM) APIs, but I am facing difficulty with request authentication.

I attempted to authenticate by setting the following parameters in the request headers (or equivalent fields in Swagger):

• Principal.Identity.Name

• Principal.Identity.AuthenticationType

• Principal.Identity.IsAuthenticated

I specifically tried to set Principal.Identity.AuthenticationType to the value Cookies, but this resulted in a HTTP 500 error (Internal Server Error).

I suspect that the value Cookies is not accepted for this parameter, but I have not been able to find documentation listing the admitted values for Principal.Identity.AuthenticationType.

Could anyone provide some insight or documentation on the accepted values for this specific authentication parameter?

Thank you in advance for your help.

Best regards,

Thierry

Hello Thierry,

But you don’t need to do any authentication when using the Swagger UI? It will automatically use the credentials of the already logged-in user in another tab. I never had to specifically set credentials to use the Swagger.

Hello Kamil,

Thank you for your answer. Maybe, it doesn’t work in our development environment because we have chosen to activate AllowLocalLogin & TestUserStore.

I opened a ticket to get help from support.

Thierry

Hello Thierry,

As Kamil mentioned, when you access the swagger, NIM uses the credentials of the connected user.

Could you post the error message received when you execute an API call?

In the meantime, you can use the attached Postman collection.

You just need to replace the variables in the collection with your own.

NIM.postman_collection.json (4.0 KB)

Best regards,

Hazem

Hello, thank you for your feedback.

Attached is the 403 error I get when using Swagger while being logged in as an admin on the browser.

403 swagger request 2025-12-19 1429261079×503 22.9 KB

I have opened an incident, and support has confirmed the issue. I am waiting for their response. I am surprised that it only doesn’t work in our environment.

Have a good day.

Thierry

Hello,

This is a permission issue.

For security reasons, access via APIs requires explicit permissions on the objects.

While waiting for a fix or a more detailed procedure, I can suggest the following workaround:

1. Identify the missing permission
   It can be found in the URL.
   Example: For Agent, the call URL “http://localhost:5000/api/Connectors/Agent…”.
   The missing permission is “/Connectors/Agent”.

2. Add the permission to the Administrator profile
   Add the following AccessControlRule:
   

   *<Entry Permission="**/Connectors/Agent/Query**" CanExecute="**true**"/>*
   

   
   Note: 3 important points:
   1- EntityType=“Agent”: to define the object of the API call
   2- Permission=“/Connectors/Agent/Query”: the identified permission + the type of action (Query, Create, Update, Delete)
   3- CanExecute=“true”: to allow the API call

3. Perform the API call
   In the squery field, list the attributes to return with the “select”.
   In the Path field, copy the permission defined in the AccessControlRule.
   

   

   image1444×426 14.5 KB
   

   image1431×739 25.7 KB

The Path parameter in the API is a mandatory field.
You can find them all here:
References: Permissions | Netwrix Product Documentation

Thank you for your answer, when I add the permission to the administrator profil and complete the path field, it is ok, I get return code 200.

Thank you very much

Thierry