Passing auth token in POST request in payload does not work

I have a question regarding passing auth token to rasa nlu server in the payload. When running rasa with --enable-api and --auth-token, if I pass the auth token in URL when calling model/parse endpoint, everything works, but if I pass it in payload like “token”:“mysecuritytoken” it returns an unauthorized error. On the other hand, in the code, when rasa core calls rasa nlu endpoint, it passes token in the payload (as seen here: rasa/ at 8357bb664aa55b176ba73e2c4911d7a3b53de50f · RasaHQ/rasa · GitHub) and it works.

Any ideas what I’m missing?


Hm. It’s quite strange because in the code, it does look like the parameters are part of the json in the code there. However I tried on my own and got the same issue, after a quick test and a look at the HTTP api, looks like the token is actually a query parameter: HTTP API

So in this case you’d have to hit /model/parse?token=mysecuritytoken.


Thanks for the response. Yes, I have the same results, after looking at the server code, looks like token is always retrieved from the query string, not the payload. Sure, when using only NLU, it’s not a problem and I can call for whatever URL I need, but it means that rasa core could not call rasa nlu via http api, if auth token is enabled, because in rasa core it’s passing token through payload. Is this a bug? or I still miss something?

Well it won’t cause a bug for the combined server (normal Rasa server) since it will use a RasaNLUInterpreter and not a RasaNLUHttpInterpreter. I don’t think it’s currently possible to configure a separate nlu server via the nlu: endpoint (that’s a bug, i believe), which means this code probably hasn’t been touched since the servers were merged.