Unable to call an rpc method via curl with no authentication #10218

My config: ~/.bitcoin/bitcoin.conf

  daemon=1
  prune=600
  maxconnections=12
  maxuploadtarget=20
  server=1

Version:

$ bitcoind --version
Bitcoin Core Daemon version v0.14.0.0-g43a987c1c
Copyright (C) 2009-2017 The Bitcoin Core developers

Why doesn't this work and require authentication?

$ curl -v --data-binary '{"jsonrpc": "1.0", "id":"curltest", "method": "getinfo", "params": [] }' -H 'content-type: text/plain;' http://127.0.0.1:8332/
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8332 (#0)
> POST / HTTP/1.1
> Host: 127.0.0.1:8332
> User-Agent: curl/7.47.0
> Accept: */*
> content-type: text/plain;
> Content-Length: 71
> 
* upload completely sent off: 71 out of 71 bytes
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: Basic realm="jsonrpc"
< Date: Sun, 16 Apr 2017 05:09:10 GMT
< Content-Length: 0
< Content-Type: text/html; charset=ISO-8859-1
< 
* Connection [#0](/bitcoin-bitcoin/0/) to host 127.0.0.1 left intact

Are you using a non-default value for -datadir?

@MarcoFalke default one

You need to set a rpcuser/rpcpassword in bitcoin.conf, and pass that as authentication info in curl. If you don't specify one, bitcoind generates a password automatically and writes it into the authcookie file.

@sipa ok, I want it to generate a password automatically and write it into the authcookie file, what should I do?

Then you should read the authcookie file yourself, and use the username/password combination in it when connecting. bitcoin-cli will do this automatically, but curl obviously can't do that.

@sipa maybe you should read it? rpcuser/rpcpassword have become deprecated.

@GildedHonour Yes they are deprecated in favor of the new option rpcauth, which is the alternative to the default behavior of using a cookie file.

  -rpcauth=<userpw>
       Username and hashed password for JSON-RPC connections. The field
       <userpw> comes in the format: <USERNAME>:<SALT>$<HASH>. A
       canonical python script is included in share/rpcuser. The client
       then connects normally using the
       rpcuser=<USERNAME>/rpcpassword=<PASSWORD> pair of arguments. This
       option can be specified multiple times

Yes, you can use -rpcauth as well. But you should still use the username/password from the cookie file if you don't want to configure a pair yourself in bitcoin.conf.

@sipa I think the automatically generated cookie file is different from the human generated auth pair.

@MarcoFalke I know. But authentication is an option which isn't mandatory. Hence, why doesn't my example work? @sipa the cookie file doesn't get created. What's its full name?

.cookie in the datadir

@GildedHonour Authentication is not optional. Configuring it yourself is optional, but bitcoind never accepts RPC connections without explicitly or implicitly configured username/password.

@sipa ok, right. That file exists. However, my question remains.

I've answered it, I think. Bitcoind always requires authentication on connections.

I am pretty sure @sipa answered your question

Q: Why doesn't this work and require authentication?

A: Authentication is not optional.

@sipa what did you mean by "Configuring it yourself is optional,"? How can I skip configuring it myself?

You have three options:

• Set rpcuser and rpcpassword in bitcoin.conf. If you do that, you must pass that username and password as auth info in curl.
• Set one or more rpcauth lines in bitcoin.conf. If you do that, you must pass one of those username/password pairs in curl.
• Don't configure anything in bitcoin.conf. In that case, bitcoind will generate an authentication cookie for you, and write a username/password pair into the .cookie file. You must use the information in that file when connecting via curl.

@sipa the 3rd isn't correct. This is what I have, no user name, no password:

$ cat .bitcoin/.cookie 
__cookie__:3784b8eb00726c09b275aff93882b7859cf482b8f714931343fds32431234gaa

how can I use it?

@GildedHonour Use option two. You can type in ./share/rpcuser/rpcuser.py my_name and follow the instructions.

__cookie__ is the username. 3784b8eb00726c09b275aff93882b7859cf482b8f714931343fds32431234gaa is the password.

Note that the 3rd method isn't really intended to be used that way. If you need extra work to support it from your client code, it's much easier to just configure a password with rpcpassword or rpcauth.

thanks :)

@MarcoFalke I'm having a similar issue with a non-default data-dir option. Any help?

@adilw3nomad Make sure to pass the datadir to bitcoin-cli, so it can read the cookie or auth from the config file as well as the chain (main, test, regtest)