Can see my user in list of users but failed to authenticate

Sium · June 29, 2025, 9:25pm

I created the user via curl (201) and can see his details

curl -u Administrator:password http://localhost:4985/mydb/_user/Edge1User

{“name”:“Edge1User”,“email”:“”,“disabled”:false,“all_channels”:[“!”]}%
curl -u Edge1User:pass http://localhost:4985/mydb/_changes

{“error”:“Unauthorized”,“reason”:“Invalid login”}

I am running sync gateway in docker with the below configuration

{
    "bootstrap": {
      "server": "couchbase://cb",
      "username": "Administrator",
      "password": "password",
      "server_tls_skip_verify": true,
      "use_tls_server": false,
      "ca_cert_path": "",
      "group_id": "default"
    },
    "api": {
      "admin_interface": "0.0.0.0:4985",
      "public_interface": "0.0.0.0:4984",
      "metrics_interface": "0.0.0.0:4986",
      "profile_interface": "",
      "admin_interface_authentication": true,
      "metrics_interface_authentication": false,
      "cors": {
        "origin": ["*"],
        "login_origin": ["*"],
        "headers": ["*"],
        "max_age": 17280000
      }
    },
    "logging": {
      "console": {
        "enabled": true,
        "log_level": "info",
        "log_keys": ["HTTP", "Auth", "CRUD", "Changes"]
      }
    },
    "auth": {},
    "replicator": {
    
    }
  }

I have seen notes saying use databases, users etc but the container fails to start with message unknown key “databases”.

mreiche · June 30, 2025, 4:22am

If the password contains any special characters that might be interpreted by the shell (such as $), that needs to be prevented using either single-quotes around username:password or escaping the character with a back-slash

Sium · June 30, 2025, 6:06am

thanks mrieche. The password is simply just pass

nocaed · June 30, 2025, 7:02am

Hi Sam,

The reason is that your Administrator user has permissions to interact with the Admin API for Sync Gateway. Access to the Admin API is determined using Couchbase Server RBAC Secure API Access | Couchbase Docs.

On the other hand the ‘Edge1User’ was created as a database user for mydb. Users for Sync Gateway databases can interact with them through the Public API Sync Gateway App Services Public API Reference | Couchbase Docs but they cannot use the Admin API and so will not be able to use Sync Gateway App Services Admin API Reference | Couchbase Docs, as mentioned there this requires (Couchbase Server RBAC) roles:

Required Sync Gateway RBAC roles:

Sync Gateway Application
Sync Gateway Application Read Only

Sium · June 30, 2025, 7:49am

that was it…thanks so much.

Topic		Replies	Views
Couchbase Sync Gateway & password protected bucket Sync Gateway	3	2290	October 23, 2015
401/500 error on creating Sync Gateway user Sync Gateway	4	2492	September 21, 2015
Basic authentification for sync gateway 3.1 configuration Sync Gateway dot-net	2	415	November 20, 2023
POST wrong password of user to {bucket}/_session return 200 by 4985 (Couchbase Sync Gateway 1.0.1)? Sync Gateway	7	2569	August 1, 2016
Couchbase sync gateway admin user authentication Sync Gateway	2	3359	October 6, 2018

Can see my user in list of users but failed to authenticate

Related topics