[WS API] Service user is considered "annonymous" and limited to public asset


I am using a service user to subscribe/publish events using the WS API. However, it seems that a service user is considered “annonymous” and only has access to public assets.

In the logs I see: “Only public access allowed for anonymous requests”

Am I doing something wrong or is this expected behavior? Is there anyway I can workaround this?

Thank you.

Best regards,
Adriano Carvalho


You need to provide a Bearer authroization header when initially connecting to the websocket endpoint; the manager UI uses the websocket API so if you look in the network tab of your browser’s developer console you’ll be able to see what I mean.

Thank you Rich.

It is working now. It seems that I was doing two things wrong:

First, in the wiki the URL is

It should be
Realm={realm}&Authorization={accessToken} (no Auth- in the begginng)

Second, the {accessToken} part of the URL should be prefixed with Bearer , as in the HTTP authorization header.

Perhaps you could update the wiki to make this clearer.

1 Like

Hi @adrianocarvalhodtx,

I’ve updated the wiki: User Guide: Manager APIs · openremote/openremote Wiki · GitHub
Is it correct like this?


“The realm of the authenticating user must also be included as an Auth-Realm query parameter.”

“Auth-” is still there.

Instead of {Bearer accessToken}, I think it would be slightly more correct and less confusing to put Bearer%20{accessToken}. “%20” is how a space is translated in a URL.

A concrete example is always helpful:


(ws:// can be used if TLS is disabled.)

Thanks for the correction!