Using the Trace API results in a 403

API Question Template

First and foremost: I am currently in my trial.
Everytime I try to submit data to the Trace API, it only return HTTP Status 403 without a reason. The API Key I used is enabled and correct. The key is of type “INGEST - LICENSE”, but “INGEST - BROWSER” also doesn’t work.

I tried to use the HTTP Header “Api-Key”, as stated here
https://docs.newrelic.com/docs/understand-dependencies/distributed-tracing/trace-api/report-new-relic-format-traces-trace-api#new-relic-guidelines

I also tried to use the HTTP Header “X-Insert-Key”, as stated here
https://docs.newrelic.com/docs/telemetry-data-platform/ingest-manage-data/ingest-apis/use-event-api-report-custom-events

The data I sent is based on OpenTelemetry and looks like this:

[
    {
        "common":{
            "attributes":{
                "instrumentation.provider":"opentelemetry",
                "collector.name":"newrelic-opentelemetry-exporter",
                "service.name":"otel-frontend",
                "service.instance.id":"377c4bbd-99e9-455a-bda8-f6335b0cedb0",
                "host":"localhost:4200"
            }
        },
        "spans":[
            {
                "id":"edd7eb5fb276c73f",
                "trace.id":"8623778a638978f3f3eb1d5906eff38d",
                "attributes":{
                    "component":"document-load",
                    "timestamp":1605688002736,
                    "name":"documentLoad",
                    "duration.ms":384,
                    "service.name":"otel-frontend"
                }
            }
        ]
    }
]

What am I doing wrong, or can I not use the Trace API if I’m only in a trial?
(if the latter, please document this a little better)

Hi @marvin.kienitz, it looks like your account is based in our EU data center. Have you double-checked that you’re using the EU Trace API endpoint?

trace-api.eu.newrelic.com/trace/v1

Additionally, what are your results if you use the X-License-Key header instead of Api-Key?

If you’re still receiving a 403, please reply with a copy of the exact call that you used. (For security reasons, please also obfuscate a majority of the key used in the call, although it will be helpful to see the first 4 characters following any prefix.)

using Firefox’ “Copy as Fetch” feature, here’s the request with all intricacies

    await fetch("https://trace-api.eu.newrelic.com/trace/v1", {
        "credentials": "omit",
        "headers": {
            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0",
            "Accept": "application/json, text/plain, */*",
            "Accept-Language": "en-US,de;q=0.7,en;q=0.3",
            "Api-Key": "eu01xx78xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
            "Data-Format": "newrelic",
            "Data-Format-Version": "1",
            "Content-Type": "application/json"
        },
        "referrer": "http://localhost:4200/",
        "body": "[{\"common\":{\"attributes\":{\"instrumentation.provider\":\"opentelemetry\",\"collector.name\":\"newrelic-opentelemetry-exporter\",\"service.name\":\"otel-frontend\",\"service.instance.id\":\"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\",\"host\":\"localhost:4200\"}},\"spans\":[{\"id\":\"5d2f8739eed3073d\",\"trace.id\":\"2ac09e692e58e8c46f26c1b00e5caeb7\",\"attributes\":{\"timestamp\":1606206161292,\"name\":\"error\",\"duration.ms\":0,\"service.name\":\"otel-frontend\"}}]}]",
        "method": "POST",
        "mode": "cors"
    });

the response is

    Body:
        {}
    Headers:
        HTTP/1.1 403 Forbidden
        Content-Type: application/json; charset=UTF-8
        Content-Length: 2
        Access-Control-Allow-Methods: GET, POST, PUT, HEAD, OPTIONS
        Access-Control-Allow-Credentials: true
        Access-Control-Allow-Origin: http://localhost:4200
        Connection: keep-alive

as stated before, I tried the X-License-Key Header instead, but to no avail. (EDIT: I used the wrong header, check below)
Anyways, here’s the same as above:

    await fetch("https://trace-api.eu.newrelic.com/trace/v1", {
        "credentials": "omit",
        "headers": {
            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0",
            "Accept": "application/json, text/plain, */*",
            "Accept-Language": "en-US,de;q=0.7,en;q=0.3",
            "X-Insert-Key": "eu01xx78xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
            "Data-Format": "newrelic",
            "Data-Format-Version": "1",
            "Content-Type": "application/json"
        },
        "referrer": "http://localhost:4200/",
        "body": "[{\"common\":{\"attributes\":{\"instrumentation.provider\":\"opentelemetry\",\"collector.name\":\"newrelic-opentelemetry-exporter\",\"service.name\":\"otel-frontend\",\"service.instance.id\":\"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\",\"host\":\"localhost:4200\"}},\"spans\":[{\"id\":\"6e430d50a5f5d831\",\"trace.id\":\"a16f85a9b99eb1b177071ab81b943fe0\",\"attributes\":{\"component\":\"document-load\",\"timestamp\":1606206626404,\"name\":\"documentLoad\",\"duration.ms\":321,\"service.name\":\"otel-frontend\"}}]}]",
        "method": "POST",
        "mode": "cors"
    });

response:

    Body
        {}
    Header
        HTTP/1.1 403 Forbidden
        Content-Type: application/json; charset=UTF-8
        Content-Length: 2
        Access-Control-Allow-Methods: GET, POST, PUT, HEAD, OPTIONS
        Access-Control-Allow-Credentials: true
        Access-Control-Allow-Origin: http://localhost:4200
        Connection: keep-alive

@marvin.kienitz thanks for providing that level of detail!

I did some tests, and license keys definitely require the X-License-Key header. However, in your example you’re using X-Insert-Key.

Can you share an example that explicitly uses X-License-Key?

1 Like

Okay now it works, thank you @jeffrey_s !

But then I still ask myself, why the doc for the Trace API lists a different header (i.e. Api-Key)
https://docs.newrelic.com/docs/understand-dependencies/distributed-tracing/trace-api/report-new-relic-format-traces-trace-api

As far as I can tell, the “correct” header X-License-Key is only listed in the Log API doc
https://docs.newrelic.com/docs/logs/log-management/log-api/introduction-log-api

is the Trace API outdated, or am I missing something?
(EDIT: I think the problem is I did not use an Insight API key, but an Ingest License API key, which requires the different header)

@marvin.kienitz I’m glad to hear you got this working! I’ll check internally to see if this documentation os out of date or if there is something else causing this issue.

1 Like