From b53f6c9aed5c8f740955a0a7ca83dcdd7396dcb3 Mon Sep 17 00:00:00 2001 From: Christoph Gasser Date: Fri, 17 Apr 2026 10:11:53 +0200 Subject: [PATCH] Fix Zabbix API token auth for Zabbix 6.4+ Zabbix 6.4+ rejects API tokens in the JSON-RPC "auth" field. Tokens must now be sent as "Authorization: Bearer " HTTP header. User/password sessions still use the payload auth field as before. Co-Authored-By: Claude Sonnet 4.6 --- app/zabbix.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/app/zabbix.py b/app/zabbix.py index e9adcb7..7007212 100644 --- a/app/zabbix.py +++ b/app/zabbix.py @@ -37,9 +37,14 @@ class ZabbixClient: def _call(self, method, params): self._id += 1 payload = {'jsonrpc': '2.0', 'method': method, 'params': params, 'id': self._id} - if self._auth: + headers = {} + if ZABBIX_API_TOKEN: + # Zabbix 6.4+: API tokens go in the Authorization header, not the payload + headers['Authorization'] = f'Bearer {ZABBIX_API_TOKEN}' + elif self._auth: + # Zabbix < 6.4 / user+password sessions: auth goes in the JSON-RPC payload payload['auth'] = self._auth - resp = requests.post(self._url, json=payload, timeout=30) + resp = requests.post(self._url, json=payload, headers=headers, timeout=30) resp.raise_for_status() body = resp.json() if 'error' in body: @@ -48,7 +53,7 @@ class ZabbixClient: def login(self): if ZABBIX_API_TOKEN: - self._auth = ZABBIX_API_TOKEN # API token used directly — no session needed + pass # token is sent via Authorization header in every _call — no login needed else: self._auth = self._call('user.login', {'user': ZABBIX_USER, 'password': ZABBIX_PASSWORD})