Introduction
Problem
When attempting to make a login request to a HCP Vault cluster using the API directly, you may receive a “missing client token” response. The Namespace header is not passed as part of the request.
Cause
The vault namespace header is not passed as part of the request.
Solution
The example below shows the error occurring when logging into the userpass auth method using the API directly and how to resolve by passing the Namespace header, however, this is applicable to logging into any auth method via the API directly.
The same error can occur if you attempt to log into a path which doesn’t exist. Sometimes if you mistype the path in the URL, this can happen as seen in screenshot below.
To resolve, pass the namespace header which should be the namespace in which the auth method you intend to log into is mounted within and the path should be a valid one.
This error (shown below) can also happen with the vault agent side car injector workflow when used in Kubernetes if you do not have the vault.hashicorp.com/namespace annotation set in your config.
Additional Information
HCP Vault requires all requests go to a namespace - see this article for more details on this.