cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Calling REST api with POST method - ERROR: 403 Forbidden

Go to solution
Former Member

on ‎04-22-2014 9:08 AM

0 Kudos

  Hi experts,

 

I’m trying to call a REST with POST method and I’m getting the following error: 403 Forbidden . I have followed the IdM documentation about: SAP NetWeaver Identity Management REST API Interface Description.

Here is an example:

URL:

  • host/idmrest/v72alpha/entries/{MSKEY}/tasks/{TASKID}

HTTP Method:

  • POST

Parameters:

  • Content-type:application/x-www-form-urlencoded
  • Content-type:JSONHttpRequest

Authentication:

  • BASIC (with user and password)

Note: I'm calling the REST with GET method with no such error.

BR,

Simona

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

hristo_borisov
Explorer
‎04-22-2014 9:51 AM
0 Kudos

Hi Simona,

I guess you get this error because of the XSRF protection. Please see point 1.3 of the document you have mentioned where it is described how to make proper POST requests. Basically you have to provide additional token with the request.

Let me know if you need further help.

Best Regards,

Hristo

Show replies
Show replies
Former Member
‎04-22-2014 1:06 PM
0 Kudos

Hi Hristo,

Here is an example of my code:

var parameters = {};
var headers ={};

headers.setHeader = "Content-type: JSONHttpRequest";

headers.setHeader = "Content-type: application/x-www-form-urlencoded";

headers.setHeader = "X-Requested-With: JSONHttpRequest";

headers.setHeader = "X-Requested-With: XMLHttpRequest";

headers.setHeader = "X-CSRF-Token: Fetch";

parameters.MX_FIRSTNAME = "Tester";

var variantUrl = "http://....../idmrest/v72alpha/entries/{MSKEY}/tasks/{TASKID}";

var oModelVariant =  new sap.ui.model.json.JSONModel( );

oModelVariant.loadData(variantUrl,parameters ,false, "POST", false, false, headers);

Can you what I'm doing wrong.

BR,

Simona

hristo_borisov
Explorer
‎04-22-2014 1:15 PM
0 Kudos

When you make a GET HTTP request with the following header:

"X-CSRF-Token: Fetch";

then in the response you will have something like: "X-CSRF-Token: abcdefghi"; instead of the keyword Fetch. That is the XSRF token. You have to use this token in the subsequent POST request. Something like

POST ....

X-CSRF-Token: abcdefghi

Former Member
‎04-22-2014 1:17 PM
0 Kudos

Hi Hristo,

But how can I get the X-CSRF-Token - value from my GET method?

BR,

Simona

Former Member
‎04-23-2014 9:52 AM
0 Kudos

Hi Hristo,

Thanks a lot for your help, I succeeded.

BR,

Simona

gopalkrishna_baliga
Participant
‎07-11-2014 9:14 AM
0 Kudos

Hi Simona,

   I am not using identity management. I have created a simple REST (POST) based interface in PI using Advantco adapter. I have used AAE (ICO).

   Here in REST sender channel I have just configured the "Listening Mode".

   When I test the REST service url (http url) in browser (IE or chrome).I get a pop-up to enter userid/password. After that I get 403 forbidden error.

    I have proper access to PI system as a DEVELOPER.

    Is there any special role or access to be included in addition to DEVELOPER role in PI?

    Am I missing any other configuration?

   Please help.

Former Member
‎07-15-2014 9:47 AM
0 Kudos

Hi Gopalkrishna,

Check my blog - http://scn.sap.com/community/idm/blog/2014/05/26/sap-netweaver-idm-rest-api-ui--calling-post-methode...

BR,

Simona

Former Member
‎02-24-2016 12:09 PM
0 Kudos

Hi Simona,

Thank you so much for the explanation!

Any clue on why this might still be happening:

In your interaction with the IDM 8.0 REST API, have you had to copy the cookie details as well from the first non-modifying GET, along with the CSRF token, and use both within the modifying-POST API call?

Would greatly appreciate your insight on the issue!

Thanks a ton in advance Simona!


Best regards,

Sandeep

Answers (1)

Answers (1)

Former Member
‎10-09-2015 8:54 PM
0 Kudos

I'm trying to access a rest through JSONModel with but unfortunately I've had a trouble.



The error is:

Additional information: The HTTP method 'OPTIONS' of the incoming request (with URI 'http://localhost:36172/RestSe rviceImpl.svc/token') is not allowed.



The code is:

var oModel = new sap.ui.model.json.JSONModel();

var url ='http://localhost:36172/RestS erviceImpl.svc/token';

var parameters ={};

var headers ={};

headers.Authorization ='Access-Control-Allow-Origin: true';

headers.setHeader ='Accept: application/json';

headers.setHeader ='Content-Type: application/json';

var parameters ='username=wcorrea,password=123456,expiration=500';

//var parameters ='wcorrea,123456,500';

oModel.loadData(url, parameters, false, "POST", false, "false", headers);

Does anyone have an idea what's going on?

Tks

Rodrigo

Show replies
Show replies
jrondorf
Participant
‎10-14-2015 7:44 AM
0 Kudos

Hi Rodrigo,

I guess this is not IdM related, so better to post this question in another forum.

But I do not think this will work:

var parameters ='username=wcorrea,password=123456,expiration=500';


Check for Basic authentication and Base64 encoding like here:

How to use Basic Auth and Jquery and Ajax - Stack Overflow


Best regards, JAnnis

Ask a Question