[solved] What is wrong with my POST REST Call?

lesliechw · May 26, 2018, 12:18pm

Hi all,

I just unable to successfully pass the Authorization key/value pair into the POST call. What is wrong with my code?

HTTP.post(url, {
        params: {
            'Authorization': 'Basic YmFuaG0oLXN0b3JlLWFwaTpnZmh0eWpnaG52ZmhydHlqa3U2NTY3cnRkamdmaGp1eWhpaTdnNnVmNWV0aHZqYms='
        }
    }, function (data) {
        console.log('From callback function: ' + data);
    })

Respond from API:

From callback function: Error: failed [400] {"success":0,"error":["Client credentials were not found in the headers or body"],"data":[]}

It doesn’t get the key/value pair I POST. Please advice, thank you.

storyteller · May 26, 2018, 12:46pm

Shouldn’t the authorization be in the headers instead of params?

HTTP.post(url, {
        headers: {
            'Authorization': 'auth text'
        }
    }, function (data) {
        console.log('From callback function: ' + data);
    })

PS: It probably isn’t a good idea to post your authorization string.

lesliechw · May 26, 2018, 12:48pm

@storyteller, thanks the string is incorrect/edited. I’ve tried headers before post, the console will then complain about the following:

Failed to load https://staging.domain.com/api/rest/oauth2/token/client_credentials: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 404.

storyteller · May 26, 2018, 12:58pm

Ah yes, that is different issue. Are you posting from client or server. This looks like from client.

lesliechw · May 26, 2018, 1:02pm

Ya correct this is from client side.

storyteller · May 26, 2018, 1:04pm

I would recommend moving it to server in order to get rid of issues around the same origin policy that is enforced by the browser for security purposes.

lesliechw · May 26, 2018, 1:08pm

Ok I’ll try it now. Thanks.

Peppe_LG · May 26, 2018, 3:15pm

If you’re curious, the problem is the same-origin policy web browser adhere (which is good, from a security point of view). There exists workarounds, the best one being Cross-Origin Resource Sharing, which is what the web browser complains about (you’re not using it).

lesliechw · May 26, 2018, 3:31pm

I tried even with or without the cross origin header, the issue is not there, it’s why authorization is not captured by the API endpoint. The endpoint complain The hash is not there.

Peppe_LG · May 26, 2018, 4:27pm

For CORS to work, the server needs to support it. It may be that staging.domain.com doesn’t support CORS, in which case you can’t use their API through client side JavaScript.

storyteller · May 26, 2018, 4:31pm

Do you have control of the endpoint? If yes where/how are you checking for the authorization?

lesliechw · May 27, 2018, 1:50am

I have control over the API. I already enable it to support CORS.

 #Add these lines to your .htaccess file
        Header set Access-Control-Allow-Origin "http://localhost:3000"
        Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
        Header set Access-Control-Allow-Headers "X-Oc-Merchant-Language, X-Oc-Store-Id, Content-Type,X-Oc-Merchant-Id, X-Oc-Session"
        Header set Access-Control-Allow-Credentials: true
        RewriteRule .* - [E=HTTP_Authorization:%{HTTP:Authorization}]

lesliechw · May 27, 2018, 1:57am

I test the following endpoint with POSTMAN Client and it work without problem. That’s why I can be sure the API endpoint is not the problem.

You can test with the following temporary Basic Token:
Basic dGVtcG9yYXJ5OmdmaHR5amdobnZmaHJ0eWprdTY1NjdydGRqZ2ZoanV5aGlpN2c2dWY1ZXRodmpiaw==

https://staging.banhoh.com/api/rest/oauth2/token/client_credentials

lesliechw · May 27, 2018, 1:38pm

I copy the example from Meteor Guide but still get error, why?

HTTP.call('POST', url, {
  headers: { Authorization: 'Basic YmFuaG0oLXN0b3JlLWFwaTpnZmh0eWpnaG52ZmhydHlqa3U2NTY3cnRkamdmaGp1eWhpaTdnNnVmNWV0aHZqYms=' }
}, (error, result) => {
  if (!error) {
    console.log(result);
  }
});

OPTIONS https://staging.domain.com/api/rest/oauth2/token/client_credentials 404 (Not Found)
HTTP.call @ http.js?hash=d3dd208935f8ca87ff86948a53498046333fdb3b:231
mainapp.js @ mainapp.js:25
fileEvaluate @ modules-runtime.js?hash=9f9bb5e055614ddf4eb3e743737b7a5b3cfd9d34:353
require @ modules-runtime.js?hash=9f9bb5e055614ddf4eb3e743737b7a5b3cfd9d34:248
(anonymous) @ app.js?hash=8daeffa6cc9de7153955e303df13b6fb7dd0af84:20100
(index):1 Failed to load https://staging.domain.com/api/rest/oauth2/token/client_credentials: Response for preflight has invalid HTTP status code 404.

lesliechw · May 27, 2018, 4:26pm

Server Admin enable OPTIONS in Apache config file and it’s working fine now. Thanks for all the help here.