Skip to main content
A
asinclair1-Visitor
1-Visitor
January 14, 2016
Solved

REST API test of simple service returns HTTP 403

  • January 14, 2016
  • 2 replies
  • 23353 views

Hi,

I created a thing (my first) and wrote a simple service to return the current UTC date time. There is no input parameter and the only output is the datetime value. Pressing the Test button on the Service listing in the Composer seems to work okay. But when I use Postman to send a service request via an HTTP POST the service returns HTTP 403 Forbidden. The POST message has the correct URI as far as I can tell. I have included the appKey associated with my User account in the header and made sure my user account has full access to the thing and the service.

The explanation of HTTP 403 suggests the form of the service request in Postman is correct but the server is actively refusing to honor it and not because of insufficient privilege.

How do I debug this?

Best answer by qn_01

Hi,

You have to go to System / Subsystems / PlatformSubsystem / Configuration. Check "Allow Request Method Switch" and uncheck "Filter Content-Type".

2 replies

A
asinclair1-VisitorAuthor
1-Visitor
January 14, 2016

Just to clarify ... the thing template is Generic Thing.

Q
qn_011-VisitorAnswer
1-Visitor
January 15, 2016

Hi,

You have to go to System / Subsystems / PlatformSubsystem / Configuration. Check "Allow Request Method Switch" and uncheck "Filter Content-Type".

A
asinclair1-VisitorAuthor
1-Visitor
January 15, 2016

Okay, this works and my REST API service request is getting 200 OK response and correct data.

Reading the help on the Platform Subsystem | Configuration settings suggests that the new settings go against the "best practice" and expose the application to cross-site request forgery, so the solution has consequences that go beyond making a simple service request work. I'll need to research this further.

Q
qn_011-Visitor
1-Visitor
January 15, 2016

I'm agree that letting POST request open to public is dangerous for the platform.

Terms & ConditionsCookie settingsAccessibility statement