cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

REST API test of simple service returns HTTP 403

SOLVED
Newbie

REST API test of simple service returns HTTP 403

Hi,

I created a thing (my first) and wrote a simple service to return the current UTC date time. There is no input parameter and the only output is the datetime value. Pressing the Test button on the Service listing in the Composer seems to work okay. But when I use Postman to send a service request via an HTTP POST the service returns HTTP 403 Forbidden. The POST message has the correct URI as far as I can tell. I have included the appKey associated with my User account in the header and made sure my user account has full access to the thing and the service.

The explanation of HTTP 403 suggests the form of the service request in Postman is correct but the server is actively refusing to honor it and not because of insufficient privilege.

How do I debug this?

Tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: REST API test of simple service returns HTTP 403

Hi,

You have to go to System / Subsystems / PlatformSubsystem / Configuration. Check "Allow Request Method Switch" and uncheck "Filter Content-Type".

View solution in original post

4 REPLIES 4

Re: REST API test of simple service returns HTTP 403

Just to clarify ... the thing template is Generic Thing.

Re: REST API test of simple service returns HTTP 403

Hi,

You have to go to System / Subsystems / PlatformSubsystem / Configuration. Check "Allow Request Method Switch" and uncheck "Filter Content-Type".

View solution in original post

Re: REST API test of simple service returns HTTP 403

Okay, this works and my REST API service request is getting 200 OK response and correct data.

Reading the help on the Platform Subsystem | Configuration settings suggests that the new settings go against the "best practice" and expose the application to cross-site request forgery, so the solution has consequences that go beyond making a simple service request work. I'll need to research this further.

Re: REST API test of simple service returns HTTP 403

I'm agree that letting POST request open to public is dangerous for the platform.

Announcements

Thingworx Navigate content has a new home! Click here to access the new Thingworx Navigate forum! ______________________________