Solved: What's the correct way of using the /Thingworx/Imp...

rwiseman · ‎Feb 24, 2017

I thought I could sneakily work out how to use this by using Firebug to look at the request made via Composer, but I always get an error in the Application log that says:

Forbidden file upload from https://x.x.x.x:y/Thingworx/Importer

(address redacted)

The curl command I have been trying to use to upload XML for a single (if that makes a difference) entity is:

curl --user 'Administrator:xxx' -F 'file=@entity.xml' 'https://x.x.x.x:y/Thingworx/Importer?purpose=import&usedefaultdataprovider=false&WithSubsystems=false'

(address and password redacted; and I've slightly simplified this curl request but only to omit --insecure because I'm using a self-signed certificate)

Where is this wrong...? Shouldn't I even be using the resource in this way?

posipova · ‎Feb 27, 2017

This is the certain value I meant: TWX-XSRF-TOKEN-VALUE.

Glad it works now.

View solution in original post

posipova · ‎Feb 24, 2017

Hi Richard, the error indicates that the csrf header must equal a certain value, and be included in the command.

rwiseman · ‎Feb 27, 2017

Thanks Polina, although could you elaborate on what "a certain value" means please?

Interestingly, the curl command that Firebug creates from the request Firefox made does not include a csrf header. It does, however contain a header with "XSRF" in it: "X-XSRF-TOKEN: TWX-XSRF-TOKEN-VALUE"

If I add this header, the request succeeds.

posipova · ‎Feb 27, 2017

This is the certain value I meant: TWX-XSRF-TOKEN-VALUE.

Glad it works now.

What's the correct way of using the /Thingworx/Importer API resource?

What's the correct way of using the /Thingworx/Importer API resource?