Solved: POST ODATA API with CSRF_NONCE in header got 401 U...

SH_9602401 · ‎Sep 11, 2023

Here is my curl command:

curl -X 'POST'   'https://xxx:443/Windchill/servlet/odata/v5/ProdMgmt/Parts('\''OR%3Awt.part.WTPart%3A1987947662'\'')/PTC.ProdMgmt.GetPartStructure1?%24expand=Components(%24expand%3DPart(%24select%3DName%2CNumber)%2CPartUse%2COccurrence%3B%24levels%3D1)'   -H 'accept: application/json'   -H 'CSRF_NONCE: YAHDHC6Fy13sbFrBWTKLf2DA+xKeRw/....../2ani99g=='   -H 'Content-Type: application/json'   -d '{}'

The response from server shows 401 error. I got the CSRF_NONCE value on a curl command line

curl -X 'GET' https://xxx:443/Windchill/servlet/odata/PTC/GetCSRFToken%28%29 -H 'authorization: Basic ....'

<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<p>Additionally, a 401 Unauthorized
error was encountered while trying to use an ErrorDocument to handle the request.</p>

Thank you for your time!

SH_9602401 · ‎Sep 11, 2023

Never mind. I figured out myself. With CSRF_NONCE value in header you still need -H 'authorization: Basic ....'!

View solution in original post

SH_9602401 · ‎Sep 11, 2023

Never mind. I figured out myself. With CSRF_NONCE value in header you still need -H 'authorization: Basic ....'!

POST ODATA API with CSRF_NONCE in header got 401 Unauthorized

POST ODATA API with CSRF_NONCE in header got 401 Unauthorized