POST ODATA API with CSRF_NONCE in header got 401 Unauthorized

Forum|Forum|2 years ago
September 12, 2023
1 reply
1207 views

Here is my curl command:

curl -X 'POST' 'https://xxx:443/Windchill/servlet/odata/v5/ProdMgmt/Parts('\''OR%3Awt.part.WTPart%3A1987947662'\'')/PTC.ProdMgmt.GetPartStructure1?%24expand=Components(%24expand%3DPart(%24select%3DName%2CNumber)%2CPartUse%2COccurrence%3B%24levels%3D1)' -H 'accept: application/json' -H 'CSRF_NONCE: YAHDHC6Fy13sbFrBWTKLf2DA+xKeRw/....../2ani99g==' -H 'Content-Type: application/json' -d '{}'

The response from server shows 401 error. I got the CSRF_NONCE value on a curl command line

curl -X 'GET' https://xxx:443/Windchill/servlet/odata/PTC/GetCSRFToken%28%29 -H 'authorization: Basic ....'

<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<p>Additionally, a 401 Unauthorized
error was encountered while trying to use an ErrorDocument to handle the request.</p>

Thank you for your time!

Best answer by SH_9602401

Never mind. I figured out myself. With CSRF_NONCE value in header you still need -H 'authorization: Basic ....'!

S

SH_9602401

AuthorAnswer

12-Amethyst

Never mind. I figured out myself. With CSRF_NONCE value in header you still need -H 'authorization: Basic ....'!

Sign up

Please use your PTC eSupport account.

Welcome to the PTC Community

Please use your PTC eSupport account.

Scanning file for viruses.

This file cannot be downloaded