cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can subscribe to a forum, label or individual post and receive email notifications when someone posts a new topic or reply. Learn more! X

REST API test of simple service returns HTTP 403

asinclair
1-Newbie

REST API test of simple service returns HTTP 403

Hi,

I created a thing (my first) and wrote a simple service to return the current UTC date time. There is no input parameter and the only output is the datetime value. Pressing the Test button on the Service listing in the Composer seems to work okay. But when I use Postman to send a service request via an HTTP POST the service returns HTTP 403 Forbidden. The POST message has the correct URI as far as I can tell. I have included the appKey associated with my User account in the header and made sure my user account has full access to the thing and the service.

The explanation of HTTP 403 suggests the form of the service request in Postman is correct but the server is actively refusing to honor it and not because of insufficient privilege.

How do I debug this?

1 ACCEPTED SOLUTION

Accepted Solutions
qn
1-Newbie
1-Newbie
(To:asinclair)

Hi,

You have to go to System / Subsystems / PlatformSubsystem / Configuration. Check "Allow Request Method Switch" and uncheck "Filter Content-Type".

View solution in original post

4 REPLIES 4

Just to clarify ... the thing template is Generic Thing.

qn
1-Newbie
1-Newbie
(To:asinclair)

Hi,

You have to go to System / Subsystems / PlatformSubsystem / Configuration. Check "Allow Request Method Switch" and uncheck "Filter Content-Type".

asinclair
1-Newbie
(To:qn)

Okay, this works and my REST API service request is getting 200 OK response and correct data.

Reading the help on the Platform Subsystem | Configuration settings suggests that the new settings go against the "best practice" and expose the application to cross-site request forgery, so the solution has consequences that go beyond making a simple service request work. I'll need to research this further.

qn
1-Newbie
1-Newbie
(To:asinclair)

I'm agree that letting POST request open to public is dangerous for the platform.

Top Tags