Token Based Rest Api in JavaScript

CostaRica · April 20, 2019, 3:37am

Hi @revant_one or anyone kind enough to help me with this.

-Could you please tell me what is wrong with the following JavaScript code? I changed the api_key, api_secret and IP of my ERPNext Instance, so that I protect my info but don’t get confused about the formating of these values.

I have read all the available Forum Topics on Token Based Authorization, but there is not a single JavaScript example that is simple and complete (haven’t found it, anyway). As you can easily see, I am not a Rest Api expert.

The result is 403 (FORBIDDEN), but I double checked the api_key and api_secret.

const headers = new Headers();
headers.append('Content-Type', 'application/json');
headers.append('Accept', 'application/json');
headers.append('Token', '0a93059f2c3fa0e:a7e0f3155d7a5a7');

const init = {
	method: 'GET',
	headers
}

fetch('http://265.225.159.215/api/resource/Item', init)
.then((response) => {
	return response.text(); // or .json() or .blob() ...
})
.then((text) => {
	console.log(text) // text is the response body
})
.catch((e) => {
	console.log(e) // error in e.message
});

black_mamba · April 20, 2019, 4:09am

Why don’t you verify that tokens are working fine. What you can do is:

Login/SSH onto the server
Make the API call to end point using locahost or 127.0.0.01 instead of the IP address in URL using cURL command

If the tokens work fine the there could be issue with load balancer/reverse proxy {e…g Nginx}. Do this and share what your findings are it will give more information to solve this issue.

Again this is just a theory, what I am suggesting might be wrong

CostaRica · April 20, 2019, 10:40am

Thanks for taking the time to answer, but I don’t think the keys are the problem.

The problem is that there isn’t documentation (that I’ve found, of course), that says WHERE in the code should we send the keys or the format they should follow. First I need to verify that the code has the correct format.

Every time someone asks in this forum (or in discuss.frappe.io) about Rest Api, there is no answer, or the answer is very vague.

Hasn’t anyone made this work???

mattlongfield · April 20, 2019, 1:08pm

Change from
headers.append(‘Token’, ‘0a93059f2c3fa0e:a7e0f3155d7a5a7’);
to
headers.append(‘token’, ‘0a93059f2c3fa0e:a7e0f3155d7a5a7’);

I think that’ll do it - uppercase T fails in my tests

Here’s a complete python snippet that works in my environment for reference

import requests , json
apiKey = “blablablakey”
apiSecret = “blablablasecret”
url = “http://192.168.0.222:8000/api/resource/User”
headers = {
‘Authorization’: "token " + apiKey + “:” + apiSecret,
‘cache-control’: “no-cache”
}
response = requests.request(“GET”, url, headers=headers, verify=False)
print(response.text)

CostaRica · April 20, 2019, 4:24pm

Thanks Matt! It works! One just have to remember to pip install requests before running the code.

I’ll convert that to JavaScript and give it a try

CostaRica · April 20, 2019, 6:25pm

Thanks to @mattlongfield for his python example. I have waited a long time for someone to help me with this. I really appreciate it, Matt.

Here is my working JavaScript Rest Api code (apiKey, apiSecret and url modified, so write your own values).

const headers = new Headers();
const apiKey = "0b25049e1c3fe6a"
const apiSecret = "a2f0f3225a5a8a7"
const url = "http://286.145.208.028/api/resource/Item"
const token = "token " + apiKey + ":" + apiSecret

headers.append('Authorization', token);
headers.append('cache-control', 'no-cache');

const init = {
	method: 'GET',
	headers
}

fetch(url, init)
.then((response) => {
	return response.text(); // or .json() or .blob() ...
})
.then((text) => {
	console.log(text) // text is the response body
})
.catch((e) => {
	console.log(e) // error in e.message
});