cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

REST API v2 - POST is forbidden

moritz_kppen
Explorer

on ‎10-09-2013 8:44 AM

0 Kudos

Hello everybody,

I am trying to use the new REST API, which is part of the IdM SP8 and have some problems I cannot get solved.

Every GET operation seems to be working fine, but whenever I am trying to write new information to the database or changing user

attributes, I am getting an 403 (forbidden) error.

The task guid I am using belongs to access where the access controlled is set to 'everyone' and I am using the tunneling method 'MERGE'

described in the API documentation.

Is anybody having the same problems or has an idea how I could solve the problem?

Thanks you.

Moritz

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

moritz_kppen
Explorer
‎10-14-2013 4:45 PM
0 Kudos

It would be great if somebody could share a correct and working uri to use when changing attributes of a person. I still dont have any solution for the described problem I am facing.

Please dont share the link provided in the API documentation, I tried it and it doesnt work.

Show replies
Show replies
hristo_borisov
Explorer
‎10-15-2013 10:09 AM
0 Kudos

Hi Moritz,

I have few questions. What is your deployment scenario? I mean how did you get the new rest api and how did you deploy it? Did you use SUM to update or just deployed the SCA through NWDS or telnet?

I am asking because you should not have both URIs working only the /idmrestapi/v2/service one.

My second question is Is there more detailed stack trace of your error? The second message that you provide is not very specific.

Also have you imported the UI Tasks for HTML5.mcc template in your management console? This template imports several UI tasks which are later used by the REST api for access control thus lacking them may lead you to "access forbidden" error.

Here is an example request on my system that is changing the middle name of the user:

Request headers:

  1. POST /idmrestapi/v2/service/ET_MX_PERSON(ID=12,TASK_GUID=guid'F387B583-BA92-4F16-8986-7FD7BF840AC4') HTTP/1.1
  2. Host: <host>:<port>
  3. Connection: keep-alive
  4. Content-Length: 312
  5. MaxDataServiceVersion: 2.0
  6. Origin: http://<host>:<port>
  7. x-csrf-token: tGNBqn0gG5qRTVovHBE7uFXzdAJAK03gyIw
  8. Accept-Language: en-GB
  9. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36
  10. X-HTTP-Method: MERGE Content-Type: application/json
  11. Accept: application/json
  12. DataServiceVersion: 2.0
  13. Referer: http://<host>:<port>/idmui5/index.html
  14. Accept-Encoding: gzip,deflate,sdch
  15. Cookie: <omitted>

Request Payload:

  1. {"SV_MX_MIDDLENAME":"middle3","SV_MX_ACADEMIC_TITLE_1":"Bachelor","SV_MX_TITLE_SUPPLEMENT":"","SV_MX_JOB_FUNCTION":"Product Owner","SV_MX_LANGUAGE":"bg","SV_MX_PHONE_PRIMARY":"+35986542","SV_MX_FAX_PRIMARY":"","SV_MX_MOBILE_PRIMARY":"+359882456987","SV_MX_WORKPLACE_BUILDING":"SOF01","SV_MX_WORKPLACE_FLOOR":"8"}

Please let me know if any of the above helps you.

Best,

Hristo

moritz_kppen
Explorer
‎10-15-2013 10:54 AM
0 Kudos

Didnt test it yet but this definitely look like its gonna help. Thank. Will mark your answer as correct after testing.

moritz_kppen
Explorer
‎10-09-2013 4:58 PM
0 Kudos

Found out what has to be part of the problem: You have to send a HTTP GET Request with the header X-CSRF-Token having the value Fetch. The value of the requests answer has to be send with every HTTP POST request. Now I am not getting the 403 Error, but an 500 or 405 Error. Apparently there has to be a problem with the URI I am entering.

Shouldnt this work:

http://...:.../idmrest/v2/service/ET_MX_PERSON(ID=63,TASK_GUID=guid'4103F92B-731A-BA33-B544-79539F7F...

Show replies
Show replies
hristo_borisov
Explorer
‎10-10-2013 10:44 AM
0 Kudos

Hello Moritz,

the URI you are using is not correct. Please try with:

http://...:.../idmrestapi/v2/service/ET_MX_PERSON(ID=63,TASK_GUID=guid'4103F92B-731A-BA33-B544-79539F7F00F2')

For more info please look at: http://help.sap.com/saphelp_nwidmic_72/helpdata/en/ef/d3e90dace9408faac84cb4bc9fe60d/content.htm?fra...

Let me know if this solved your issue.

Best Regards,

Hristo

moritz_kppen
Explorer
‎10-10-2013 1:03 PM
0 Kudos

Hello Hristo,

both URI are working fine. You can you idmrest or idmrestapi, doesnt make any difference.

Every GET request I am sending is working fine, the described problem only appears whenever I am trying to use POST.

Best regards.

Moritz

hristo_borisov
Explorer
‎10-10-2013 3:43 PM
0 Kudos

Hi Moritz,

the new rest api (v2) is located on <host>:<port>/idmrestapi/v2/service and won't work properly on the other URI. Could you please try with it and if you face the error again, please go to NWA -> Troubleshooting -> Logs & Traces -> Log Viewer and then in the Developer Traces and paste the exact error.

Best Regards,

Hristo

moritz_kppen
Explorer
‎10-10-2013 4:36 PM
0 Kudos

Hello Hristo,

this example is part of the REST API v2 documentation:

Anyways, I tried using the idmrestapi URI as well. No difference.

Accoridng to this example it should be quite easy to change a persons lastname. I only have to set the tunnel method to merge and send the right token.

I am always getting this error.

Log from NWA:

Thank you very much.

Moritz

moritz_kppen
Explorer
‎10-10-2013 4:42 PM
0 Kudos

This is the more interesting log from the nwa:

Ask a Question