Third Light Developer Exchange

Code and templating community forum for developers and software integrators

You are not logged in.

Announcement

If you wish to join the Developer Exchange, please contact your account manager - this is to avoid unnecessary spam in the forums. Many thanks for your understanding.

#1 2015-02-18 22:27:31

mdyason
Member
Registered: 2015-01-20
Posts: 43

Using postman with Http POST requests

I can get Postman to work just fine using HTTP "GET" to interface with the third light API, but when I try "POST" with form-urlencoded I  get:
"{"result":{"api":"CORS_POLICY_FAILURE","action":"API_ERROR","debug":"The CORS policy for this site does not permit access from the specified Origin: fhbjgbiflinjbdggehcddcbncdddomop"}}". 

This looks to me like an actual reply from the API?

I am using Postman on a machine that is in the same domain (intranet) as the Third light server.  I was trying to login using an API key which works just fine with a GET.

Has anybody used the Postman Rest Client to interface with Third Light API?  If so could you please show me an example Post setup.  I do not know if I am using Postman wrong or if I need to learn about CORS (about which I currently know nothing).  I do have another possible problem in that I am trying to post to a server that is secure - HTTPS rather than HTTP.  Could it be that this is what is causing the problem?  Although I did get a similar error when I tried using Postman to Post to the Third light hosted test server which is http.

If I try using raw this is my preview:

POST /api.json.tlx HTTP/1.1
Host: imstest.matrix-solutions.com
Content-Type: application/json

json={"inParams":{"apikey":"xxx"},"action":"Core.LoginWithKey","apiVersion":"1.0"}            where xxx replaces my actual apikey

This returns:  {"result":{"api":"BAD_INPUT","action":"API_ERROR","debug":"No input provided."}} 

So this may be closer, but still wrong?

Last edited by mdyason (2015-02-18 22:54:52)

Offline

#2 2015-02-20 11:37:59

ben
Third Light Staff
From: Third Light
Registered: 2013-06-06
Posts: 66

Re: Using postman with Http POST requests

Hi - it looks like the Postman client is attaching a made-up Origin header to the request (or possibly this is something you have configured yourself, maybe without knowing it!). This "Origin" header is being seen by IMS and compared against a list of safe origins. As that list doesn't include "fhbjgbiflinjbdggehcddcbncdddomop" the request is rejected with the error you are seeing. I do strongly recommend you read up on CORS to get a fuller understanding of what it is about http://en.wikipedia.org/wiki/Cross-orig … ce_sharing

You have a few options:
1) Make sure that Postman sends no Origin header at all.
2) Configure the value of the Origin header to be the same as your IMS server hostname. e.g. http://imstest.matrix-solutions.com
3) Configure the value of the Origin header to be something of your choosing AND also add that to the list of safe origins - see the "IMS API" section on the Configuration > Site Settings page in IMS.

Best wishes,
Ben
PS your manual attempt, I think, is very close. As you have specified "Content-Type: application/json", you don't need to prefix the JSON content with "json=". Just include the raw JSON packet as the body of the request.

Offline

#3 2015-02-21 00:40:24

mdyason
Member
Registered: 2015-01-20
Posts: 43

Re: Using postman with Http POST requests

Postman is a addon for Chrome and therefore lives by Google rules.  Chrome sends the strange origin and will not allow a site to send any origin of its own.  This means that even if you add an origin header in postman, google will strip it off and it never gets sent.  A workaround is to copy the string “fhbjgbiflinjbdggehcddcbncdddomop” into the Permitted sites list under cross origin resource sharing.  This works but is a lousy work around.  Does anybody use a different / better tool that is not just a command line tool to test API's.  Postman is just so easy to use and anything you create there is saved, can be previewed or turned into high level code like C# automatically.  I guess its too good to be true?

Offline

#4 2015-02-23 12:09:26

ben
Third Light Staff
From: Third Light
Registered: 2013-06-06
Posts: 66

Re: Using postman with Http POST requests

Hi again,
Not sure if this will help as I'm not familiar with Postman but I found a little snippet in the Postman docs about sending restricted headers using an extra extension:
http://www.getpostman.com/docs/requests

On that page have a look at the instructions following "With Postman version v0.9.6 onwards, sending restricted headers becomes trivial."

hth
Ben

Offline

#5 2015-06-23 23:41:55

mdyason
Member
Registered: 2015-01-20
Posts: 43

Re: Using postman with Http POST requests

Just in case anybody else has this same problem, here is how to solve it.
Go to https://www.getpostman.com/docs/capture in your chrome browser.  Click on interceptor extension and then choose add to chrome.  Once it is added there is a new icon top right of both the browser and postman that looks like a traffic light.  In postman click this and it turns green. Then add a header to every request going to third light.  Every header consists of the header name and a value.  Start typing over the header name and a list of allowed http headers comes up.  Choose "Origin".  In the cell for value simply type the full URL of your server.  (Do not forget the 'http://' or 'https://').

Offline

Board footer