Hi,
I’m trying to instantiate a process using REST API, but I’m getting 401 Unauthorized error.
I passed the right cookies so much that I get results from the following:
/bonita/API/bpm/process?s=ProcessTest
and
/API/bpm/process/6961608208004836487/contract
I’m using the same user that I start the process from portal, and there it works fine.
My process has no constraints or inputs, then I passed no body data.
Here is the Raw Request:
POST http://sqnot159:8080/bonita/API/bpm/process/6961608208004836487/instantiation HTTP/1.1
Connection: Keep-Alive
Content-Type: text/plain; charset=utf-8
Accept: application/json
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=9B34F35B061BE9DFBD9658D51AE9ED2E; X-Bonita-API-Token=5507e0d9-e8b1-4648-8935-305a5f69a3d7
Content-Length: 0
Host: sqnot159:8080
Thanks,
Murilo Faria
Hi,
The X-Bonita-API-Token should be passed as a header value itself. The other request work because there are GET requests, do you have other POST request that worked?
So in your example, we should see:
Cookie: JSESSIONID=9B34F35B061BE9DFBD9658D51AE9ED2E; X-Bonita-API-Token=5507e0d9-e8b1-4648-8935-305a5f69a3d7
Content-Length: 0
Host: sqnot159:8080
X-Bonita-API-Token=5507e0d9-e8b1-4648-8935-305a5f69a3d7
Copy de same JSESSIONID of response LoginService into Cookie more X-Bonita-API-Token (both separated)
Hi,
Not 100% sure, but I think you’re missing the header X-Bonita-API-Token. It’s present in the cookies, but should be also passed as a header value. It’s for CSRF security check.
Cheers
Hi Lionel Palacin, thanks for your answer.
I passed all cookies I received in login response. As you can see in raw request above, I passed the X-Bonita-API-Token, and it works in others requests.
Worked!! Thanks Lionel Palacin!