Error 401 when instantiating a process using REST API

Hi,

I’m trying to instantiate a process using REST API, but I’m getting 401 Unauthorized error.

I passed the right cookies so much that I get results from the following:

/bonita/API/bpm/process?s=ProcessTest
and
/API/bpm/process/6961608208004836487/contract

I’m using the same user that I start the process from portal, and there it works fine.
My process has no constraints or inputs, then I passed no body data.

Here is the Raw Request:

POST http://sqnot159:8080/bonita/API/bpm/process/6961608208004836487/instantiation HTTP/1.1
Connection: Keep-Alive
Content-Type: text/plain; charset=utf-8
Accept: application/json
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=9B34F35B061BE9DFBD9658D51AE9ED2E; X-Bonita-API-Token=5507e0d9-e8b1-4648-8935-305a5f69a3d7
Content-Length: 0
Host: sqnot159:8080

Thanks,

Murilo Faria

Hi,

The X-Bonita-API-Token should be passed as a header value itself. The other request work because there are GET requests, do you have other POST request that worked?

So in your example, we should see:
Cookie: JSESSIONID=9B34F35B061BE9DFBD9658D51AE9ED2E; X-Bonita-API-Token=5507e0d9-e8b1-4648-8935-305a5f69a3d7
Content-Length: 0
Host: sqnot159:8080
X-Bonita-API-Token=5507e0d9-e8b1-4648-8935-305a5f69a3d7

Copy de same JSESSIONID of response LoginService into Cookie more X-Bonita-API-Token (both separated)

Hi,

Not 100% sure, but I think you’re missing the header X-Bonita-API-Token. It’s present in the cookies, but should be also passed as a header value. It’s for CSRF security check.

Cheers

Hi Lionel Palacin, thanks for your answer.

I passed all cookies I received in login response. As you can see in raw request above, I passed the X-Bonita-API-Token, and it works in others requests.

Worked!! Thanks Lionel Palacin!