Error 401 for authentication on the axelor REST API

Yvann1 · Mai 30, 2023, 2:40

Hello currently I am trying to test the REST API, the problem is that I have a 401 error, I manage to have access to a CSRF-TOKEN that I put in the header, do I need something else for identification?
With this url: http://localhost:8080/axelor-erp-6.4.14/ws/rest/com.axelor.apps.base.db.Partner/search.
Can anyone help me

<script>
    function sendLoginRequest() {
        return new Promise((resolve, reject) => {
            const data = {
                username: "admin",
                password: "admin"
            };
            $.ajax({
                url: 'http://localhost:8080/axelor-erp-6.4.14/login.jsp',
                type: 'POST',
                contentType: 'application/json',
                data: JSON.stringify(data),
                success: function(response, textStatus, jqXHR) {
                    const token = jqXHR.getResponseHeader('X-CSRF-Token');
                    resolve(token);
            },
            error: function(xhr, status, error) {
                console.log('Erreur lors de la requête. Statut:', xhr.status);
                console.log('Réponse serveur:', xhr.responseText);
                reject(error);
            }
            });
        });
    }
    sendLoginRequest()
            .then(token => {
                console.log('Token retourné:', token);
                getPartnerRequest(token);
            })
            .catch(error => {
                console.error(error);
            });
    function getPartnerRequest(token) {
        $.ajax({
                url: 'http://localhost:8080/axelor-erp-6.4.14/ws/rest/com.axelor.apps.base.db.Partner/search',
                type: 'POST',
                headers: { 'X-CSRF-Token': token },
                data: JSON.stringify({
                    fields: ["fullName"],
                    limit: 20
            }),
            contentType: 'application/json'
        }).done(response => {
            const contactNames = response.data.map(e => e.fullName);
            const contactList = $('#contact-list');
            contactNames.forEach(name => {
                    $('<li>').text(name).appendTo(contactList);
            });
        });
    }

PHPierre · Juin 1, 2023, 7:10

The X-CSRF-Token token isn’t a token which allow you to stay connected to Axelor API.
You must save JSESSIONID cookie from your connection and use it in the future.

Yvann1 · Juin 1, 2023, 7:17

Thank you for your answer, that’s where I’m stuck, I don’t know how to retrieve and keep my JSESSIONID, since it’s in httponly, I can’t retrieve it with Javascript code. At each request it changes.

PHPierre · Juin 1, 2023, 7:27

You just have to save the cookies returned once you login and send them everytime you need to do a request to Axelor.

Yvann1 · Juin 1, 2023, 7:34

I’m really lost I made my code in JavaScript without php, can you give me an example please.

thoamss · Juin 1, 2023, 7:54

Hello PHPierre,

I guess that if Yvann1 can’t get JSESSIONID from cookies, this might be because of CORS issue ?

PHPierre · Juin 1, 2023, 8:39

I cannot reproduce your environement sorry.

Are you on same domain than Axelor ? Because if you are, you don’t need to connect with Javascript request. Use Axelor login to do this and you can send requests after.

Yvann1 · Juin 1, 2023, 12:05

I’m not in the same domain, I tried with PHP, I recovered the CSRF-Token and the JSESSIONID that I put as a parameter of my function, I always have a 401 error, can you tell me if I have an error in my function.

function reponse($CSRFTOKENResultat,$JSESSIONID)
        {
            $url = 'http://localhost:8080/axelor-erp-6.4.14/ws/rest/com.axelor.apps.base.db.Partner/search';
            $headers = array('Content-Type' => 'application/json','X-CSRF-Token'=> $CSRFTOKENResultat ,'JSESSIONID' => $JSESSIONID);
            $data = array('fields' => 'fullName');
            $response = WpOrg\Requests\Requests::post($url, $headers, json_encode($data));
            $reponse = var_dump($response);
            return $reponse;
        }
        $reponse = reponse($CSRFTOKENResultat,$JSESSIONID);
        echo $reponse;

PHPierre · Juin 1, 2023, 2:40

If not same domain, I always use a backend betwen my javascript and Axelor ERP.
It’s usefull the keep the JSESSIONID cookie.

Remember JSESSIONID is a Cookie and not directly a header so it’s maybe more like this :

$headers = array('Content-Type' => 'application/json','X-CSRF-Token'=> $CSRFTOKENResultat ,'Cookie' => ["JSESSIONID" => $JSESSIONID]);

Yvann1 · Juin 1, 2023, 2:50

thank you for your help I succeeded, by putting in cookie the token and the JSESSIONID