Error 401 for authentication on the axelor REST API

Hello currently I am trying to test the REST API, the problem is that I have a 401 error, I manage to have access to a CSRF-TOKEN that I put in the header, do I need something else for identification?
With this url: http://localhost:8080/axelor-erp-6.4.14/ws/rest/com.axelor.apps.base.db.Partner/search.
Can anyone help me

    function sendLoginRequest() {
        return new Promise((resolve, reject) => {
            const data = {
                username: "admin",
                password: "admin"
                url: 'http://localhost:8080/axelor-erp-6.4.14/login.jsp',
                type: 'POST',
                contentType: 'application/json',
                data: JSON.stringify(data),
                success: function(response, textStatus, jqXHR) {
                    const token = jqXHR.getResponseHeader('X-CSRF-Token');
            error: function(xhr, status, error) {
                console.log('Erreur lors de la requête. Statut:', xhr.status);
                console.log('Réponse serveur:', xhr.responseText);
            .then(token => {
                console.log('Token retourné:', token);
            .catch(error => {
    function getPartnerRequest(token) {
                url: 'http://localhost:8080/axelor-erp-6.4.14/ws/rest/com.axelor.apps.base.db.Partner/search',
                type: 'POST',
                headers: { 'X-CSRF-Token': token },
                data: JSON.stringify({
                    fields: ["fullName"],
                    limit: 20
            contentType: 'application/json'
        }).done(response => {
            const contactNames = => e.fullName);
            const contactList = $('#contact-list');
            contactNames.forEach(name => {

The X-CSRF-Token token isn’t a token which allow you to stay connected to Axelor API.
You must save JSESSIONID cookie from your connection and use it in the future.

Thank you for your answer, that’s where I’m stuck, I don’t know how to retrieve and keep my JSESSIONID, since it’s in httponly, I can’t retrieve it with Javascript code. At each request it changes.

You just have to save the cookies returned once you login and send them everytime you need to do a request to Axelor.

I’m really lost I made my code in JavaScript without php, can you give me an example please.

Hello PHPierre,

I guess that if Yvann1 can’t get JSESSIONID from cookies, this might be because of CORS issue ?

I cannot reproduce your environement sorry.

Are you on same domain than Axelor ? Because if you are, you don’t need to connect with Javascript request. Use Axelor login to do this and you can send requests after.

I’m not in the same domain, I tried with PHP, I recovered the CSRF-Token and the JSESSIONID that I put as a parameter of my function, I always have a 401 error, can you tell me if I have an error in my function.

function reponse($CSRFTOKENResultat,$JSESSIONID)
            $url = 'http://localhost:8080/axelor-erp-6.4.14/ws/rest/com.axelor.apps.base.db.Partner/search';
            $headers = array('Content-Type' => 'application/json','X-CSRF-Token'=> $CSRFTOKENResultat ,'JSESSIONID' => $JSESSIONID);
            $data = array('fields' => 'fullName');
            $response = WpOrg\Requests\Requests::post($url, $headers, json_encode($data));
            $reponse = var_dump($response);
            return $reponse;
        $reponse = reponse($CSRFTOKENResultat,$JSESSIONID);
        echo $reponse;

If not same domain, I always use a backend betwen my javascript and Axelor ERP.
It’s usefull the keep the JSESSIONID cookie.

Remember JSESSIONID is a Cookie and not directly a header so it’s maybe more like this :

$headers = array('Content-Type' => 'application/json','X-CSRF-Token'=> $CSRFTOKENResultat ,'Cookie' => ["JSESSIONID" => $JSESSIONID]);

thank you for your help I succeeded, by putting in cookie the token and the JSESSIONID

1 « J'aime »