In my web application I am making some API calls, they have a Bearer Auth Token, so I go to Network tab of Chrome and grab the URL Address and Bearer token and then paste them both in Postman and it is also a GET request.
But When I do that in Postman, I get 401 Unauthorized, but it works in Chrome and I can see it on the Response Tab just fine.
What else should I set up in Postman?
Related
Please note: I am not trying to get an access token to be used in a subsequent request to a different API!
Use case:
I have an app running locally that requires an authenticated session. Accessing any URL for this app (eg. http://localhost:3000/some/endpoint) will redirect to a "Sign in with Google" page. Once OIDC authentication is successful and a session has been created, requests will be handled by my app as expected.
I'd like to be able to use Postman to send requests to my app (eg. GET http://localhost:3000/some/endpoint), but doing so redirects to Google and the response HTML is rendered by Postman, but is non-functional, so I can't authenticate to create a session.
Is this a use case that Postman supports?
I have read tons of SO and no luck. How do I send cookies in API requests from chrome extension?
I want to make a post request to my API through chrome extension. But, the API is protected. Luckily, I can get the cookie for the API if I am already logged into my app with chrome.cookie. But, how do you attach that cookie to the API request?
I can get the cookie of the website with chrome.cookie, but how do I attach that cookie to the API request?
I am using the Rest Framework SimpleJWT for token authentication.
In postman I add the Bearer token in the Authorization tab and the API works fine.
When I try to use the API on a browser I do not have an option to pass the Bearer token. I am not sure how to pass the bearer token so the API works in the browser as well.
How can I pass the bearer token in headers.
Let me know if anymore info required, I am able to add all the code here.
You cannot add bearer token to url patterns. Url patterns are added just to match the urls.
The API won't work in the browser if you have implemented authentication.
You can test your APIs via postman (which you have already done) or implement these APIs in your frontend app.
if you want test your API on browser there is an easy way for it You can use ModHeader extension that is available for Chrome and Firefox enter image description here
I am implementing an Ocelot gateway. When I make the API call using my browser to http://localhost:5009/api/values, I get a valid json response back. However when I make the same request through Postman I get a 401 Unauthorized response. Any ideas if there is a setting in Postman I need to change or something else.
That is, the client must authenticate itself to get the requested response.
Most likely you have forgotten to put your token to the Header in Postman to be authenticated for the server in order to get a response.
I have created a backend spring-boot REST api which is deployed on the EC2 that is authenticated with JWT. So, I first curl to get the Bearer token:
curl -iH "Content-Type: application/json" -X POST -d '{"username":"myusername", "password":"mypassword"}' http://123.45.6782.910:8080/login
Then make the REST call to access my REST resource
curl -H "Authorization: eyJhbGzd9.NYHXPv-vXUIoNr7qtA" http://123.45.6782.910:8080/categories/pets/
This all works fine.
Now, I want to use API Gateway to access the /categories/pets/ Resource.
I have setup GET - Method execution's Method request, Integration Request sections. But, when I try to Test the setup, I get 403.
{
"timestamp": 1498392625274,
"status": 403,
"error": "Forbidden",
"message": "Access Denied",
"path": "/categories/pets/"
}
I think this is expected because I am directly trying to access the backend api without the bearer token. I want to know how can I do the POST on http://123.45.6782.910:8080/login to get the Bearer token and then make the call to /categories/pets/ ?
UPDATE: As per #KaHouIeong suggestion, I created a POST endpoint /login on the API gateway to get the bearer token, When I test is in the test console in the API Gateway, I am getting the Authorization →Bearer eyJhbGzd9 but when I try it from postman, I am getting the status 200 OK but not the Authorization →Bearer eyJhbGzd9 token.
content-length →0
content-type →application/json
status →200
via →1.1 swfbfbbaf3fb6c32bdccb152354539e473d.cloudfront.net (CloudFront)
x-amz-cf-id →K9V3XUxHOretrza0kCM5dk_G5eZgePrtrBziyVTxptrePD7wjsWqk-l0kCQQ==
x-amzn-requestid →5ac81024-5c27-11e7-af9a-9f3c8494c542
x-amzn-trace-id →Root=1-5953e77f-ed76d15b5bfre9374c9
Your client should send a request to /login and get the bearer token from the response, then re-use the token to access your /categories/pets/ API.
The workflow should be same as you hit your EC2 backend directly.
For your API setup on API Gateway, you need to setup a /login resource and point to the http://123.45.6782.910:8080/login
Then, you need to setup the integration response header mapping to map the Authorization header back to the method response, then API Gateway will pass through the header to the client.
integration.response.header.Authorization -> method.response.header.Authorization