REST API: 403 Client Error: Forbidden for url after Create Request using Token

danijelmicic 7 days ago

Hello Guys,

I'm trying to use the M-Files REST API in my Python application. I was able to login and received a token.

After that I'm trying to create new objects in my Vault. This is the JSON-body contained in my request:

json_body = {

"PropertyValues": [

{

"PropertyDef": config.get("mfiles.properties.class_property_def"),

"TypedValue": {

"DataType": 9,

"Value": "null",

"Lookup": {

"Deleted": "false",

"DisplayValue": "null",

"Hidden": "false",

"Item": config.get(f"mfiles.classes.process_class_id"),

"Version": -1

}

{

"PropertyDef": config.get("mfiles.properties.customer_property_def"),

"TypedValue": {

"DataType": 9,

"Value": "null",

"Lookup": {

"Deleted": "false",

"DisplayValue": "null",

"Hidden": "false",

"Item": config.get(f"mfiles.property_values.customer_value_id"),

"Version": -1

}

{

"PropertyDef": config.get("mfiles.properties.interface_id_property_def"),

"TypedValue": {

"DataType": 1,

"Value": measuring_point['idnr']

}

{

"PropertyDef": config.get("mfiles.properties.energy_type_property_def"),

"TypedValue": {

"DataType": 9,

"Value": "null",

"Lookup": {

"Deleted": "false",

"DisplayValue": "null",

"Hidden": "false",

"Item": config.get(f"mfiles.property_values.energy_type_{medium}_value_id"),

"Version": -1

}

{

"PropertyDef": config.get("mfiles.properties.interface_property_def"),

"TypedValue": {

"DataType": 9,

"Value": "null",

"Lookup": {

"Deleted": "false",

"DisplayValue": "null",

"Hidden": "false",

"Item": config.get(f"mfiles.property_values.interface_enportal_value_id"),

"Version": -1

}

{

"PropertyDef": config.get("mfiles.properties.marklokation_property_def"),

"TypedValue": {

"DataType": 1,

"Value": measuring_point['marktlokation']

}

]

}

I send the request with "X-Authentication": token as the header to my.m-files/.../159.aspx. The 159 represents a real objecttype in my vault.

Then I receive the following response: requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://my.m-files/REST/objects/159.aspx

I don't really understand what's missing or what the issue is. As far is I understand there is an issue with the token that I passed to the new request. Also maybe my request body is not sufficent enough... I can also provide more source code if needed.

Help would be really appreciated. Note: This is my first time working with the REST API

Kind regards,
Danijel

Parents

0 Craig Hawker 7 days ago

Note that that endpoint will return a token even if the request itself is invalid, or the credentials are invalid. My assumption is that there's something wrong with that initial request. There may also be something wrong with the second request, but the 403 needs to be fixed first.

Can you give some example of what you're doing to get the token?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 danijelmicic 7 days ago in reply to Craig Hawker

Hey Craig, Thank you for the quick response. I think the initial request should be fine in regards to the credentials and the endpoint, because if I use the same credentials in the header for the create request, everything works fine.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Craig Hawker 7 days ago in reply to danijelmicic

Can you show me the structure of that, though? Does it include the vault guid and things?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 danijelmicic 2 days ago in reply to Craig Hawker

Sorry for the late answer:

The headers look like this:

mfiles_headers = {

'Content-Type': 'application/json',

'X-Username': config.get("mfiles.username"),

'X-Password': config.get("mfiles.password"),

'X-Vault': config.get("mfiles.vault_id")

}

When I use the headers for the requests everything works fine.

The request contains a simple json body like this:

json_body={

"PropertyDef": interface_id_property_def,

"TypedValue": {

"DataType": 1,

"Value": interface_id

}

}

I'm save the token like this: token = result.get("Value")
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Craig Hawker 2 days ago in reply to danijelmicic

Show the actual content of the request to the authentication endpoint. That structure is probably wrong, which is why the token is invalid.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 danijelmicic 2 days ago in reply to Craig Hawker

Here is the actual content of the authentication request:

postman request POST 'ecb.enerprice.ch/.../authenticationtokens.aspx' \
--header 'Content-Type: application/json' \
--header 'Cookie: ASP.NET_SessionId=gnqbp50l2zpu0dhnzpf4z5wd; token=ag7bf6XOdtr9zE9_kgY_0WsijVgjNXGqD60Bt4wkgtt7bD3ZqbNx2dHuu1IegJqXdxknBx-gBf-_nhKpaelrMLoZzuIgcXcUT5p_WQNfIWIjyA402QnqwK0iDa0ZiSp3JW5JhRCi3tIt7jkZzh2uvHmR552EDccwZPbWZZzZtak6jW88nPOEUZK5-WrEopZz5hLDcZxdOHG-V8cKi8Xrn6GiXyBTC6vuO3C4EPkW2dqiYWD2rJcHQOQF6OhBfhgU-4TS3s-NaXt-UBk0RrSeEa454GMvnVmmA6SlwT4uAsMmWMiDejKCRyBJmAqn-b9PefevFh9JATiokJS-5Gi1zw' \
--body '{
"Username": "myUser",
"Password": "myPassword",
"VaultGuid": "{216DA69D-4595-408E-AD27-E98EDD13759A}"
}'
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 danijelmicic 2 days ago in reply to Craig Hawker

Here is the actual content of the authentication request:

postman request POST 'ecb.enerprice.ch/.../authenticationtokens.aspx' \
--header 'Content-Type: application/json' \
--header 'Cookie: ASP.NET_SessionId=gnqbp50l2zpu0dhnzpf4z5wd; token=ag7bf6XOdtr9zE9_kgY_0WsijVgjNXGqD60Bt4wkgtt7bD3ZqbNx2dHuu1IegJqXdxknBx-gBf-_nhKpaelrMLoZzuIgcXcUT5p_WQNfIWIjyA402QnqwK0iDa0ZiSp3JW5JhRCi3tIt7jkZzh2uvHmR552EDccwZPbWZZzZtak6jW88nPOEUZK5-WrEopZz5hLDcZxdOHG-V8cKi8Xrn6GiXyBTC6vuO3C4EPkW2dqiYWD2rJcHQOQF6OhBfhgU-4TS3s-NaXt-UBk0RrSeEa454GMvnVmmA6SlwT4uAsMmWMiDejKCRyBJmAqn-b9PefevFh9JATiokJS-5Gi1zw' \
--body '{
"Username": "myUser",
"Password": "myPassword",
"VaultGuid": "{216DA69D-4595-408E-AD27-E98EDD13759A}"
}'
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Craig Hawker 2 days ago in reply to danijelmicic

Looks reasonable; only thing I can see vs our postman collection (MFilesSamplesAndLibraries/Libraries/Postman/M-Files.postman_collection.json at master · M-Files/MFilesSamplesAndLibraries) is that the vault GUID there is listed without braces.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 danijelmicic 2 days ago in reply to Craig Hawker

I removed the braces but I still get the same error... Thank you very much for providing the postman collection. This will probably help me a lot in the future!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 danijelmicic 2 days ago in reply to Craig Hawker

I'm trying to update a property on an object. I followed the example in postman collection and I struggle here as well... Let me know If I should create a new question:

postman request POST 'ecb.enerprice.ch/.../3056' \
--header 'Content-Type: application/json' \
--header 'X-Username: user' \
--header 'X-Password: passsword' \
--header 'X-Vault: 216DA69D-4595-408E-AD27-E98EDD13759A' \
--header 'Cookie: ASP.NET_SessionId=y2yejhtbthwvcspynu15g5c4; token=ag7bf6XOdtr9zE9_kgY_0WsijVgjNXGqD60Bt4wkgtt7bD3ZqbNx2dHuu1IegJqXdxknBx-gBf-_nhKpaelrMLoZzuIgcXcUT5p_WQNfIWIjyA402QnqwK0iDa0ZiSp3JW5JhRCi3tIt7jkZzh2uvHmR552EDccwZPbWZZzZtak6jW88nPOEUZK5-WrEopZz5hLDcZxdOHG-V8cKi8Xrn6GiXyBTC6vuO3C4EPkW2dqiYWD2rJcHQOQF6OhBfhgU-4TS3s-NaXt-UBk0RrSeEa454GMvnVmmA6SlwT4uAsMmWMiDejKCRyBJmAqn-b9PefevFh9JATiokJS-5Gi1zw' \
--body '[{
"PropertyDef": 3056,
"TypedValue": {
"DataType": 1,
"Value": 1234567890
}
}]'

I get this error:

{

"Status": 405,

"URL": "/objects/114/66360/latest/properties/3056",

"Method": "POST",

"Exception": {

"Name": "NotSupportedException",

"Message": "Specified method is not supported."

},

"Stack": "Error reference ID: cdbb606f-d44f-4ead-9309-4a72b9dcb88b",

"Message": "Specified method is not supported.",

"IsLoggedToVault": true,

"IsLoggedToApplication": true,

"ExceptionName": "NotSupportedException"

}

I also tried with .aspx at the end and only /properties without the property definition ID.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Craig Hawker 1 day ago in reply to danijelmicic

Did you mean to do a put?

https://developer.m-files.com/APIs/REST-API/Reference/resources/objects/type/objectid/version/properties/id/
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

REST API: 403 Client Error: Forbidden for url after Create Request using Token

Contact Us

Schedule a Demo

Careers

Trust Center

Privacy Policy

Security Hall of Fame

Subcontractors

M-Files Community

Support Portal

Help Center

Product Center

Download M-Files

User Guides

Product News