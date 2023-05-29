Calling a Secure Rest API using basic with from Javascript Client Application

JavaScript
1

I want to call a secure Rest API using Javascript but its giving error.

the below code i am trying:

var request = new XMLHttpRequest();
var url = “http: // 10.10.50.10:8081/rsgateway/data/json/Number+9171246241”;
var method = “GET”;

request.open(method, url);

request.setRequestHeader(“Access-Control-Allow-Headers”, “");
request.setRequestHeader(“Access-Control-Allow-Credentials”, “true”);
request.setRequestHeader(“Content-type”, “application/json; charset=UTF-8”);
request.setRequestHeader(“Authorization”, "Basic <test:Passw0rd@321 as Base64 encoded> ");
request.setRequestHeader(“Access-Control-Allow-Origin”, "”);
request.onreadystatechange = function () {

if (request.readyState ==4 && request.status ==200) {
var response = JSON.parse(this.response);

var sessionId = response.sessionId;

 //Use this sessionId in all other calls

}

}

// Send request
console.log(“OK”);
request.send();

I am getting below errors in browser console:

XHROPTIONS
http :// 10.10.50.10:8081/rsgateway/data/json/Number+9171246241
CORS Missing Allow Origin

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://10.10.50.10:8081/rsgateway/data/json/Number+9171246241. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 401.

while i try to call the api using basic auth with the postman and using test user its working fine.

please help me to fix it.

thanks,

2

What are the API headers?

3

these are the required header parameter.

http_method);
“Content-Type”, “application/json; charset=UTF-8”);
“Accept”, “application/json”);
setDoInput(true);

4

You are aware, that everyone can read your API credentials when you call the API from the client? This is normally a absolutely no go!

Are you sure the API is designed to accept requests from outside? Normally you get an CORS error if you try to fetch data from a server which only allow access from his own server or special whitelisted servers.

5

its an on premise service its ok, just i want to fix my JavaScript application to be able to call the api. if someone help/guide me, where i am doing wrong which i can not call successfully the api.

6

Yes, I am sure because i already have integrated with a Java client application which is working fine

7

Take a look at the browsers developer tools and show us the complete headers send to the API. Maybe the origin is missing

8

One more point, When i call the api from postman from the same VM which i am trying the javascript is working fine.

9

So you can easily compare the send headers from the postman console with the send headers in the browsers development tool and you will see the differentce

10

the only difference i am seeing on postman console is authorization.

image

Maybe i am using different/incorrect encoding of credentials.

But i am not sure which encoded method will be the correct one

11

this one is from browser console which is not working.
image