Post

2 followers Follow
0
Avatar

Cannot authenticate to the API with an XMLHTTPRequest in JavaScript

Hi Clarizen,

I've been trying to access the API through JavaScript, but I can't seem to authenticate. I've never used an API authentication before, so any help is welcome. 

I have managed to get the server definition, which does not seem to require authentication, but trying to authenticate I run into the following error: The request has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

I have to use JavaScript for this, any suggestion how to work around the fact that you cannot change the header? 

 


function ajaxPost(url, callback) {

var req = new XMLHttpRequest();

req.open("POST", url, false,'user.name','password123');
req.withCredentials=true;

req.addEventListener("load", function () {

if (req.status >= 200 && req.status < 400) {

callback(req.responseText);

} else {

console.error(req.status + " test " + req.statusText + " " + url);

}

});

req.addEventListener("error", function () {

console.error("Erreur réseau avec l'URL " + url);

});

req.send(null);

}

 

ajaxPost("https://api2.clarizen.com/v2.0/services/authentication/login", function(reponse) {

var resultat = JSON.parse(reponse);
console.log("ServerDefinitionResponse"+resultat +" & JSON :" + reponse);
});

Thank you for any help,

Noémie Neyron

 

Noémie Neyron Answered

Official comment

Avatar

Hi Noémie,

This example works for me:

var request = new XMLHttpRequest();

request.open('POST', 'https://api2.clarizen.com/V2.0/services/authentication/Login', true);

request.onreadystatechange = function () {

if (request.readyState ==4 && request.status ==200) {

var response = JSON.parse(this.response);

var sessionId = response.sessionId;

//Use this sessionId in all other calls

}

}

// Send request

request.send('{"userName":"YourUserName","password":"YourPassword"}');

 

I hope this helps,

Elad

Elad Franklin

Please sign in to leave a comment.

3 comments

0
Avatar

I tried with another method:

var credentials= window.btoa('username:password');
req.open("POST", url, false);
req.setRequestHeader("Authorization","Basic "+credentials);

And got error 401 Unauthorized

As well as with non encoded and encoded params in Postman, and encountered following error: 

{
"errorCode": "LoginFailure",
"message": "Username and password do not match.",
"referenceId": "R7sN5gY9ucZGE0JgUGEyU"
}

These credentials work perfectly fine when I connect with them directly in Clarizen, in which I have admin rights.

Any advice?

Thanks

Noémie Neyron 0 votes
0
Avatar

Hi Elad,

Thank you.

After trying multiple solutions, I found that sending the credentials as parameters directly in the URL work too. 

Thanks for your answer,

Noemie

Noémie Neyron 0 votes