Post

2 followers

Developers

Cannot authenticate to the API with an XMLHTTPRequest in JavaScript

Hi Clarizen,

I've been trying to access the API through JavaScript, but I can't seem to authenticate. I've never used an API authentication before, so any help is welcome.

I have managed to get the server definition, which does not seem to require authentication, but trying to authenticate I run into the following error: The request has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

I have to use JavaScript for this, any suggestion how to work around the fact that you cannot change the header?

function ajaxPost(url, callback) {

var req = new XMLHttpRequest();

req.open("POST", url, false,'user.name','password123');
req.withCredentials=true;

req.addEventListener("load", function () {

if (req.status >= 200 && req.status < 400) {

callback(req.responseText);

} else {

console.error(req.status + " test " + req.statusText + " " + url);

}

});

req.addEventListener("error", function () {

console.error("Erreur réseau avec l'URL " + url);

});

req.send(null);

}

ajaxPost("https://api2.clarizen.com/v2.0/services/authentication/login", function(reponse) {

var resultat = JSON.parse(reponse);
console.log("ServerDefinitionResponse"+resultat +" & JSON :" + reponse);
});

Thank you for any help,

Noémie Neyron

Noémie Neyron November 22, 2018 09:05 Answered

Official comment

Hi Noémie,

This example works for me:

var request = new XMLHttpRequest();

request.open('POST', 'https://api2.clarizen.com/V2.0/services/authentication/Login', true);

request.onreadystatechange = function () {

if (request.readyState ==4 && request.status ==200) {

     var response = JSON.parse(this.response);

     var sessionId = response.sessionId;

     //Use this sessionId in all other calls

  }

}

// Send request

request.send('{"userName":"YourUserName","password":"YourPassword"}');

I hope this helps,

Elad

Elad Franklin November 26, 2018 08:37

Please sign in to leave a comment.

3 comments
Date Votes

I tried with another method:

var credentials= window.btoa('username:password');
req.open("POST", url, false);
req.setRequestHeader("Authorization","Basic "+credentials);

And got error 401 Unauthorized

As well as with non encoded and encoded params in Postman, and encountered following error:

{
"errorCode": "LoginFailure",
"message": "Username and password do not match.",
"referenceId": "R7sN5gY9ucZGE0JgUGEyU"
}

These credentials work perfectly fine when I connect with them directly in Clarizen, in which I have admin rights.

Any advice?

Thanks

Noémie Neyron November 22, 2018 10:16 0 votes

Hi Elad,

Thank you.

After trying multiple solutions, I found that sending the credentials as parameters directly in the URL work too.

Thanks for your answer,

Noemie

Noémie Neyron November 26, 2018 08:42 0 votes

Cannot authenticate to the API with an XMLHTTPRequest in JavaScript

Official comment

3 comments Date Votes

3 comments
Date Votes