Hi IDM Experts!

I've set up the REST API for our IDM 8.0 instance and testing the API, by getting the CSRF tokens via an initial GET, and then using the received token to perform a POST operation on an existing User:

Making a slight update to Jannis' useful function, I am now using this to test my REST API:

// Main function:testAPI

function testAPI(Par) {

    // import all needed Java Classes

    importClass(Packages.java.net.HttpURLConnection);

    importClass(Packages.java.net.URL);

    importClass(Packages.java.io.DataOutputStream);

    importClass(Packages.java.io.InputStreamReader);

    importClass(Packages.java.io.BufferedReader);

    importClass(Packages.java.lang.StringBuffer);

    importClass(Packages.java.lang.Integer);

    var urlString = "http://localhost:50000/idmrestapi/v2/service/ET_MX_PERSON(ID=20,TASK_GUID=guid'8885B716-42ED-440B-AD5A-20DEE87F9F82')";

    var urlParameters = "{“SV_MX_LASTNAME” : “Benz”}";

    var username = "APITestUser";

    var password = "password123";

    var encoding = uToBase64(username + ":" + password);

    //BEGIN -  GET CSRF TOKEN FIRST

    var url = new URL(urlString); // + "?" + urlParameters);

    var readConn = url.openConnection();

    readConn.setRequestProperty("Authorization", "Basic " + encoding);

    readConn.setRequestMethod("GET");

    readConn.setDoInput(true);

    readConn.setRequestProperty("Content-Type", "JSONHttpRequest");

    readConn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");

    readConn.setRequestProperty("charset", "utf-8");

    readConn.setRequestProperty("X-Requested-With", "JSONHttpRequest");

    readConn.setRequestProperty("X-Requested-With", "XMLHttpRequest");

    readConn.setRequestProperty("X-CSRF-Token", "Fetch");

    readConn.connect();

    //first get CSRF TOKEN via GET

    //get the result and print it out

    var responseCode = readConn.getResponseCode();

    var xCSRFToken = readConn.getHeaderField("x-csrf-token");

    uWarning("Response Code for the GET CSRF: " + responseCode);

    uWarning("GOT THE CSRF TOKEN: " + xCSRFToken);

    readConn.disconnect();

    //END -  GET CSRF TOKEN FIRST

    //BEGIN -  DO POST USING CSRF TOKEN

    var writeConn = url.openConnection();

    writeConn.setRequestMethod("POST");

    writeConn.setDoOutput(true);

    writeConn.setDoInput(true);

    writeConn.setRequestProperty("Authorization", "Basic " + encoding);

    writeConn.setRequestProperty("X-CSRF-Token", xCSRFToken);

    writeConn.setRequestProperty("Content-Type", "JSONHttpRequest");

    writeConn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");

    writeConn.setRequestProperty("charset", "utf-8");

    writeConn.setRequestProperty("X-Requested-With", "JSONHttpRequest");

    writeConn.setRequestProperty("X-Requested-With", "XMLHttpRequest");

    writeConn.setUseCaches(false);

    var os = new DataOutputStream(writeConn.getOutputStream());

    os.writeBytes(urlParameters);

    os.flush();

    os.close();

    writeConn.connect();

    //first get CSRF TOKEN via GET

    //get the result and print it out

    responseCode = writeConn.getResponseCode();

    uWarning("Response Code for the POST METHOD with CSRF: " + responseCode);

    writeConn.disconnect();

    //END -  DO POST USING CSRF TOKEN

}

Using this updated function, and now performing the POST to the REST API using the required X-CSRF-Token, I am still getting a HTTP 403 error:

Why is this still happening even after using the necessary X-CSRF-Token? Is something wrong with the way the POST request is composed? are the urlParameters wrong? or is the URI for the POST request, wrong?

Would greatly appreciate your help with trying to resolve this error!

Thanks a ton in advance!

Best regards,

Sandeep