Rest api oAuth Token Creation

Hi,

I am trying to use RestAPI in my cuba application. While creating the oAuth token, i have given all the necessary parameters and also the restapi.id and restapi.secret in the POST request.

But in response I am getting error message as “Unauthorized” and “Bad Credentials”.

Kindly help.

Hi.
First, open web-app.properties file in your project and remove cuba.rest.client.id and cuba.rest.client.secret properties from it.
Second, run the app and open Roles screen, find rest-api-access role in the table and assign it to your user.
And third, if you need to access to entities with REST API, you have to create a new role with REST Security scope, specify necessary permissions and also assign it to your user.

More information about roles and security you will find here.

Regards,
Natalia

1 Like

Hi Natalia,

My current user is “admin” and I can see that this user is already assigned to the “rest-api-access” role.
Also, CUBA is not allowing me to change anything for these settings. With these settings also, I am getting the same previous error mentioned earlier in the POST response, and also while using cURL statement. Attached a screenshot as well.

Capture1

Open web-app.properties file in your project and remove cuba.rest.client.id and cuba.rest.client.secret properties from it. Restart your application.

Hi Natalia
I followed your steps (removed client.id and .secret frp, web-app.properties then count obtain the token.

Can you please briefly explain what is the purpose/usage of those properties?

Here are the docs about REST API and application properties

Thanks but not sure about that point. Do I have to remove client id and secret always?

It’s recommended to specify non-default values cuba.rest.client.id and cuba.rest.client.secret in the project (and therefore use another value of the Authorization: Basic XXXXXXXXXXXXXXX header when obtaining the token).

However the REST user guide implicitly uses default credential values: client / secret in all code examples, therefore for newbies to get their first REST requests run successfully we sometimes recommend to remove custom values from the xxx.properties files.

Thanks @albudarov for your clarification. So in real-life app, suggested to use both. Do you have any sample app reference as being beginner in this area?

There’s no need for any client app.
It is very simple.

From the REST API documentation:

You should pass the client identifier and password, separated by a single colon (“:”) character, within a base64 encoded string in the Authorization header.

For example, for the values
cuba.rest.client.id=client
cuba.rest.client.secret={noop}secret

So, open any online base64 encoder, e.g. this:

Input “client:secret” there.

And you will get the “Y2xpZW50OnNlY3JldA==” string which is used throughout the documentation.

1 Like