Cannot access new REST APIs in 7.2 using browser

Jamie Sammons, modified 3 Years ago.

Junior Member Posts: 37 Join Date: 7/2/12 Recent Posts

I am unable to access the new REST Open API in DXP 7.2 from a browser window.
If i use a REST client tool, set up BASIC AUTH, and hit the URL http://localhost:8080/o/headless-delivery/v1.0/openapi.json everything works fine and as expected.
If however i try to hit that exact same URL from the address bar of a logged in browser session I receive:
Access denied to com.liferay.headless.delivery.internal.resource.v1_0.OpenAPIResourceImpl#getOpenAPI
Am I doing something wrong?

delivery api

Mohammed Yasin, modified 6 Years ago.

RE: Cannot access new REST APIs in 7.2 using browser

Liferay Master Posts: 593 Join Date: 8/8/14 Recent Posts

Hi,
This is because all the services are protected under Basic access authentication, if your using postman or rest client set the Basic Auth in Header or if you want to access from browser you need to add com.liferay.headless.delivery.internal.resource.v1_0.OpenAPIResourceImpl#getOpenAPI in SYSTEM_DEFAULT (Service Access Policy)

Victor Manea, modified 4 Years ago.

RE: Cannot access new REST APIs in 7.2 using browser

New Member Posts: 11 Join Date: 10/23/20 Recent Posts

Solution 1: As per @MohammedYasin's response, you should add the "Authorization" header as in the example bellow (I'm using Postman):

Solution 2: disable the authentication for your module. For this, follow the https://help.liferay.com/hc/en-us/articles/360021024071-Making-Authenticated-Requests- details. Keep in mind that their example (com.liferay.headless.delivery.internal.jaxrs.application.HeadlessDeliveryApplication-default.config) is for the component from their example. The real name of the config file should be in regard with what you have defined. For example, if your Class is PdfGeneratorApplication and is in PdfGenerator.application package, the your config file should be named PdfGenerator.application.PdfGeneratorApplication-default.config with the following content:

oauth2.scopechecker.type="none"
auth.verifier.auth.verifier.BasicAuthHeaderAuthVerifier.urls.includes="*"
auth.verifier.auth.verifier.OAuth2RestAuthVerifier.urls.includes="*"
auth.verifier.guest.allowed="true"

Abdul Kareem, modified 3 Years ago.

RE: Cannot access new REST APIs in 7.2 using browser

Junior Member Posts: 30 Join Date: 9/4/14 Recent Posts

Please refer this. https://learn.liferay.com/dxp/latest/en/headless-delivery/consuming-apis/making-unauthenticated-requests.html

you need to create a service access policy.

Community

Company

Feedback

Ask Questions and Find Answers

Important:

Ask is now read-only. You can review any existing questions and answers, but not add anything new.

But - don't panic! While ask is no more, we've replaced it with discuss - the new Liferay Discussion Forum! Read more here here or just visit the site here:

discuss.liferay.com

Cannot access new REST APIs in 7.2 using browser