Message Boards
Cannot access new REST APIs in 7.2 using browser
Cannot access new REST APIs in 7.2 using browser
Junior Member Posts: 37 Join Date: 7/2/12 Recent PostsI am unable to access the new REST Open API in DXP 7.2 from a browser
window.
If i use a REST client tool, set up BASIC AUTH, and hit
the URL http://localhost:8080/o/headless-delivery/v1.0/openapi.json
everything works fine and as expected.
If however i try to
hit that exact same URL from the address bar of a logged in browser
session I receive:
Access denied to com.liferay.headless.delivery.internal.resource.v1_0.OpenAPIResourceImpl#getOpenAPI
Am I doing something wrong?
RE: Cannot access new REST APIs in 7.2 using browser
Liferay Master Posts: 591 Join Date: 8/8/14 Recent PostsThis is because all the services are protected under Basic access authentication, if your using postman or rest client set the Basic Auth in Header or if you want to access from browser you need to add com.liferay.headless.delivery.internal.resource.v1_0.OpenAPIResourceImpl#getOpenAPI in SYSTEM_DEFAULT (Service Access Policy)
RE: Cannot access new REST APIs in 7.2 using browser
New Member Posts: 11 Join Date: 10/23/20 Recent PostsSolution 1: As per @MohammedYasin's response, you should add the "Authorization" header as in the example bellow (I'm using Postman):
Solution 2: disable the authentication for your module. For this, follow the https://help.liferay.com/hc/en-us/articles/360021024071-Making-Authenticated-Requests- details. Keep in mind that their example (com.liferay.headless.delivery.internal.jaxrs.application.HeadlessDeliveryApplication-default.config) is for the component from their example. The real name of the config file should be in regard with what you have defined. For example, if your Class is PdfGeneratorApplication and is in PdfGenerator.application package, the your config file should be named PdfGenerator.application.PdfGeneratorApplication-default.config with the following content:
oauth2.scopechecker.type="none"
auth.verifier.auth.verifier.BasicAuthHeaderAuthVerifier.urls.includes="*"
auth.verifier.auth.verifier.OAuth2RestAuthVerifier.urls.includes="*"
auth.verifier.guest.allowed="true"
RE: Cannot access new REST APIs in 7.2 using browser
Junior Member Posts: 30 Join Date: 9/4/14 Recent PostsPlease refer this. https://learn.liferay.com/dxp/latest/en/headless-delivery/consuming-apis/making-unauthenticated-requests.html
you need to create a service access policy.