consume REST API always throw Webexception Protocol Error 403

I tried various ways to consume rest api in outsystems and none of it are successful. 

The error gotten is showing WebException.ProtocolError: THe remote server returned an error 403 Forbidden. 

However same URLs end point are accessible from browser. Have no clue what was missing / incorrect. 


Jennifer Poo wrote:

I tried various ways to consume rest api in outsystems and none of it are successful. 

The error gotten is showing WebException.ProtocolError: THe remote server returned an error 403 Forbidden. 

However same URLs end point are accessible from browser. Have no clue what was missing / incorrect. 


Incase you are pointing to Third-party Server then:

 A 403 Forbidden error means that you do not have permission to view the requested file or resource. While sometimes this is intentional, other times it is due to mis-configured permissions. The top reasons for this error are permissions or .htaccess error.

Hi

How can it be a permission error if all are accessible from browsers? Browser didn't throw any error and are returning results. 

The same URLs when paste onto outsystems are giving 403 error. 

I tried many sites none are successufly, hence wondering it is due to outsystem platform or configuration within the platform.  

Hi Jennifer,

Check if a firewall could be blocking requests from your server to the server exposing the REST API.

hi Jorge, 


I don't quite understand why is the blocking of firewall whereby 

(1) Rest API are public available services 

(2) I'm able to access from browser and gotten result return  ...

But not via OutSystems. 

We have no control over OutSystems in cloud... so how can we validate ?

Hi Jennifer,

I don't know what's happening exactly, my remark is because typically when you can access a resource from your development machine but your applications (running on the OutSystems server) cannot, it is because those two machines have different network configurations at play... the OutSystems server being behind a firewall is the most common scenario (maybe through a VPN connection).

In order to validate, I suggest you implement the On Before Request and On After Response callbacks for your consumed REST service and debug, so you can analyse what was the Request generated and what Response was received.

hi Jorge, 

i very new to outsystems, have no idea how to follow your steps.

let me rephase my scenario using hardcore written programming language. 

in NodeJS, code is written as to call REST API and structure msg as attached image, 

but if i do in outsystem, i getting HTTP/1.1 403 ForbiddenContent-Type Authentication parameters missing. 


Wonder if you could advise how to configure in outsystems?


Can you show a screenshot of your service definition in service studio?

How are you setting the headers?

Also since it's complaining about the Content-Type missing and the platform does that for you, do you have any input?

Hi Jennifer, I checked the API you are using and it seems you need to provide it with at least the app_id and app_key headers... I reinforce João's questions, how are you adding the headers to the REST call in OutSystems?

hi both, 


attached my screenshot setting... 


i not sure how to map this piece of code into outsystem rest api.

https://api.kairos.com/detect

{

 "app_id": "2ba26946",

 "app_key": "d40942af6f26d379203a0a5d154b8378",

 "cache-control": "no-cache",

 "image": "https://media.kairos.com/liz.jpg"

Solution

Hi,


A lot of stuff wrong there.

I'll explain it below, but did you already try the forge component for Kairos? Even if it's missing some method that you need you can see how it is done. There is also a demo component for it here.


Anyway, so you can learn what you were doing wrong:

  • First of all, in the documentation all methods are POST (even on your NodeJs example). But in there you have GET selected.
  • You don't usually need to specify a Content-Type header. Having a Body input (available on POST)  with "Request Format" set to JSON will do that automatically for you. (also when importing on that window it will try to guess the format and set it for you) if you give it a Request example.
  • The right column on the headers tab are the "Response Headers", not the values for the headers you set on the left. Leave that empty
  • Remove all the basic authentication stuff and Authorization header. Kairos api does not seem to use any of that.
  • On the Test tab fill the values for your headers and then you can click Test






Regards,
João Rosado

Solution

Thank you very very much João for your guidance.  

João Rosado wrote:

Hi,


A lot of stuff wrong there.

I'll explain it below, but did you already try the forge component for Kairos? Even if it's missing some method that you need you can see how it is done. There is also a demo component for it here.


Anyway, so you can learn what you were doing wrong:

  • First of all, in the documentation all methods are POST (even on your NodeJs example). But in there you have GET selected.
  • You don't usually need to specify a Content-Type header. Having a Body input (available on POST)  with "Request Format" set to JSON will do that automatically for you. (also when importing on that window it will try to guess the format and set it for you) if you give it a Request example.
  • The right column on the headers tab are the "Response Headers", not the values for the headers you set on the left. Leave that empty
  • Remove all the basic authentication stuff and Authorization header. Kairos api does not seem to use any of that.
  • On the Test tab fill the values for your headers and then you can click Test






Regards,
João Rosado

Thanks for the detailed explanation Answer.

Cheers !!