A question:
I am right when i am saying the moquiSessionToken is not used in the REST interface?
Regards,
Hans at growerp.com
A question:
I am right when i am saying the moquiSessionToken is not used in the REST interface?
Regards,
Hans at growerp.com
I disabled providing session tokens when using the REST interface and everything still working okβ¦
so to answer the question myself: no it is not used.
however should it be used?
If I recall correctly, the moquiSessionToken is for POST events to prevent xss POST in client side js.
at the moment i do not provide a moquiSessionToken when accessing via the REST interface, and it is not giving me an error, so my understanding the moquiSessionToken is not used here?
I think thatβs because you accessed a no-auth API. MoquiSessionToken is needed for authorized activities
Yeah thatβs right, and by default POST events from the REST API or transitions require authentication.
Thank for your replies, however below is a POST request of creating a company from a user who is logged in using the api_key but no moqui session token:
ββ£ Request β POST
β http://localhost:8080/rest/s1/growerp/100/Company
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Headers
β content-type: application/json
β api_key: auM6cutFfsdyo7XAnpp4CiHkrGB6DCHTKxvgExiY
β contentType: application/json
β responseType: ResponseType.json
β followRedirects: true
β connectTimeout: 0:00:05.000000
β receiveTimeout: 0:00:10.000000
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Extras
β requireApiKey: true
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Body
β company: Company name: Test company[null] Curr: imgSize: null#Empl: 0
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β {company: Company name: Test company[null] Curr: imgSize: null#Empl: 0}
ββ£ Response β POST β Status: 200 OK
β http://localhost:8080/rest/s1/growerp/100/Company
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Headers
β access-control-allow-credentials: [true]
β access-control-allow-origin: [http://localhost:39775]
β content-length: [183]
β content-type: [application/json]
β expires: [Thu, 01 Jan 1970 00:00:00 GMT]
β moquisessiontoken: [Nuaie-twmMBE908G7FpS]
β x-csrf-token: [Nuaie-twmMBE908G7FpS]
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Body
β
β {
β company: {
β partyId: β102217β,
β pseudoId: β102217β,
β name: βTest companyβ,
β role: βCustomerβ,
β email: ββ,
β currency: null,
β image: null,
β address: null,
β vatPerc: β0β,
β salesPerc: β0β,
β paymentMethod: null,
β telephoneNr: ββ,
β employees:
β }
β }
β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
If You need need more info about the system please check github at : GitHub - growerp/growerp: GrowERP Flutter ERP for Android, IOS and Web using Moqui.org, Apache OFBiz the moqui system is in the directory βmoquiβ
Thanks for you help!
regards,
Hans
There is an api_key in your request header. Moqui will call log-in with that key and the sessionToken is not needed any more. In other words, your are doing re-login in every request.
Notice that the moquiSessionToken is present in the response header, you should capture it for use in next requests, to save server resources.
Thank you for the answer, very useful, will try it,
Regards,
Hans