A question:
I am right when i am saying the moquiSessionToken is not used in the REST interface?
Regards,
Hans at growerp.com
I disabled providing session tokens when using the REST interface and everything still working okβ¦
so to answer the question myself: no it is not used.
however should it be used?
If I recall correctly, the moquiSessionToken is for POST events to prevent xss POST in client side js.
1 Like
at the moment i do not provide a moquiSessionToken when accessing via the REST interface, and it is not giving me an error, so my understanding the moquiSessionToken is not used here?
I think thatβs because you accessed a no-auth API. MoquiSessionToken is needed for authorized activities
1 Like
Yeah thatβs right, and by default POST events from the REST API or transitions require authentication.
Thank for your replies, however below is a POST request of creating a company from a user who is logged in using the api_key but no moqui session token:
ββ£ Request β POST
β http://localhost:8080/rest/s1/growerp/100/Company
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Headers
β content-type: application/json
β api_key: auM6cutFfsdyo7XAnpp4CiHkrGB6DCHTKxvgExiY
β contentType: application/json
β responseType: ResponseType.json
β followRedirects: true
β connectTimeout: 0:00:05.000000
β receiveTimeout: 0:00:10.000000
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Extras
β requireApiKey: true
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Body
β company: Company name: Test company[null] Curr: imgSize: null#Empl: 0
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β {company: Company name: Test company[null] Curr: imgSize: null#Empl: 0}
ββ£ Response β POST β Status: 200 OK
β http://localhost:8080/rest/s1/growerp/100/Company
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Headers
β access-control-allow-credentials: [true]
β access-control-allow-origin: [http://localhost:39775]
β content-length: [183]
β content-type: [application/json]
β expires: [Thu, 01 Jan 1970 00:00:00 GMT]
β moquisessiontoken: [Nuaie-twmMBE908G7FpS]
β x-csrf-token: [Nuaie-twmMBE908G7FpS]
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Body
β
β {
β company: {
β partyId: β102217β,
β pseudoId: β102217β,
β name: βTest companyβ,
β role: βCustomerβ,
β email: ββ,
β currency: null,
β image: null,
β address: null,
β vatPerc: β0β,
β salesPerc: β0β,
β paymentMethod: null,
β telephoneNr: ββ,
β employees:
β }
β }
β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
If You need need more info about the system please check github at : GitHub - growerp/growerp: GrowERP Flutter ERP for Android, IOS and Web using Moqui.org, Apache OFBiz the moqui system is in the directory βmoquiβ
Thanks for you help!
regards,
Hans
1 Like
There is an api_key in your request header. Moqui will call log-in with that key and the sessionToken is not needed any more. In other words, your are doing re-login in every request.
Notice that the moquiSessionToken is present in the response header, you should capture it for use in next requests, to save server resources.
1 Like
Thank you for the answer, very useful, will try it,
Regards,
Hans