Access forbidden Error


#1

We try to upgrade our app from v1.9 to v2.
Beside the fact that V2 is much faster (!) we struggling with the following error:

First we login as demo user:

URL (POST):
…/api/v2/user/session

With body:

{
“email”: "user@test.com",
“password”: “password”,
“duration”: 0
}

This works and returns a session_token and a session_id.

In next step we try to call the service “db” / app “apptest”

URL (GET):
…/api/v2/db

With header:
X-DreamFactory-Session-Token --> session_token from above
X-DreamFactory-Application-Name --> apptest

This returns:

“error”: {
“context”: null,
“message”: “Access Forbidden.”,
“code”: 403,

We have created a role with permissions on all services. Also we enabled CORS with * and assigned created role to user.

Problem stays the same on local install and on dreamfactory enterprise. We also tested with different services,users and roles.


#2

After some try + error I found out that if using X-DreamFactory-Api-Key instead of X-DreamFactory-Application-Name the request works.

Is X-DreamFactory-Application-Name deprecated in V2?


#3

Yes. As 2.0 is a complete rebuild and not an upgrade, some things like this have changed. I recommend checking the 2.0 wiki for details if you encounter this or other issues. The API key aspect is covered on this documentation page.


#4

Thanks Jeffrey

We already found out :wink: