Dreamfactory User Authentication not working with provided Appcelerator Titanium SDK

Guest versus User Authentication:

I have only been successful at getting data from my DSP when using Guest mode that does not require any form of authentication. I cannot get the User Authentication to work with any of the documentation I have read so far. I have been on at least 10 different sites, trying 3 different methods. I understand that the mobile app version of an app works very well as with the default and sample applications.

Which SDK to Use:

I understand that The JavaScript SDK works very well for web based applications as with the default and example apps. I am trying to use the provided Titanium examples to test both a mobile web app and an Android app. I have not found information that seems to work after I finally figured out why I had errors with a bad URL. Now I have no errors, but I just get no server response to parse.

Logon information:

I believe we need an application header with API Key and sending the body with email and password in JSON format. I truly cannot figure out if lookup keys are require for a user authentication like a logon event. I don’t use any body passing logon credentials in Guest mode and it works. The app is available, but even a user authentication seems to be a major hang-up right now.

cURL testing:

I am trying to setup and test this from both my home DSP which is not SSL and my online DSP which does use SSL. I have tried to use cURL with both sites and it says the email is missing or the password cannot be resolved. I am obviously using this tool incorrectly. This means I may not have an idea as to why the authentication is failing in the first place. I thought I was able to use cURL in my home site from home, but I still got no server response. At work, it seems I cannot connect to either DSP, but maybe that’s because my code is wrong.

Testing my DSP:

I will list my cURL code here so it can be evaluated by someone with stronger knowledge of such things. Perhaps the authentication will work if I can correct confirm how the cURL code should look. My other thought is that my sites are not configured for remote authentication. Maybe someone can actually try to log into my DSP if the settings need to be checked.

cURL Code:

curl -i -k -3 -X POST https://dsp-face2edgeonline.cloud.dreamfactory.com/rest/user/session -H “X-DreamFactory-Application-Name: todojquery” -d ‘{ “email” : "jason.davisson@gmail.com", “password” : “Graphics.69” }’

It looks like your email and/or password really are incorrect. The syntax of your cURL request appears correct but it returns an error for me too. If you are on the hosted system, the first admin is created for you with the password being the password you used to create your account on dreamfactory.com. Are you able to log in to dreamfactory.com and see your DSP dashboard?

Sorry, capital ‘P’. ‘Password’

c:>curl -i -k -3 -X POST https://dsp-face2edgeonline.cloud.dreamfactory.com/res
t/user/session -H “X-DreamFactory-Application-Name: todojquery” -d '{ “email” :
"jason.davisson@gmail.com", “password” : “Password” }'
HTTP/1.1 400 Bad Request
Server: nginx
Date: Thu, 29 Jan 2015 19:26:23 GMT
Content-Type: application/json; charset=utf-8
Set-Cookie: PHPSESSID=g0iimr74fepr0htgc3lkcbvqvicmkj1sgiuimq56aruo21403tv1; path
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Transfer-Encoding: chunked
Via: 1.1 Ironport.WSA:80 (Cisco-IronPort-WSA/7.5.2-304)
Connection: keep-alive

{“error”:[{“context”:null,“message”:“Login request is missing required email.”,“
code”:400}]}HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 29 Jan 2015 19:26:22 GMT

The page cannot be found BODY { font: 8pt/12pt verdana } H1 { font: 13pt/15pt verdana } H2 { font: 8pt/12pt verdana } A:link { color: red } A:visited { color: maroon }

The page cannot be found

The page you are looking for might have been removed, had its name changed, or i s temporarily unavailable.

Please try the following:

  • Make sure that the Web site address displayed in the address bar of your bro wser is spelled and formatted correctly.
  • If you reached this page by clicking a link, contact the Web site administrator to alert them that the link is incorrectly formatted .
  • Click the Back button to try anothe r link.

HTTP Error 404 - File or directory not found.
Internet Information Servic es (IIS)

Technical Information (for support personnel)

  • Go to Microsoft Produc t Support Services and perform a title search for the words HTTP and 404.
  • Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled Web Site Setup, Common Administrative Ta sks, and About Custom Error Messages.
HTTP/1.1 404 Not Found Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Thu, 29 Jan 2015 19:26:22 GMT Connection: close Content-Length: 315 Not Found

Not Found

HTTP Error 404. The requested resource is not found.

curl: (6) Could not resolve host: gmail.com, curl: (6) Could not resolve host: password HTTP/1.1 404 Not Found Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Thu, 29 Jan 2015 19:26:25 GMT Connection: close Content-Length: 315 Not Found

Not Found

HTTP Error 404. The requested resource is not found.

curl: (6) Could not resolve host: Password curl: (3) [globbing] unmatched close brace/bracket in column 1


It works but Windows seems pickier about quotes.

On OS X:

curl -i -k -3 -X POST https://dsp-face2edgeonline.cloud.dreamfactory.com/rest/user/session -H “X-DreamFactory-Application-Name: todojquery” -d ‘{ “email” : "jason.davisson@gmail.com", “password” : “Password” }’

On Windows (no single quotes, escaped double quotes in JSON):

curl -i -k -3 -X POST “https://dsp-face2edgeonline.cloud.dreamfactory.com/rest/user/session” -H “X-DreamFactory-Application-Name: todojquery” -d “{ “email” : "jason.davisson@gmail.com”, “password” : “Password” }"

Thank you for pointing this out!

How would this affect the actual ‘body’ code I am submitting through my app? I am using the code from the downloaded Titanium SDK from the DF site and modifying email and password as in the example.


//FirstView Component Constructor
function FirstView() {
	//create object instance, a parasitic subclass of Observable
	var self = Ti.UI.createView();


	//label using localization-ready strings from <app dir>/i18n/en/strings.xml
	var label = Ti.UI.createLabel({

	//Add behavior for UI
	label.addEventListener('click', function(e) {


	var email = Ti.UI.createTextField({
			color : '#336699',
			top : 10,
			width : 250,
			height : 40,
			hintText : 'Email',
			value: 'jason.davisson@gmail.com'

	var password = Ti.UI.createTextField({
			color : '#336699',
			top : 60,
			width : 250,
			height : 40,
			hintText : 'Password',
			value: 'Password'

	var submit = Titanium.UI.createButton({
			title : 'Submit',
			top : 110,
			width : 100,
			height : 40


	submit.addEventListener('click', function (e) {
		var Promise = require('Promise');
		var dreamfactory = require('dreamfactory');
		    if (email.value != '' && password.value != '')
				var body = { email : email.value, password : password.value };
				body = JSON.stringify(body);
				dreamfactory.makeRequest("POST", "/user/session", body).then(function (response) {
					SESSION_ID = response.session_id;
				}, function (error) {
		        alert("email/Password are required");


	return self;

module.exports = FirstView;


var Promise = require('Promise');
//enter your DSP URI , without the trailing /
var BASE_PATH = "https://dsp-face2edgeonline.cloud.dreamfactory.com";
var END_POINT = "/rest";
//enter the app_name from the app you created to use with titanium
var APP_KEY = "todojquery";
var SESSION_ID = "";
exports.makeRequest = function(method, path, body) {
	var promise = Promise.defer();
    var url = BASE_PATH + END_POINT + path;
    var client = Ti.Network.createHTTPClient();
    client.onload = function(e) {
        try {
            var data = JSON.parse(this.responseText);

        } catch (e) {
    client.onerror = function() {

    client.open(method, url);
    //client.setRequestHeader("Content-Type", "application/json; charset=utf-8");
    client.setRequestHeader("X-DREAMFACTORY-APPLICATION-NAME", APP_KEY);
    client.setRequestHeader("X-DREAMFACTORY-SESSION-TOKEN", SESSION_ID);

    return promise;

Silly Brain!

Titanium Studio uses an Internal Server for web preview. If I copy the mobile web folder from build to an online server like my DSP at home, Apache shows me that it works just fine and ,yes, the code works in Android testing.

That’s great news! Okay, fine!

I am going to submit a New ticket for CORS because my localhost will not work. This may be the reason the internal server didn’t work. Only my exeternal hostname works because the app is actually under my DF host. I can’t tell where the issue is but I will provide more detail for that issue