Problem to access DreamFactory APIs from PostMan(Google Chrome Client)


I’m trying to consume the DreamFactory server services, but still unsuccessful.

I followed several posts of similar problems and tutorials, but I continue with the problem.

I’ve created a service that sends email using my Google account. Inside the DF server (PHPAdmin), it works, but I want to test the service through PostMan and it shows the error 403 (Forbidden)

Steps I’ve already taken:

  1. Enabled CORS

2)Create an APP

  1. Create a Role

  2. Create User and Confi Role

  3. Work fine in Server

  4. Problem in PostMan - Without Api Key

  5. Problem in PostMan - With Api Key

The API Key you appear to be using is for your SendMailGoogle application, but should be your API Key from the API_Docs application that DreamFactory builds natively. Without it, the authentication fails when called from Postman.

You may also need to pass a session token (as described in the last image you posted)

darrelv, thank you por reply.

The only method I have in Api Docs is to search the description of services with Swagger. Where do I find the api_key of api_docs?

Yes, but for any service to function, i need acess DreamFactory Server from Postman.

Thank you

@eduardo the API_KEY can be found in Apps tab, all apps have an API_KEY associated with them including admin app and API docs.

The reason you’re getting a 403 is because without the session token, you do not have permission to access the service (from your screenshots I am assuming you want the user to be logged in to do so). From your screenshots it looks like you are setting up the API key correctly (it should be the SendMailGoogle key, as this is the application you have assigned your user the liberado role in), but you need to authenticate the user by adding the session token. This is easily done in Postman by setting the X-DreamFactory-Session-Token header, as shown in your last screenshot (the same process as for the API key). To get the session token value, you can perform a login request and look for the session token in the information returned.


Sorry I didn’t look closely enough at your 7th screenshot, I see now that you can’t even get a session token.

The API Key should still be that of your application (SendMailGoogle). Assuming you have POST access as one of the 5 selected in the 3rd screenshot, it should work. You could try specifically adding POST access to the ‘session’ component of the ‘user’ service for the liberado role.

The API Keys for all your applications, and for those provided by DF,
can be found from the Apps menu item on the Admin Console.

1 Like