I have a service that is allowing access without actually handing off a token value. How do I fix this? It acts like it doesn’t allow guest access if I don’t add in the authentication type header, but if I hand it that header without the token it just doesn’t care.
curl -X GET --header “Accept: application/json” --header “X-DreamFactory-Api-Key: 36fda24fe5588fa4285ac6c6c2fdfbdb6b6bc9834699774c9bf777f706d05a88” --header “Authorization: Basic ekBnLmNvbTphYmMxMjM=” http://localhost:8082/api/v2/jfani_db/_schema
Returns:
{“resource”:[{“name”:“clients”},{“name”:“Collateral”},{“name”:“Contracts”},{“name”:“debts”},{“name”:“LoanPackageHistory”},{“name”:“Loans”},{“name”:“Notes”},{“name”:“Packages”},{“name”:“Payments”},{“name”:“Tasks”}]}
while
curl -X GET --header “Accept: application/json” --header “X-DreamFactory-Api-Key: 36fda24fe5588fa4285ac6c6c2fdfbdb6b6bc9834699774c9bf777f706d05a88” http://localhost:8082/api/v2/jfani_db/_schema
returns:
{“error”:{“context”:null,“message”:“No session token (JWT) provided. Please provide a valid JWT using X-DreamFactory-Session-Token request header or ‘session_token’ url query parameter.”,“code”:400}}
Like it is supposed to. The first example should be returning this same value because there is no valid token being passed.