Wanting to GET some data without authorization token. Code 401

Hi All

I have a DF set up to access an external MySQL database. Some of the data I want to access without authorization and others using JWT tokens. as far as I know DF was designed to do this but I ma failing to get data without tokens.

Here is what I have done so far.

  1. Gone To Services -> Users -> Config and Allowed Open Registrations
  2. Same place as above set Open reg email service to blank
  3. In Roles set 2 roles, one Guest the other MobileAppUser.
  4. Given GET access to the tables in my DB that I do not need authorization to the guest account
  5. Given GET and POST permissions to the MobileUserApp.
  6. Gone to Apps, Manage MyApp and set “Assign a Default Role” to Guest. Note the hint specifically states “Unauthenticated or guest users will have this role”.

Now using Google Chrome’s REST console (built in Swagger bypasses authorization) I have set my headers correctly with the API Key and the API name but I get an error of “unauthorized Code 401”. Bear in mind I can access data with a token, so one would think I have missed a step in DF not in the GET using REST console.

Anyone know what I am missing here?


what do you mean API Name header?
DreamFactory only needs a header called X-DreamFactory-API-Key
In version 1.9 there was a header called X-DreamFactory-Application-Name, but it is now deprecated.

Thanks for the reply. Firstly I did not know X-DreamFactory-Application-Name was deprecated. I am using X-DreamFactory-API-Key.

My header (written in PHP for curl) looks like this and works for getting tables when there is a token.

$headr = array();
$headr[] = ‘Content-type: application/json’;
$headr[] = ‘Accept: application/json’;
$headr[] = ‘DreamFactory-Application-Name: MobileHeroDB’;
$headr[] = ‘X-DreamFactory-Session-Token :’. $sessiontoken;
$headr[] = 'X-DreamFactory-Api-Key : d18fxxxxxxxxxd1ffce16df013a3a35b0462xxxxxxxxxxxxxxx’4;

This works but needs a session token. How to access a table without a session token is the issue I face.

PS I will remove Application-Name, thanks for the tip.

To access without a session, you will need to create a role that allows access to whichever services you prefer.
Then in your application management add that role as the default role for the app.

Then any calls made with that API key, if not accompanied by session information, will be granted access based on the default role.

Thanks Drew. However that is what I expected to happen and it did not. I have a Guest role as you can see from my post here. I did all you say and I still get denied with a 401.

Hi @drewpearce , what if I want to make only authenticated requests using the session token to get the data? I am new to dreamfactory. I created a role which has the GET, POST access to a table. I assigned this role to an App. When I make a post request just using the API Key, I am able to do it successfully but what I would like to have is along with API key I also want to send the session token, validate it and then make the successful post request. I tried using scripts for pre post process but nothing worked. Can you please point me in the right direction?

you need to assign the role to the user for in relation to that app. NOT as the default role for that app.

Awesome! Thanks a ton Drew!

1 Like