Product: TIBCO Spotfire®
Error when implementing Spotfire Server public Web Service API: The request failed with HTTP status 403.
When implementing Spotfire Server public Web Service API, users might come across the forbidden 403 error on invoking any of the API methods.
Error message: The request failed with HTTP status 403.
OR
The remote server returned an error: (403) Forbidden.
Detailed error message:
====================================
System.Net.WebException was unhandled
HResult=-2146233079
Message=The request failed with HTTP status 403: .
Source=System.Web.Services
StackTrace:
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at ServerAPITestNew.spotfirepublicws1.UpdateAnalysisServiceImplService.loadAnalysis(UpdateAnalysis updateAnalysis)
====================================
There are two options to resolve the issue.
1). Disable CSRF protection. The following are steps to disable CSRF protection (Press return / Enter after every command):
==========================
- Launch command prompt on the Spotfire server to export the Spotfire configuration using the following command:
- Run the following command to disable CSRF protection:
- Run the following command to import the configuration to Spotfire database:
- Restart the Spotfire Server Service.
2). Handle the CSRF protection in the code itself.
- When CSRF is enabled, after the initial call to the webservice the server sets JSESSIONID and XSRF-TOKEN. The client has to read these cookies set by the server and pass them in subsequent requests. It has to set a custom header X-XSRF-Token, JSESSIONID and XSRF-TOKEN in cookies to maintain the session. If the server sets a new XSRF-TOKEN then the new token should be sent in subsequent requests.
- There is also a community article which talks about the same and has an example implementation as well.
https://community.tibco.com/wiki/tibco-spotfire-server-web-services-api-examples-library-and-user-directory-services
About CSRF protection in context of Spotfire web services, you may want to check the documentation link below:
https://docs.tibco.com/pub/sfire_dev/area/doc/api/TIB_sfire_server_WebServices_API_Reference/index.html https://docs.tibco.com/pub/sfire_dev/area/doc/api/TIB_sfire_server_WebServices_API_Reference/index.html
https://community.tibco.com/wiki/tibco-spotfire-server-web-services-api-examples-library-and-user-directory-services
https://d2wh20haedxe3f.cloudfront.net/sites/default/files/wiki_files/spotfire_server_api_samples.pdf
Comments
0 comments
Article is closed for comments.