Shop

Your Notifications (0)

There are currently no notifications. You're all set!

Demos Trials
Knowledge Base
ChemDraw and ChemOffice+ Products Signals Notebook E-Notebook and ChemBioOffice Enterprise Spotfire and Signals Spotfire Products Columbus Signals Image Artist
Downloads
Downloads
Community
Support Forums Ideas Portal Product Basics
About Support
Legal Resources Support and Maintenance Plans Product Life Cycle Support News
Contact Support

Error when implementing Spotfire Server public Web Service API: The request failed with HTTP status 403.

Rich Talbot
Date Posted:
Product: TIBCO Spotfire®

Problem:

Error when implementing Spotfire Server public Web Service API: The request failed with HTTP status 403.


Solution:

When implementing  Spotfire Server public Web Service API, users might come across the forbidden 403 error on invoking any of the API methods.
Error message: The request failed with HTTP status 403.
OR
The remote server returned an error: (403) Forbidden.

Detailed error message:
====================================
System.Net.WebException was unhandled
  HResult=-2146233079
  Message=The request failed with HTTP status 403: .
  Source=System.Web.Services
  StackTrace:
       at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
       at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
       at ServerAPITestNew.spotfirepublicws1.UpdateAnalysisServiceImplService.loadAnalysis(UpdateAnalysis updateAnalysis)
==================================== There are two options to resolve the issue.

1). Disable CSRF protection. The following are steps to disable CSRF protection (Press return / Enter after every command):
==========================

  • Launch command prompt on the Spotfire server to export the Spotfire configuration using the following command:
  config export-config 
  • Run the following command to disable CSRF protection:
  config config-csrf-protection --enabled=false
  • Run the following command to import the configuration to Spotfire database:
   config import-config -c "Disabled CSRF protection"
  • Restart the Spotfire Server Service.
=======================
2). Handle the CSRF protection in the code itself.
  • When CSRF is enabled, after the initial call to the webservice the server sets JSESSIONID and XSRF-TOKEN. The client has to read these cookies set by the server and pass them in subsequent requests. It has to set a custom header X-XSRF-Token, JSESSIONID and XSRF-TOKEN in cookies to maintain the session. If the server sets a new XSRF-TOKEN then the new token should be sent in  subsequent requests.
  • There is also a community article which talks about the same and has an example implementation as well.
    https://community.tibco.com/wiki/tibco-spotfire-server-web-services-api-examples-library-and-user-directory-services
The sample example (tss_wsapi_csharp) which handles above scenario and the documentation are attached to this article.

About CSRF protection in context of Spotfire web services, you may want to check the documentation link below:
https://docs.tibco.com/pub/sfire_dev/area/doc/api/TIB_sfire_server_WebServices_API_Reference/index.html https://docs.tibco.com/pub/sfire_dev/area/doc/api/TIB_sfire_server_WebServices_API_Reference/index.html
https://community.tibco.com/wiki/tibco-spotfire-server-web-services-api-examples-library-and-user-directory-services
https://d2wh20haedxe3f.cloudfront.net/sites/default/files/wiki_files/spotfire_server_api_samples.pdf
 

Related articles