issue with api while adding bearer token in headers api gives error 403 forbidden on other server it is working fine but issue is with server having aapanel
API Issue with aapanel
Madhvi
Please check the [ request_check ] function of /www/server/panel/BTpanel/__init.py
aaPanel_Jose what should i need to check in this there is a big code under request_check
do need to made any changes over there to run may API with token in header.
any update regarding this
Madhvi
Please check
if the URL length has exceeded 1024 bytes
if the path length has exceeded 128 bytes
if the post key has exceeded 48 bytes
if the post value has exceeded 256 bytes
17 days later
aaPanel_Jose
if len(request.path) > 128: return abort(403)
if len(request.url) > 1024: return abort(403)
if len(k) > 48: return abort(403)
if len(pdata[k]) > 256: return abort(403)
ALL these parameters are like this
It gives me error 401 what could be the reason of that my API's are not working
Madhvi
Please check if BasicAuth authentication is enabled on your panel setting
- Edited
aaPanel_Jose
checked on panel settinng
there is BasicAuth authentication is closed
when i tried to set open it ask for username and passowrd
do i need to add random username and password
but in api we use token so could it be relate
any update with this
Madhvi
Please check line 151 of the /www/server/panel/BTPanel/init.py file to see if your request triggered this judgment
In addition, please check whether your api whitelist has added the ip you used for the request
aaPanel_Jose
if not 'login' in session and not 'admin_auth' in session and not 'down' in session:
If I comment this line do it effect to any other functionality.
aaPanel_Jose
no change with the ip whitelisting
if request.path.find('/static/') != -1 or request.path == '/code':
if not 'login' in session and not 'admin_auth' in session and not 'down' in session:
session.clear()
return abort(401)
i dont't have idea with these parametersis there any idea to ignore this command so that my api will work
Madhvi
Can you show me your api method and parameters?
aaPanel_Jose
//MARK:- Post & Get Api Interaction
func postData(urlStr: String, params: Dictionary? = nil, showIndicator: Bool = true, completion: @escaping (ApiResponse?) -> Void) {
if NetworkReachabilityManager()!.isReachable {
if showIndicator {
Proxy.shared.showActivityIndicator()
}
AF.request("\(Apis.serverUrl)\(urlStr)",
method: .post,
parameters: params!,
encoding: URLEncoding.httpBody,
headers:[ "Authorization": "Bearer \(Proxy.shared.accessTokenNil())",
"User-Agent":"\(AppInfo.userAgent)"]).responseJSON { response in
debugPrint("Url,\(Apis.serverUrl)\(urlStr), Acces-Token, \(Proxy.shared.accessTokenNil())")
debugPrint("PostParam", "\(params!)")
Proxy.shared.hideActivityIndicator()
if response.data != nil && response.error == nil {
debugPrint("RESPONSE",response.value!)
debugPrint("JSON-RESPONSE", NSString(data: response.data!, encoding: String.Encoding.utf8.rawValue)!)
let dict = response.value as? [String:AnyObject]
if let dateCheck = dict!["datecheck"] as? String {
if !Proxy.shared.expiryDateCheckMethod(expiryDate: dateCheck) {
return
}
}
if response.response?.statusCode == 200 {
let res : ApiResponse?
res = ApiResponse(jsonData: response.data!, data: dict, message: dict!["message"] as? String ?? AlertTitle.success)
completion(res!)
} else if response.response?.statusCode == 400 {
Proxy.shared.displayStatusCodeAlert( dict!["error"] as? String ?? AlertTitle.error)
} else {
self.statusHandler(response.response, data: response.data, error: response.error as NSError?)
}
} else {
self.statusHandler(response.response, data: response.data, error: response.error as NSError?)
}
}
} else {
Proxy.shared.hideActivityIndicator()
Proxy.shared.openSettingApp()
}
}
func getData(urlStr: String, showIndicator: Bool = true, completion: @escaping (ApiResponse?) -> Void) {
if NetworkReachabilityManager()!.isReachable {
if showIndicator {
Proxy.shared.showActivityIndicator()
}
AF.request("\(Apis.serverUrl)\(urlStr)",
method: .get, parameters: nil,
encoding: JSONEncoding.default,
headers:[ "Authorization": "Bearer \(Proxy.shared.accessTokenNil())",
"User-Agent":"\(AppInfo.userAgent)"] ).responseJSON { response in
debugPrint("Url,\(Apis.serverUrl)\(urlStr), Acces-Token, \(Proxy.shared.accessTokenNil())")
Proxy.shared.hideActivityIndicator()
if response.data != nil && response.error == nil {
debugPrint("RESPONSE",response.value!)
debugPrint("JSON-RESPONSE", NSString(data: response.data!, encoding: String.Encoding.utf8.rawValue)!)
let dict = response.value as? [String:AnyObject]
if let dateCheck = dict!["datecheck"] as? String {
if !Proxy.shared.expiryDateCheckMethod(expiryDate: dateCheck) {
return
}
}
if response.response?.statusCode == 200 {
let res : ApiResponse?
res = ApiResponse(jsonData: response.data!, data: dict, message: dict!["message"] as? String ?? AlertTitle.success)
completion(res!)
} else if response.response?.statusCode == 400 {
Proxy.shared.displayStatusCodeAlert( dict!["error"] as? String ?? AlertTitle.error)
} else {
self.statusHandler(response.response, data: response.data, error: response.error as NSError?)
}
} else {
self.statusHandler(response.response, data: response.data, error: response.error as NSError?)
}
}
} else {
Proxy.shared.hideActivityIndicator()
Proxy.shared.openSettingApp()
}
}
\aaPanel_Jose
its post and get method i am used
"LoginForm[username]": request.email! as AnyObject ,
"LoginForm[password]": request.password! as AnyObject ,
"LoginForm[device_token]" : "(Proxy.shared.deviceToken())",
"LoginForm[device_type]" : "(DeviceInfo.deviceType)",
"LoginForm[device_name]" : "(DeviceInfo.deviceName)"
login parameters
any update on this
aaPanel_Jose
Hi any update with this issue
Hello@Madhvi#13222
I checked your code and found that your parameters may not meet the api request specification, please refer to the API documentation we provide