Authentication API
I have hit a wall and any help would be greatly appreciated.
I am trying to retrieve the user token via the api. Now, when I use the snippet on the developer site and make my changes I get this
Access to XMLHttpRequest at 'http://mysite:8082/api/v1/authentication/login' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
When I change datatype to jsonp this error goes away and is replaced with this.
GET http://scpdsisensedev:8082/api/v1/authentication/login?callback=<user data> net::ERR_ABORTED 403 (Forbidden)
Researching several sites on ajax and CORS, the community here has resulted in no fruit.
Any thoughts or ideas? Thanks in advance for the help.
-
Hi Edward,
If you're getting this error - I assume you're trying to call this API from a client-side script (from within an HTML page) and thus getting the CORS error.
For that to work, CORS has to be enabled via the Sisense settings API, as explained here:
However, I would generally advise against doing so - the login endpoint expects a username and password in the request payload, and this type of information should never be hard-coded in a client-side script as it would be easy to obtain - The only exception to this is if the referring page is a login page in which the user is expected to input this information.Alternatively, if you are trying to retrieve a token for a user that is already logged in (via SSO for example) then the /login endpoint isn't the right one - it will cause the user to lose their session as it re-generates the token. Instead, the token can be found as part of the user's "prism" cookie created when they are logged in to Sisense.
Please sign in to leave a comment.
Comments
1 comment