Page 1 of 1

Javascript with fetch API : Error403 with X-Rejection-Reason:AnonymousQuotaPerDay

Posted: Wed Jan 09, 2019 9:51 am
by jdargaud
Hi there,

I am trying to put up a request on OPS V3.2 from a javascript application running in my browser (firefox).
I send a first request using the fetch API :

Code: Select all

fetch('https://ops.epo.org/3.2/auth/accesstoken',
  {
    method: 'POST',
    headers:{
      'content-type': 'application/x-www-form-urlencoded',
      'Authorization': 'Basic ' + window.btoa(userkey+':'+secretkey)
    },
    body: 'grant_type=client_credentials'
  }
)
which works fine, I get in a code 200 answer with an access_token :D .
However, when I try next to send a POST request using the same method

Code: Select all

fetch('https://ops.epo.org/3.2/rest-services/published-data/{publication}/{epodoc}/biblio',
  {
    method: 'POST',
    headers:{
      'Accept': 'application/exchange+xml',
      'Authorization': 'Bearer '+ token
    },
    body: 'EP1000000.A1'
  }
)
where token is the access_token obtained before,
I get the 403 code error with X-Rejection-Reason:AnonymousQuotaPerDay on the "pre-flight" request, i. e. when firefox tests whether the server is cross-domain compliant. Obviously, I get afterwards a networking error stating that my request does not satisfy the cross-domain policy and Firefox does not send the main request.

I get the feeling that my credentials are ok, since in the first request, I can see my email adress in the answer body (under developer.email). Then why would I be treated as anonymous?

Can anyone shed some light here ? That would be most appreciated.
Best regards,

JB Dargaud

Re: Error403 with X-Rejection-Reason:AnonymousQuotaPerDay

Posted: Wed Jan 09, 2019 1:53 pm
by EPO / OPS Support
Hi,

Your POST request seems incorrect and it seems you are not using your token in that request at all, this is why you are getting this anonymous access error.

If you want to test POST, use Developers testing console

Regards,
Vesna for OPS support

Re: Error403 with X-Rejection-Reason:AnonymousQuotaPerDay

Posted: Wed Jan 09, 2019 4:12 pm
by jdargaud
Hi there,

I do use the token in the second POST

Code: Select all

'Authorization': 'Bearer '+ token
where token is a variable whose value is the access_token.
A console log just before the request confirms this.

I managed some minutes ago to get the document, however I do not know how, I know went back to the same error message.
I tried with postman, where it works OK. I even used postman to get the token and put it hard coded in my script, to no avail. I suspect somethig is wrong with my fetch request, but I do not see what.
Maybe the application header ?
Also, I do not understand how I pass the payload of the request : a simple string in the body ?

When I will get this running, I will post a minimal working exemple to serve other users who wants to implement OPS in a javascript application.

Re: Javascript with fetch API : Error403 with X-Rejection-Reason:AnonymousQuotaPerDay

Posted: Fri Jan 11, 2019 11:15 am
by jdargaud
The plot thickens...
When I try on my computer at home, I manage to fetch whatever I want. However on my computer at work, it fails with the same code.
Headers sent are identical except for the firefox version used: 60 at work and 64 at home.
To resume :

Code: Select all

function userAction ()
{
    //get access token for registration
    fetch('https://ops.epo.org/3.2/auth/accesstoken',
	  {
	      method: 'POST',
	      headers:{
		  'Content-Type': 'application/x-www-form-urlencoded',
		  'Authorization': 'Basic ' + window.btoa("appKey:secretKey")
	      },
	      body: 'grant_type=client_credentials'
	  }
	 )
	.then( //authentication fetch.then
	    (resp) => resp.json())
	.then( // json.then
	    function (data){
			getData(data.access_token);//Now that I have a token, I can send the real request
	    }
	)
    .catch(//authentication fetch.catch
	    function (error){
			console.log('error1'+error);
	    }
	)
}
And then, upon succeding in obtaining a valid token, I send the GET request:

Code: Select all

function getData(token){
    console.log('success in getting access token: '+ token);
    // true call
    fetch('https://ops.epo.org/3.2/rest-services/published-data/publication/epodoc/EP10000000.A1/biblio',
	  {
	      method: 'GET',
	      headers:{
			'Authorization': 'Bearer '+ token
	      }
	  }
	 )
	.then( //fetch 2.then
	    (resp2) => resp2.text()
		.then( //text 2.then
		    function (data){
			console.log(data);
		    }
		)
		.catch( //text 2.catch
		    function (error){
			console.log(error);
		    }
		)
	)
	.catch( //fetch 2.catch
	    function (error){
		console.log('fetch error '+error);
	    }
	)
}
For the first request, the pre-flight header is

Code: Select all

https://ops.epo.org/3.2/auth/accesstoken
Host: ops.epo.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,fr;q=0.8,fr-FR;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization
Origin: null
Connection: keep-alive
For the second, it is:

Code: Select all

https://ops.epo.org/3.2/rest-services/published-data/publication/epodoc/EP10000000.A1/biblio
Host: ops.epo.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,fr;q=0.8,fr-FR;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: null
Connection: keep-alive
The only difference is that one is a POST and the other one is a GET. Both works prefectly fine with POSTMAN or the API console...
Does anyone have a insightful idea of what may cause this problem? Maybe a firewall or something?