Hi-
I have been running into a bit of a weird issue. I am trying to use the PostMan client to hit a REST API. Using the client, I get a 401. If I take the exact same information and use the PostMan Chrome Extension, I get a 200. Reading the forums, someone mentioned that the REST API needs to have CORS enabled (because PostMan is basically a webapp), but I am a little confused as to how I would do that. Any ideas?
First, I would stop using the Chrome extension since it’s not supported anymore and would be incredibly hard to debug.
Secondly, CORS is enabled usually by the API your using, so are you the creator of this API?
Something must work. Check the extension for any missing headers you have in the Postman app.
What API are you trying to reach?
Hey Kyle-
Yes. I am the creator of the API. I was able to use the API successfully via the Chrome client with Interceptor turned off.
The API currently uses a header of Auuhentication-Token to validate the user. If I turn off authentication, the PostMan client works fine.
Seems like there is something behind the scenes that is preventing the authentication from going through.
Hmm I haven’t been able to use interceptor on my own machine yet.
However, it shouldn’t create a problem.
Yes you need to enable CORS. When using the Chrome extension your just “overlaying” what you need with the proper cookies and etc in your cache I believe.
Also your making the call from your browser.
Postman is making the call outside of your browser as an outside source.
There’s a few things to check for.
First, make sure you have CORS enabled in your API or it won’t allow crossdomain requests (i.e. Postman or anything that has a different domain or address from your API will not be allowed)
There’s different ways to do this in Apache, Express, Python-Flask, etc. Depends on hosting and framework.
Secondly, Make sure your header in Postman is including the Authorization
header with the Bearer <Token>
and make sure you are creating a valid token as well in your API.
What framework are you using? What are you hosting on? Are you using a library to generate and validate access tokens?