I have been running into a bit of a weird issue. I am trying to use the PostMan client to hit a REST API. Using the client, I get a 401. If I take the exact same information and use the PostMan Chrome Extension, I get a 200. Reading the forums, someone mentioned that the REST API needs to have CORS enabled (because PostMan is basically a webapp), but I am a little confused as to how I would do that. Any ideas?
Hmm I haven’t been able to use interceptor on my own machine yet.
However, it shouldn’t create a problem.
Yes you need to enable CORS. When using the Chrome extension your just “overlaying” what you need with the proper cookies and etc in your cache I believe.
Also your making the call from your browser.
Postman is making the call outside of your browser as an outside source.
There’s a few things to check for.
First, make sure you have CORS enabled in your API or it won’t allow crossdomain requests (i.e. Postman or anything that has a different domain or address from your API will not be allowed)
There’s different ways to do this in Apache, Express, Python-Flask, etc. Depends on hosting and framework.
Secondly, Make sure your header in Postman is including the Authorization header with the Bearer <Token> and make sure you are creating a valid token as well in your API.
What framework are you using? What are you hosting on? Are you using a library to generate and validate access tokens?