openfire rest api plugin always response 403 Forbidden

1
votes

I enable the REST API plugin at the plugins page at openfire admin page

And send a GET request to following url by Postman which is an extension of chrome:

http://my.host.com:9090/plugins/restapi/v1/users

And I get this response

Access-Control-Allow-Credentials → true
Access-Control-Allow-Headers → origin, content-type, accept, authorization
Access-Control-Allow-Methods → GET, POST, PUT, DELETE, OPTIONS, HEAD
Access-Control-Allow-Origin → *
Content-Length → 0
Date → Mon, 24 Aug 2015 08:41:42 GMT

I don't know what's wrong in my steps. Could anyone tell me?

Thanks very much

2
xmppopenfire
Are you sure that you get 403 and not 401? Which means that your provided header authorization is not in place or wrong.Roman S.

2 Answers

8
votes

by "enable" the REST API, you may mean "installed" the plugin. because after you successfully installed it. You will have to go to "Server Settings" -> "REST API", and check "Enabled". You may also choose "HTTP Basic Auth" or "Secret key auth" there, then save your changes. Documentation

0
votes

you can't simply just visit the api address, must add authorization to your request header in code:

 httprequest.Headers.Add("Authorization:theSecretKeyInConfigPage");

you can using fidder to mock a httprequest :

GET http://yourdomain.com:9090/plugins/restapi/v1/sessions HTTP/1.1
Accept: application/json
Authorization: yoursecretkey
Host:yourdomain.com:9090