Important Update: Archer Community Scheduled Maintenance on November 23–24 - New Community Launching Soon! Learn More..

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Getting permission denied when trying to update record , REST API

mohammedsaneenA
Contributor III

‎2018-10-30 07:11 AM

Hi ,

 

I am Getting permission denied error when trying to use put method on REST API to update record. Any tips on this

0 Kudos
15 REPLIES 15

DavidPetty
Archer Employee
Archer Employee

‎2018-10-30 07:29 AM

Make sure the API user you are using to update the record has update access to the application via a role. And if the application in question has record permission fields the API user needs to be listed in a record permission field that has update access.

 Advisory Consultant

mohammedsaneenA
Contributor III
In response to DavidPetty

‎2018-10-30 07:56 AM

Double checked that, yes he/she has all the permissions to update and create record .

A part of the code I used is this

$.ajax({
url: '*url here',
type: 'PUT',
headers: { 'Content-Type': "application/json",'Accept': "application/json"},
dataType: 'json',
contenttype: 'application/json',
         async: false,
data: *data here,
success: function (data, textStatus, xhr) {
console.log(data);
},
error: function (xhr, textStatus, errorThrown) {
console.log('Error in Operation');
}
});
0 Kudos

DavidPetty
Archer Employee
Archer Employee
In response to mohammedsaneenA

‎2018-10-30 08:02 AM

Thanks, you'll need to pass the CSRF token in the ajax call.   Add the following to attribute in your $.ajax

headers: {
     'x-csrf-token': (window.sessionStorage) ? window.sessionStorage.getItem("x-csrf-token") :  parent.parent.ArcherApp.globals['xCsrfToken']
},

 Advisory Consultant

AndyMiscuk1
Contributor III

‎2018-10-30 08:02 AM

Make sure the account that you have in the REST call has the appropriate rights for the operation you are try to perform.

 

Easy way to test this is to bump the account to sysadmin for a try or two. If it works, you need to refine your permissions on the original account.

 

 

Sent with BlackBerry Work (www.blackberry.com)

0 Kudos

mohammedsaneenA
Contributor III
In response to DavidPetty

‎2018-10-30 08:11 AM

Hi David,

I tried the same but still permission is being denied

$.ajax({
url: '*url,
type: 'PUT',
headers: {
'x-csrf-token': (window.sessionStorage) ? window.sessionStorage.getItem("x-csrf-token") : parent.parent.ArcherApp.globals['xCsrfToken']
},
dataType: 'json',
contenttype: 'application/json',
         async: false,
data: *data,
success: function (data, textStatus, xhr) {
console.log(data);
},
error: function (xhr, textStatus, errorThrown) {
console.log('Error in Operation');
}
});
0 Kudos

mohammedsaneenA
Contributor III
In response to AndyMiscuk1

‎2018-10-30 08:12 AM

Hi Andy,

I have tried the same in sysadmin and still the same occurs .  No luck on that

0 Kudos

AndyMiscuk1
Contributor III
In response to mohammedsaneenA

‎2018-10-30 08:16 AM

Have you verified your URL?

 

 

Sent with BlackBerry Work (www.blackberry.com)

0 Kudos

DavidPetty
Archer Employee
Archer Employee
In response to mohammedsaneenA

‎2018-10-30 08:22 AM

Can you provide the exact error you're getting back?

 

Also make sure that the /api folder isn't protected by SSO and that in IIS the folder security is set as anonymous.

 Advisory Consultant

mohammedsaneenA
Contributor III
In response to AndyMiscuk1

‎2018-10-30 08:23 AM

Yes Andy , URL is fine.

0 Kudos