Archer Community

SathyaPriyan_ · ‎2023-05-08

I have tried to click workflow action button using REST API call with below code from browser console. but it is throwing 405 error(method not allowed) or 403 error(forbidden) when I tried with different verb PUT.

If I try to click the button from REST API console in Archer API template application, then REST API call with POST verb is getting successful.

var xhr = new XMLHttpRequest();
var json_body = {
"ContentId": 123456,
"CompletionCode": 1
"WorkflowNodeId": "12345:CUST"
}
json_body = JSON.stringify(json_body);
xhr = new XMLHttpRequest();
xhr.open('POST',""+BaseURL +"/api/core/system/WorkflowAction", true);
xhr.setRequestHeader("Accept", "*/*");
xhr.setRequestHeader("Authorization", "Archer session-id="+ session);
xhr.setRequestHeader("Content-Type", "application/json");
xhr.send(JSON.stringify(json_body));
xhr.onreadystatechange = function ()
{
if(xhr.readyState == 4)
{
console.log("Processing Request");
if(xhr.status==200)
{
console.log("Workflow button is clicked");
}
else
{
console.log(xhr.status);
}
}
}

Is there something that I missed in the REST API call?

DavidPetty · ‎2023-05-11

Thanks, I missed that part in your other post ; (

Try sending this as a header:

'x-csrf-token': (window.sessionStorage) ? window.sessionStorage.getItem("x-csrf-token") : parent.parent.ArcherApp.globals['xCsrfToken']

Advisory Consultant

View solution in original post

DavidPetty · ‎2023-05-08

@SathyaPriyan_ try removing these lines:

xhr.setRequestHeader("Accept", "*/*");
xhr.setRequestHeader("Authorization", "Archer session-id="+ session);
xhr.setRequestHeader("Content-Type", "application/json");

Being the custom object will run in the context of the user it's not needed.

Advisory Consultant

SathyaPriyan_ · ‎2023-05-11

@DavidPetty Thank you for the input. I tried with below snippet in custom object. But I received 403 forbidden error. I'm trying to send request with "POST" action but system considers the request as GET and throws forbidden error(403).

<script type="text/javascript">
var xhr = new XMLHttpRequest();
Sys.Application.add_load(function() 
{
//xhr = new XMLHttpRequest();
xhr.open('POST',""+ BaseURL +"/api/core/system/WorkflowAction", true);
xhr.send(JSON.stringify({"ContentId": "12345", "CompletionCode":"1", "WorkflowNodeId":"100902:CUST"}));
xhr.onreadystatechange = function () 
{
    if(xhr.readyState == 4)
    {
    console.log("Processing Request");
	console.log(xhr.status);
    	if(xhr.status==200)
    	{
    		console.log("Button is clicked");
    	}
    	else
    	{
    	console.log(xhr.status);
    	}
    }
 }
});
</script>

DavidPetty · ‎2023-05-11

I don't see where you declared the BaseURL variable which might be the problem.

Advisory Consultant

SathyaPriyan_ · ‎2023-05-11

@DavidPetty I hard coded the BaseURL value in my custom code.
For Ex: if URL is https://test.grcarcher.com/apps/ArcherApp/Home.aspx, then I use baseURL as "https://test.grcarcher.com" and I append API URL

/api/core/system/WorkflowAction

Our current Archer version is 6.9 SP3 P2 and FYI, REST API request with POST method to generate session token is working fine.

DavidPetty · ‎2023-05-11

Thanks.

In the JSON you're sending to the API, don't but quotes around the numeric values.

xhr.send(JSON.stringify({"ContentId": 12345, "CompletionCode":1, "WorkflowNodeId":"100902:CUST"}));

Advisory Consultant

SathyaPriyan_ · ‎2023-05-11

Thank you, I tried with removing double quotes for the content id and Completion Code values. But it still gives me 403 error.

DavidPetty · ‎2023-05-11

What do the header and payload looks like in the developer tools?

Advisory Consultant

SathyaPriyan_ · ‎2023-05-11

Please see network headers(blurred request URL and remote address), payload and response screenshots below,

DavidPetty · ‎2023-05-11

@SathyaPriyan_ if you look at the header. The complete URL is missing in comparison to my screenshot.

I'd double-check that the BaseURL variable is set properly.

Advisory Consultant

Archer Community

Save Workflow Action using REST API