[SOLVED] Calling REST API with the existing authentication data

I want to consume the Springbot API from a 3rd party app, e.g. VBA Excel. I have logged in and able to read cookies from the response object. However, I always get a 401 error on the subsequent request (e.g. call get method of the patient controller).

To simulate this problem, I do the following:

  1. I logged in successfully via a web browser.
  2. I open Postman but do not call the auth/login endpoint. From the response that I have in step 1, I try calling a patient API, pass all the cookies to the header, but I always get a 401 error.

What parameters should I pass to the request?

Problem solved… I passed the AUTH-TOKEN=ejasd…asd; in the request header Cookie and it works using Insomnia :smiley:


Hi @Afriana_Putra_I_B, wonderful to hear your problem is solved.

We do have some documentation on achieving this as well if you run into other issues. For any requests that require mutations (i.e. create, update or delete) you will also have to include the CSRF token and cookie.

The cookie to include is the one with the name XSRF-TOKEN. From this cookie you will need to extract the token and include it in a header with name X-XSRF-TOKEN

You can see how this is achieved in the client-side in the snippet from the authentication.interceptor.ts file below:

let newRequest = req.clone({
    headers: req.headers.set('X-XSRF-TOKEN', this.authenticationService.xsrfToken),

The cookie is collected from the authentication.service.ts using the cookie service.

	* Return the XSRF token received from the server side.
get xsrfToken() {
	return this.cookieService.get(AuthenticationService.XSRF_COOKIE_NAME);

Hope this helps you going forwards.