Question

Get error 403 denied when uploading a file via FilePIService

Hello

I am making a small python application that can upload and attach files to creatio.

Connection and authentication to creatio is ok.

I can use /0/odata to get value from creatio (in the sam script with the same session).

 

I get a 403 when using  /0/rest/FileApiService/UploadFile.

Here is my request uri that I send via a Post

https://CreatioURL/0/rest/FileApiService/UploadFile?fileapi165097538874…

 

My request with headers:

POST /0/rest/FileApiService/UploadFile?fileapi165097538874218&totalFileLength=106789&fileId=a00a2990-87d3-4cc8-a96a-465243dfc6ba&mimeType=application%2Fpdf&columnName=Data&fileName=INV-10699-SAF.pdf&parentColumnName=Invoice&parentColumnValue=ff4a0279-1e86-4983-918b-fefd28483df3&entitySchemaName=InvoiceFile HTTP/1.1\r\nHost: creatiosite.com\r\nUser-Agent: python-requests/2.27.1\r\nAccept-Encoding: gzip, deflate, br\r\nAccept: application/json\r\nConnection: keep-alive\r\nForceUseSession: true\r\nContent-Type: application/pdf\r\nCookie: .ASPXAUTH=; BPMCSRF=zaZ0DPSfWLLw8otH5Vzwu.; BPMLOADER=klb0towmoqgvkw0pn4n5hzdy; UserName=97|110|116|111|105|110|101|46|103|105|108|108|105|101|114|111|110\r\nContent-Length: 106789\r\n\r\n'

 

 

 

Like 0

Like

8 comments
Best reply

Hello Antoine,

It's not enough to include the cookies from the original request. You have to also read the value of the BPMCSRF cookie and add to header as well as "BPMCSRF" (it's looking for this specific header, not a cookie with this value). Does that make sense?

Basically, after the authentication request, copy the value of the BPMCSRF cookie and add a BPMCSRF header with that cookie value.

Ryan

Hello,

 

Mostly seems that there is no separate BPMSCRF header in the request you are sending (it's the most common issue for 403 error in Postman). Try adding it as below:

Best regards,

Oscar

Hello

Thank you for your answer, I m sending the request via a "session" object in python. Creating the object session when authenticating so it keeps all cookies. You can see in my request header that the BPMCSRF parameter is present in the header cookie. Making a "get" request to odata with the same session works. Meaning the BPMSCRF value is correctly received by Creatio.

I suspect a bad particular header or request parameter!

For example, what is the purpose of the first request parameter:fileapi165097538874218 ?

I got this one by capturing a request with fiddler.

Thank you

Hello Antoine,

It's not enough to include the cookies from the original request. You have to also read the value of the BPMCSRF cookie and add to header as well as "BPMCSRF" (it's looking for this specific header, not a cookie with this value). Does that make sense?

Basically, after the authentication request, copy the value of the BPMCSRF cookie and add a BPMCSRF header with that cookie value.

Ryan

Ryan Farley,

Hello

Thank you for your answer

Now I get reply: 'HTTP/1.1 200 OK\r\n' response.

But my file is not beeing created in Creatio. 

Do you know if I have to create the object prior to uploading the file content with the file api (/0/rest/FileApiService/UploadFile)?

Thank you 

 

Antoine Gilliéron,

Looks like you'te validating fine now, but the request is missing something.

When I do it, I include the following (looks like you have these accounted for, but just listing for something to check):

 

Headers:

  1. Content-Disposition = attachment; filename=TheFile.docx
  2. Content-Length = size in bytes
  3. Content-Range = bytes 0-{size in bytes - 1}/{size in bytes}

Query String Parameters:

  1. totalFileLength = size in bytes
  2. fileId = new guid id value
  3. columnName = "Data"
  4. fileName = "TheFile.docx"
  5. parentColumnName = "Invoice"
  6. parentColumnValue = the invoice Id
  7. entitySchemaName = "InvocieFile"

Request Body:

  1. "application/octet-stream" = the file bytes

Ryan

Antoine Gilliéron,

Also, to confirm:

Do you know if I have to create the object prior to uploading the file content with the file api 

No, there's no need to create the record separately first.

Hello Ryan

I was missing some of the headers and the correct Content-Type.

Now everything works as expected.

Thank you so much for your help.

I am trying to make the same request, but it returns 200 but with a json saying it gave an error.

{
    "errorInfo": {
        "errorCode": "FileNotFoundByLocatorException",
        "message": "File not found by locator 'Terrasoft.File.EntityFileLocatorEntitySchemaName=ActivityFile, RecordId=2b796759-8846-41b9-9c2b-cfd428493b3c'",
        "stackTrace": "   at Terrasoft.File.File`2.get_FileMetadata()\r\n   at Terrasoft.File.File`2.InitContentStorageId()\r\n   at Terrasoft.File.File`2.<WriteAsync>d__45.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at Terrasoft.Common.Threading.AsyncPump.Run(Func`1 asyncMethod)\r\n   at Terrasoft.Configuration.FileUpload.FileUploader.Upload(IFileUploadConfig fileUploadConfig)\r\n   at Terrasoft.Configuration.FileUpload.FileUploader.UploadFile(IFileUploadConfig fileUploadInfoConfig)\r\n   at Terrasoft.Configuration.FileUpload.FileUploader.UploadFile(IFileUploadInfo fileUploadInfo, Boolean isSetCustomColumns)\r\n   at Terrasoft.Configuration.FileApiService.UploadFile(Stream fileContent)"
    },
    "success": false,
    "nextPrcElReady": false,
    "queryId": null,
    "responseStatus": {
        "ErrorCode": "FileNotFoundByLocatorException",
        "Message": "File not found by locator 'Terrasoft.File.EntityFileLocatorEntitySchemaName=ActivityFile, RecordId=2b796759-8846-41b9-9c2b-cfd428493b3c'",
        "StackTrace": "   at Terrasoft.File.File`2.get_FileMetadata()\r\n   at Terrasoft.File.File`2.InitContentStorageId()\r\n   at Terrasoft.File.File`2.<WriteAsync>d__45.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at Terrasoft.Common.Threading.AsyncPump.Run(Func`1 asyncMethod)\r\n   at Terrasoft.Configuration.FileUpload.FileUploader.Upload(IFileUploadConfig fileUploadConfig)\r\n   at Terrasoft.Configuration.FileUpload.FileUploader.UploadFile(IFileUploadConfig fileUploadInfoConfig)\r\n   at Terrasoft.Configuration.FileUpload.FileUploader.UploadFile(IFileUploadInfo fileUploadInfo, Boolean isSetCustomColumns)\r\n   at Terrasoft.Configuration.FileApiService.UploadFile(Stream fileContent)",
        "Errors": null,
        "Meta": null
    },
    "rowsAffected": -1
}

I have added all the header and parameters correctly and also the file in the body.

 

Show all comments