I am getting a HTTP 403 (Forbidden) error when I call the OData $batch request on my developer instance. It does not matter what requests I pass to it. It also occurs when I use the example $batch request provided by the Creatio postman environment.
Do developer instances support batch requests? Is there an option I can enable to allow batch requests?
Like
Mobileforce Support,
The answer to the POST request to /AuthService.svc/Login will be a set of session cookies needed for further requests execution. One of those cookies (BPMSCRF cookie) values should be specified as a separate BPMCSRF header value for further POST\PUT\PATCH requests. So once you are authenticated via postman you need to copy the value of the received BPMCSRF cookie and set it as a header value for further requests in the following manner:
After that, you can try calling the OData endpoints via POST requests and they should succeed.
Thank you for contacting the Creatio technical support team. If you have any further questions, please send them as a reply to this email.
Thank you for choosing Creatio!
Hello,
I've shared some documentation that will help you:
OData | Creatio Academy
Best regards,
Orkhan
Orkhan,
Thanks, but I've already read the documentation and was able to get other OData calls to work successfully. It is only the batch request is not working for me.
Typically, a HTTP 403 error means that a user is trying to access a page or API that they do not have permission for. Hence why I was asking whether there is some system configuration option I need to set. I am trying to access this as the Supervisor user on my development instance.
Mobileforce Support,
The answer to the POST request to /AuthService.svc/Login will be a set of session cookies needed for further requests execution. One of those cookies (BPMSCRF cookie) values should be specified as a separate BPMCSRF header value for further POST\PUT\PATCH requests. So once you are authenticated via postman you need to copy the value of the received BPMCSRF cookie and set it as a header value for further requests in the following manner:
After that, you can try calling the OData endpoints via POST requests and they should succeed.
Thank you for contacting the Creatio technical support team. If you have any further questions, please send them as a reply to this email.
Thank you for choosing Creatio!
Orkhan,
Thanks, that was the issue. I did not realize that the BPMCSRF cookie also had to passed in as HTTP header as well.