Can not access api with query param, but auth headers

ArturS · January 6, 2021, 12:26pm

Hello,

I cant access the API over query params. If I use the token in the request headers, everything works fine. Over the query param I am always getting “Unauthorized” error as json payload, not an HTTP error code.

Do I need to change the configuration of nginx or cockpit itself? Cockpit is also running in a subfolder, hosted on a strato server. Our server admin guys told me, they needed to change the nginx config to the subfolder. Because I had issues with the redirect.

Hopefully you can help me.
Kind regards

pixelkarma · January 8, 2021, 6:46am

Your API-KEY, are the rules set to * (asterisk)?

Does the URL you are using have the token in it?

/api/whatever?token=YOURTOKEN

ArturS · January 8, 2021, 11:53am

I am using the master-api-key.
Yes the token is in the url, that is what I mean with query params.
This token is working, if it is in the request header as mentioned in the documentation API.
The only method, which does not work is the query parameter, the others are working.
Unfortunately the query paramter method is the only one supported of the gatsby-cockpit-plugin, because I want to use Cockpit CMS with gatsby.

pixelkarma · January 8, 2021, 7:52pm

The following worked for me:

fetch("http://domain.com/api/collections/get/Pages", {
   "method": "GET",
   "headers": {
     "Cockpit-Token": "KEY_GOES_HERE"
   }
})

Or, if you prefer cURL

curl --request GET
–url http://domain.com/api/collections/get/Pages
–header ‘Cockpit-Token: KEY_GOES_HERE’ \

Also, a direct URL

http://domain.com/api/collections/get/Pages?token=KEY_GOES_HERE

After some searching, I have noticed this is a problem for other people, this also works:

"headers": {
"Authorization": "Bearer KEY_GOES_HERE"
}

Are you able to provide some sample code?