Created 02-09-2022 04:37 AM
I am running nifi locally using docker, I tried to generate token using the following url and obtained token successfully
https://localhost:8443/nifi-api/access/token
but when I tried to make POST call to the following URL, I received 403 error code. I used same token generated with above request, can anyone suggest what am I doing wrong?
Created 02-13-2022 05:24 PM
@Chhavi ,
Please try this:
curl -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'username=bob&password=supersecret1' \
"https://nifi-1.example.org:8443/nifi-api/access/token"
Regards,
André
Created on 09-27-2022 08:05 AM - edited 09-27-2022 09:01 AM
I was facing the same response using postman and getting a 403 when calling the REST API endpoints at: https://nifi.apache.org/docs/nifi-docs/rest-api/index.html
I received the token, and by default put a prefix of Bearer in front. This is not required. Now, hitting any of the GET endpoints results in a positive response.
Unfortunately there is no way at the moment of uploading templates. If there is no REST endpoint for this, how can this be done via automated pipelines?
Thank you
Created 09-28-2022 12:23 AM
Which version of NiFi are you using?
There's an API endpoint for this: POST /process-groups/{id}/templates/upload
Cheers,
André
Created on 09-28-2022 02:11 AM - edited 09-28-2022 02:14 AM
Thank you for the really quick response @araujo! I'm using the latest docker container available.
I'm new to Nifi so still working this through...
So I would have to first create a process group with: POST /process-groups/{id}/process-groups and then follow your instructions above.
Much appreciated!
Created 09-28-2022 03:04 AM
You can get the id of the root process group and import the template there as well.
André
Created 10-08-2023 09:43 AM
I think you faced with NiFi Cross-Site Request Forgery Protection. Here is the link to manual: https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#csrf-protection
When you execute authorization request (/access/token) you got two cookies: __Secure-Authorization-Bearer and __Secure-Request-Token.
Value of __Secure-Authorization-Bearer cookie you can use as value for Authorization header or maybe your http client can add it automatically.
And to avoid CSRF security filter you should add to all POST/PUT/DELETE requests header with name Request-Token and value of __Secure-Request-Token cookie.