Support Questions

Find answers, ask questions, and share your expertise

Nifi API - 403 error

avatar
Explorer

I am running nifi locally using docker, I tried to generate token using the following url and obtained token successfully

https://localhost:8443/nifi-api/access/token

but when I tried to make POST call to the following URL, I received 403 error code. I used same token generated with above request, can anyone suggest what am I doing wrong?

https://localhost:8443/nifi-api/process-groups/d9a891ee-017e-1000-4067-96bceee7d5e3/template-instanc...

 

6 REPLIES 6

avatar
Super Guru

@Chhavi ,

 

Please try this:

curl -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'username=bob&password=supersecret1' \
"https://nifi-1.example.org:8443/nifi-api/access/token"

Regards,

André

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar

I was facing the same response using postman and getting a 403 when calling the REST API endpoints at: https://nifi.apache.org/docs/nifi-docs/rest-api/index.html

 

I received the token, and by default put a prefix of Bearer in front. This is not required. Now, hitting any of the GET endpoints results in a positive response.

 

Unfortunately there is no way at the moment of uploading templates. If there is no REST endpoint for this, how can this be done via automated pipelines?

 

Thank you

avatar
Super Guru

@Kushisabishii ,

 

Which version of NiFi are you using?

There's an API endpoint for this: POST /process-groups/{id}/templates/upload

 

Cheers,

André

 

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar

Thank you for the really quick response @araujo! I'm using the latest docker container available.

I'm new to Nifi so still working this through...

 

So I would have to first create a process group with: POST /process-groups/{id}/process-groups and then follow your instructions above.

Much appreciated!

avatar
Super Guru

You can get the id of the root process group and import the template there as well.

 

André

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar
New Contributor

I think you faced with NiFi Cross-Site Request Forgery Protection. Here is the link to manual: https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#csrf-protection

When you execute authorization request (/access/token) you got two cookies: __Secure-Authorization-Bearer and __Secure-Request-Token.

Value of __Secure-Authorization-Bearer cookie you can use as value for Authorization header or maybe your http client can add it automatically.

And to avoid CSRF security filter you should add to all POST/PUT/DELETE requests header with name Request-Token and value of __Secure-Request-Token cookie.