Defect #6667

REST API call with POST/PUT

Added by Afsar Red about 7 years ago. Updated almost 6 years ago.

Status:NewStart date:2010-10-14
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:REST API
Target version:-
Resolution: Affected version:

Description

Hi,
I could not able to create a project OR issue using redmine API call.

just wanted to know, whether I made any mistake on the following CURL command for creating a new project:

================================================================
curl -X POST -d '
<projects type="array">
<project>
<name>Redmine</name>
<identifier>redmine</identifier>
<description>Redmine is a flexible project management web application written using Ruby on Rails framework.</description>
</project>
</projects>' -H 'Content-type:application/xml' -u user:password http://hostname/projects.xml =======================================================================

Thanks

History

#1 Updated by Felix Schäfer about 7 years ago

Have you activated the REST API? What error are you getting from that command (use -v to see what HTTP error exactly your redmine returns)? What error does that call yield in the redmine log (log/development.log or log/production.log)?

#2 Updated by Afsar Red about 7 years ago

Thanks for the quick response, Felix.

It gives the following error message, when I place verbose option.

.
.
.
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.2.14 (Ubuntu) Server at development.avonvoices.com Port 80</address>
</body></html>
.
.
.

In the meantime, I could be able to get the list of projects by the following command using the same username and password:

curl -u user:password -G http://host/projects.xml?key=......................................... -v

Thanks

#3 Updated by Holger Just about 7 years ago

The REST API does not use your username and password via basic auth. Instead, each account has an assigned key (which you can find in the sidebar at http://yourredmine.com/my/account. That key is used exclusively for authentication, as you have done in your second example. The username and password were ignored completely.

#4 Updated by Afsar Red about 7 years ago

Holger,
Thanks for the followup.
From the documentation(http://www.redmine.org/wiki/redmine/Rest_Projects), I found that, it could be able create a project by the following command:

curl -X POST -d '<project><name>Redmine</name><identifier>redmin</identifier><description>Redmine is a flexible project management web application written using Ruby on Rails framework.</description></project>' -H 'Content-type:application/xml' http://hostname/projects.xml?key=...............................................

But, still I could not be able to create a new project. Note that I removed -u option from the command. Could you please look into this .

#5 Updated by Tomasz Muszyński about 7 years ago

  • Assignee set to Jean-Philippe Lang

I've modified one line of code to get this working.

url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id], :key => params[:key])

was changed in this code fragment in app/controllers/application_controller.rb:

  def require_login
    if !User.current.logged?
      # Extract only the basic url parameters on non-GET requests
      if request.get?
        url = url_for(params)
      else
        url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id])
      end
      respond_to do |format|
        format.html { redirect_to :controller => "account", :action => "login", :back_url => url }
        format.atom { redirect_to :controller => "account", :action => "login", :back_url => url }
        format.xml  { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
        format.js   { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
       format.json { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
      end
      return false
    end
    true
  end

Unfortunately, i'm not a ruby programmer, so i'm not sure that above change is enough, but it's working for me.

Above solution fixes closed bug #6447 which is still not working properly. Jean, I've assigned it to you as you closed #6447 :)

#6 Updated by Toshi MARUYAMA over 6 years ago

  • Category set to REST API

#7 Updated by RedminePro Yang almost 6 years ago

Holger Just wrote:

The REST API does not use your username and password via basic auth. Instead, each account has an assigned key (which you can find in the sidebar at http://yourredmine.com/my/account. That key is used exclusively for authentication, as you have done in your second example. The username and password were ignored completely.

Why the API Access Key is not showed in http://demo.redmine.org/my/account any more?

Also available in: Atom PDF