GET Request - "error": "Access to this API has been disallowed"

App Development
,
#1

Here it is from the console log -

image

Here is the code -

var headers = {"Authorization": "Bearer <%= encode(iparam.api_key2) %>", "cache-control": "no-cache", "Content-type": "application/json"};
var options = { headers: headers };
var url = "https://api.craneww.com/warehouse/v1/Inventory/InventoryDetails?materialLookupCode=Solis-1P6K-4G-US-AFCI&projectLookupCodes=Ginlong-RMAS";
	
client.request.get(url, options)
		.then (
		function(data) {
			console.log('crane data');
			console.log(data);
		},
		function(error) {
			console.log('crane data error');
			console.log(error);
		});

FYI I have an identically structured API request in Python running from my command line without a hitch. Has Freshworks literally barred API requests to our logistics provider Crane WW? But they allow our webhooks to trigger to them out of our automation rules. Also 403 status not listed in Request API.

Workaround? Submit where for Crane reinstatement?! Help please :slight_smile:

#3

Can you please try making a request without using client.request for the same API to see if the request is successfully made? You need to hard code Bearer token ( this is okay since it is only for testing ).

#4

Well I went down the rabbithole on this one. Tried it with XMLHttpRequest, then fetch, had to figure out CORS policy and then got those to work.

Circling back, it still wouldn’t work with client.request.get. It was because I had copied the auth header code from accessing Freshdesk (that used Basic auth). Needed to remove encoding. So I changed -

var headers = {“Authorization”: “Bearer <%= encode(iparam.api_key2) %>”, “cache-control”: “no-cache”, “Content-type”: “application/json”};

to -

var headers = {“Authorization”: “Bearer <%= iparam.crane_apikey %>”, “cache-control”: “no-cache”, “Content-type”: “application/json”};

and was good to go.

Hopefully that’s in the good graces of app review team?

1 Like