Important Update: Some Community URL Redirects are Under Maintenance. Learn More. .

cancel
Showing results for 
Search instead for 
Did you mean: 

Save Workflow Action using REST API

SathyaPriyan_
Contributor III

I have tried to click workflow action button using REST API call with below code from browser console. but it is throwing 405 error(method not allowed) or 403 error(forbidden) when I tried with different verb PUT.

If I try to click the button from REST API console in Archer API template application, then REST API call with POST verb is getting successful.

var xhr = new XMLHttpRequest();
var json_body = {
"ContentId": 123456,
"CompletionCode": 1
"WorkflowNodeId": "12345:CUST"
}
json_body = JSON.stringify(json_body);
xhr = new XMLHttpRequest();
xhr.open('POST',""+BaseURL +"/api/core/system/WorkflowAction", true);
xhr.setRequestHeader("Accept", "*/*");
xhr.setRequestHeader("Authorization", "Archer session-id="+ session);
xhr.setRequestHeader("Content-Type", "application/json");
xhr.send(JSON.stringify(json_body));
xhr.onreadystatechange = function ()
{
if(xhr.readyState == 4)
{
console.log("Processing Request");
if(xhr.status==200)
{
console.log("Workflow button is clicked");
}
else
{
console.log(xhr.status);
}
}
}

Is there something that I missed in the REST API call?

1 ACCEPTED SOLUTION

Accepted Solutions

Thanks, I missed that part in your other post ; (

Try sending this as a header:

'x-csrf-token': (window.sessionStorage) ? window.sessionStorage.getItem("x-csrf-token") : parent.parent.ArcherApp.globals['xCsrfToken']

 Advisory Consultant

View solution in original post

15 REPLIES 15

DavidPetty
Archer Employee
Archer Employee

@SathyaPriyan_ try removing these lines:

xhr.setRequestHeader("Accept", "*/*");
xhr.setRequestHeader("Authorization", "Archer session-id="+ session);
xhr.setRequestHeader("Content-Type", "application/json");

Being the custom object will run in the context of the user  it's not needed.

 Advisory Consultant

@DavidPetty Thank you for the input. I tried with below snippet in custom object. But I received 403 forbidden error. I'm trying to send request with "POST" action but system considers the request as GET and throws forbidden error(403).

<script type="text/javascript">
var xhr = new XMLHttpRequest();
Sys.Application.add_load(function() 
{
//xhr = new XMLHttpRequest();
xhr.open('POST',""+ BaseURL +"/api/core/system/WorkflowAction", true);
xhr.send(JSON.stringify({"ContentId": "12345", "CompletionCode":"1", "WorkflowNodeId":"100902:CUST"}));
xhr.onreadystatechange = function () 
{
    if(xhr.readyState == 4)
    {
    console.log("Processing Request");
	console.log(xhr.status);
    	if(xhr.status==200)
    	{
    		console.log("Button is clicked");
    	}
    	else
    	{
    	console.log(xhr.status);
    	}
    }
 }
});
</script>

SathyaPriyan__0-1683784124337.pngSathyaPriyan__1-1683784153105.png

 



I don't see where you declared the BaseURL variable which might be the problem.

 Advisory Consultant

@DavidPetty I hard coded the BaseURL value in my custom code. 
For Ex: if URL is https://test.grcarcher.com/apps/ArcherApp/Home.aspx, then I use baseURL as "https://test.grcarcher.com" and I append API URL

/api/core/system/WorkflowAction

Our current Archer version is 6.9 SP3 P2 and FYI, REST API request with POST method to generate session token is working fine.

Thanks.  

In the JSON you're sending to the API, don't but quotes around the numeric values.

xhr.send(JSON.stringify({"ContentId": 12345, "CompletionCode":1, "WorkflowNodeId":"100902:CUST"}));

 Advisory Consultant

Thank you, I tried with removing double quotes for the content id and Completion Code values. But it still gives me 403 error.

What do the header and payload looks like in the developer tools?

DavidPetty_1-1683813815109.png

 

DavidPetty_0-1683813741294.png

 

 Advisory Consultant

Please see network headers(blurred request URL and remote address), payload and response screenshots below,

SathyaPriyan__1-1683821944556.png

SathyaPriyan__2-1683821998177.png

SathyaPriyan__0-1683821871366.png

 

@SathyaPriyan_ if you look at the header.  The complete URL is missing in comparison to my screenshot.

I'd double-check that the BaseURL variable is set properly.

 Advisory Consultant