Showing results for 
Search instead for 
Did you mean: 

Using Content API to update records

Contributor II

I have two questions.


Q1: I have an allocated control record I would like to update. I can read it by getting `/contentapi/Allocated_Controls_Assessment_Objectives(457967)`. It has multiple fields and I would like to update only one of them. So, I am trying to do a POST to `/contentapi/Allocated_Controls_Assessment_Objectives` with body `{"Allocated_Controls_Assessment_Objectives_Id":"457967","Comments":"test"}`. However, I am getting a "400 Bad Request" response. I also tried getting all the existing fields for that control and submitting them back with the same result. What am I doing wrong?


Q2: The Content API Reference Guide has a sample POST request for saving records and it uses Cookie header instead of Authorization header like for the GET requests. However, it seems that the Authorization header is required and the Cookie header is not sufficient to get authenticated?

POST /rsaarcher/contentapi/Exception_Requests
Request Header:
Accept: application/json,text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: ArcherSessionCookie = E5E1CEEDA26A199FE2CAE99755CB71DA
Content-Type: application/json



Thank you,


Champion III



You need an authorization header to be authenticated, however, that also depends on the context. If you run within Archer from custom object, you may not need it, it will run with the user session. I remember for REST API I used "Archer session-id=" for Authorization header.

Otherwise, I recommend to use the tool crafted by Jeff Letterman, it will give all examples:

Advocate II



Q1 - Did you try by removing the double quotes you used for the ID value? Like: {"Allocated_Controls_Assessment_Objectives_Id":457967,"Comments":"test"}


For Q2, Ilya has answered it already.  It all depends on how and where you make the API call. 


Jeff's API toolbox will give you better insights on all the APIs. 

Archer Employee
Archer Employee

The content API and the platform API will both respect the Archer Session Cookie. You can verify this by authenticating to Archer in a browser and then making a GET request to an API resource in that same browser. It should ask you if you want to open or save the resulting JSON file.


The problem you are encountering is in the documentation. The cookie is called __ArcherSessionCookie__ and not ArcherSessionCookie as shown in the documentation.


On the 400 error, I think Arun is on the right track. ID is an int and should not be sent as a quoted string. 

Contributor II

Thank you for the responses and suggestions. Bodie Minster, you were right about the cookie, renaming it worked!


No luck on saving content, though.

Unfortunately, I saw the same result. I was able to use the session cookie to get content, but when I used the same token just a minute later to update the content I had just retrieved, I got a 401. Then I turned around and requested the content again and received a 200. 


I'm investigating this issue as a potential defect. I'll update you with my findings.