Wappler Version : v4.1.0
Operating System : MacOS
Server Model: ASP.NET
Database Type: MSSQL
Hosting Type: IIS
Expected behavior
Entering API Authorization details for Username and Password should fulfil Basic Authorization requirements for making an API call
Actual behavior
The API call is not Authorized with the details provided under Authorization: Username method. However, if the Basic Authorization (Base64 Encoded) details are entered in the Headers section, then the API calls are authorised correctly.
How to reproduce
Create an API Action with the API url
Select Method - GET or POST
Select Authorization Method: Username
Enter Username and Password details
Click on Define API Schema - API call is unauthorised
Remove Authorization Method: Username. Instead enter Base64 encoded Basic Authorization in the Headers
Click on Define API Schema - API call is authorised correctly for the same credentials as provided under Username Authorization method
On a related note: I used the same auth method a few days ago in NodeJS project and it worked/works fine.
But I was thrown off by the weird name - USERNAME. It was earlier correctly called BASIC.
Not sure when you guys changed it, but its incorrect and should be fixed as well.
If you want, you can just add help text explaining what Basic means.
I've tested the ASP.NET Api with basic authentication and it just works fine. I've tested it by using https://requestinspector.com/ and inspected the headers that were send. Could you perhaps also test what is being send in the headers in your case? Do you have some non-ascii characters in the username or password perhaps.
I agree with you, I also didn't know directly when he mentioned the Username method that it was the basic authentication. Perhaps @George could change that back to Basic again, since in most api documentation they also call it that.
The API request fails when I enter username and password separately under the Authorization: Username Method and click on Define Schema to fetch the schema (screenshot attached).
But if I convert the username and password to Basic Authorization (Base64 encoded string) and enter it in the Headers section, it makes the API request correctly and fetches the schema as well.
Both username and password strings contain letters and numbers only. I have tested the API endpoint in Postman and API requests are successful with username and password entered separately.
I have done some more testing with 2 different API endpoints and here are my findings. In both cases I setup Authorization: Username Method to provide username and password credentials.
API url: https://api.plivo.com/v1/Account/{auth_id}/Message/ : In this case, both fetch schema and API endpoints don’t work; I keep getting url authentication / unauthorised access error. It works correctly only when I provide Basic authentication in the Headers.
Please note that the second API has {auth_id} in the url, which I’m adding to the url from a SetValue step in the API action.
I don’t know whether there’s a different method to setup API actions for urls that have requirements like {auth_id} as part of the API endpoint.