Hello all! I’ve created a user account and am trying to use the API to get a token to use for further API calls. I’m testing this process using curl with this command
The response is always {“error”:“FORBIDDEN”,“message”:“Forbidden - Not available”}.
One thing that puzzles me is that the docs tell you to use an xc-auth header to provide an auth token - NocoDB API Documentation. The doc link says "Auth Token is a JWT Token generated based on the logged-in user. ". If I’m already logged in though, why would I be trying to sign in again? For what it’s worth I actually do have an auth token that I created using the web interface and have tried using that as well by adding an additional header with “-H ‘xc-token: myauthtoken-here’”. This just gives me the same error message.
The purpose of this is ultimately to build a login screen for a web app I’m working on. So just using the login screen at Nocodb won’t work. We need our own login page that uses axios or something to hit the endpoints.
Edit: I did actually use the -XPOST option to curl even though it isn’t shown here. It doesn’t seem to matter.
Thanks for the reply. Unless axios does something behind the scenes that’s different from curl, then I’ve tried this. I tried the connection both with and without the xc-auth header. It didn’t matter. Of course, I’m also not hosting it locally. Some of the endpoints DO work though. Like I can list the contents of a table using the xc-auth header and my token. It just seems that the user focused endpoints have this problem. For instance, I’ve also tried the signup one and get a similar problem with the response being ‘{“error”:“FORBIDDEN”,“message”:“Forbidden - Email authentication is disabled”}’
It occurs to me that the Nocodb people might not want people using the API to create users and handle logins on their instance of NCDB but want you to use their web frontend to do that. Have they just disabled the user related endpoints on their instance? Perhaps this is why the error says “forbidden”. Can someone from NCDB confirm/deny this?
If this is true then I’m assuming I’ll need to put it on a server or localhost and run it there.
You are right : signup and signin are handled via AWS cloud provided auth mechanisms for security reasons hence those API endpoints are not available for use.