Error creating record TRIM service api using postman - 403 - Forbidden: Access is denied.

Hi 

I am trying to create a record in TRIM content manger using service api via postman and I am seeing 403 - Access denied error. 

My json is like below.

I used my network credentials for basic authentication. 

When I create a record using .NET code with HTTP client and network credentials it works. 

But with postman I am getting error. 

When I use the Create Record api from the trim service api page I see error like "Container cannot be blank" error. From there I cannot send container value. 

Please help, I would be ever grateful for any help on this. 


{
"RecordContainer": "245",
"RecordTitle": "Test Title",
"RecordRecordType": {
"Uri": 1
},
"Fields": {
"ClientID": 123,
"ClientDocumentType": {
"Value": "Internal"
},
"DateReceived": {
"Value": "16-09-2024"
}
}
}

Thanks

Nalina

  • 0  

    Hi Nalina,

    403 access denied normally means that it has failed the Auth step and hasn't looked at your payload yet.

    Since it works via the .NET code does populating a User Agent in the header help? Have seen in the past when going via an Application Balancer or similar that requests without particular headers get dropped due to filters - that may explain the difference in behaviour for the same exact call to the same endpoint between .Net and Postman.

    Are you calling the server direct? Going via a gateway? Going via a balancer?

    If possible, try making a call to the server direct via IP address to help rule out anything upstream.

    -Scotty

  • 0 in reply to   

    Hi Scotty, 

    Thanks for the response, I am calling the server url directly, it is our dev server so no balancer or any other security blockage. I can call the get record url from browser, and it works. Just now tried with IP address same Access denied error. Error seems very obvious but the login credentials are correct. I used the same request headers as in the browser, passed the user agent as well.

    Nalina

  • 0   in reply to 

    Hi Nalina,

    Hmm the plot thickens.

    May be worth checking the IIS logs on the box in question to see if there is any extra details around the 403.
    Typically these are in the '%SystemDrive%\inetpub\logs\LogFiles'

    Other options which may help:
    - When doing the request via a browser, open up the Developer tools in the browser to look at the request headers being sent by the browser explicitly (may offer an extra piece to the puzzle).
    - Do you need to add the Domain as part of the Auth Headers? (COMPANY\Scott instead of Scott)

    Last case:
    - Temporarily restrict the incoming IP addresses to the IIS server to be just from your own box and enable Anonymous auth and then drop your auth headers -> This will cause all requests to be treated as the Service Account itself (NOT RECOMMENDED FOR PROD which is why to firewall other incoming IPs) but if this works with Anonymous auth then its def the Credentials. If you still get a 403 with Anonymous then its something else. (Make sure to turn Anonymous auth in IIS is turned back off once tested)

    -Scotty

  • 0 in reply to   

    Hi Scotty, 

    Thanks again, yes I am putting the Domain\username. Trying different things I replicated the request headers I see when I send the request from browser. Will investigate logs again, at the moment it appears as if the request is not even reaching the server. 

    Hope I can crack this soon

    Thanks
    Nalina

  • 0 in reply to 

    Hi Scotty, 

    Just to let you know that I managed to get the call from Postman to HP Trim working. I had to use NTLM authentication. Instead of Basic. 

    Thanks for your help

    Nalina