Discussions

(I couldn't resist modeling on Jack's post.)

I'm writing a WebApi which will live outside iMIS, so I'm trying to obtain a token and then send it with a request. No matter what I do, I still get 401 Unauthorized when trying a GET.

First, I created a new Contact "Remote Service" which is a member of the RemoteService role. (I have tried it as public/casual/full -- none seem to make a difference.)

Then I call the /Token endpoint like this.
[code]
var client = new RestClient($"{_baseUri}Token");
var request = new RestRequest(Method.POST);
request.AddParameter("undefined", $"grant_type=password&username={_imisLogin}&password={_imisPassword}", ParameterType.RequestBody);
[/code]

I get a valid response that contains a valid (looking) access_token. I use it like this:

[code]
var client = new RestClient(_baseUri);
var request = new RestRequest(Method.GET);
request.AddHeader("RequestVerificationToken", token);

request.Resource = $"api/user?UserName=Equal:{username}";
IRestResponse<ImisTypes.UserData> response = client.Execute<ImisTypes.UserData>(request);

if (response.StatusCode == HttpStatusCode.Unauthorized)
{
	// FAIL
}

[/code]

Even though all operations require the RequestVerificationToken, none of them show how to include it.