Ajax request returns 401 status

mpisanchikmpisanchik Posts: 9Member

Hello,

I'm currently making an ajax call to the products endpoint and I am getting a 401 "Unauthorized" error. When I curl the same endpoint I can get a 200 response (or even call the endpoint in Postman gets me a good response).

Any help with this issue would be greatly appreciated.

11 comments

  • Adrian SamuelAdrian Samuel Posts: 515Moderator, Lightspeed Staff moderator

    Hey @mpisanchik, for which one of our software products are you doing this AJAX call to? Is this onsite? eCom or Retail?

    Adrian Samuel

    API Integrations Consultant - Strategic Solutions

    Lightspeed HQ

  • mpisanchikmpisanchik Posts: 9Member
    edited April 24

    @Adrian Samuel This is for the eCom side (which right now is only on a test shop). I'm creating a snippet for the cart page and need to get specific products.

    Post edited by mpisanchik on
  • Adrian SamuelAdrian Samuel Posts: 515Moderator, Lightspeed Staff moderator

    @mpisanchik, which API are you using? Can you give an example of a request payload

    Adrian Samuel

    API Integrations Consultant - Strategic Solutions

    Lightspeed HQ

  • mpisanchikmpisanchik Posts: 9Member
    edited April 30

    @Adrian Samuel so I think the underlining issue is that I'm having a CORS issue. So I think the reason I was getting this 401 error is because the api key and the api secret was being removed from the request by Chrome. My team set up a proxy server that we completely opened up the requests into it and then made the api call to lightspeed from there. This fixed the CORS issue (for now) but do you know of any good solution for fixing CORS issue? We would like to not use this proxy server when we go live with our changes.

    Also I believe the endpoint I was trying was products.json

    Post edited by mpisanchik on
  • Adrian SamuelAdrian Samuel Posts: 515Moderator, Lightspeed Staff moderator

    @mpisanchik, I've commented on your question here: https://community.lightspeedhq.com/en/discussion/1897/cors-issue

    To add, I don't think so because this does pose a security issue. API requests to our server should be made on a server to protect credentials and such. We do provide a client side API for front-end related calls.

    Adrian Samuel

    API Integrations Consultant - Strategic Solutions

    Lightspeed HQ

  • TradingboTradingbo Posts: 23Member

    Hi Adrian,

    Can you provide a link to the client-side API documentation as can't seem to find in your support sections. Thanks

  • Adrian SamuelAdrian Samuel Posts: 515Moderator, Lightspeed Staff moderator

    @Tradingbo , this is as informative as our client-side API documentation gets:

    Simply change the relevant URL of the page you're on to .ajax or format?json and you'll be able to explore the results

    Adrian Samuel

    API Integrations Consultant - Strategic Solutions

    Lightspeed HQ

  • carasincarasin Posts: 2Member

    @Adrian Samuel, Curious about a similar issue. The linked pages says "NOTE: Be careful that your scripts do not produce too many XHR calls. A few (2-3) calls per page or making calls based on user input could be acceptable, but letting users do multiple calls in a short period of time could see them BANNED from shops. "

    Is there any more documentation about this? I would like to display a few products from a store on a webpage on a different website, and want to have some idea of how reliable this ajax method may be.

  • Adrian SamuelAdrian Samuel Posts: 515Moderator, Lightspeed Staff moderator

    @carasin, there isn't but using the front-facing UI API is discouraged for high volume usage.

    Have you considered using the REST API for this?

    Kind Regards,

    Adrian Samuel

    API Integrations Consultant - Strategic Solutions

    Lightspeed HQ

  • carasincarasin Posts: 2Member

    I was looking to make client-side requests, and it's my understanding that eh REST API is recommended to be used server-side?

  • Adrian SamuelAdrian Samuel Posts: 515Moderator, Lightspeed Staff moderator

    Hey Carasin,

    AJAX is not the recommended way to do this. You're probably going to run into CORS issue trying to do this anyhow which would prevent it from working.

    The REST API can be used to get the items from the Lightspeed website using the following endpoint: https://developers.lightspeedhq.com/ecom/endpoints/product/

    You can then make an AJAX call on your other website to the resource of where those images are stored to display it on your other website

    Adrian Samuel

    API Integrations Consultant - Strategic Solutions

    Lightspeed HQ

Sign In or Register to comment.