Unable to create device type using API

[wmmihaa]

1. I've created a Standard Application API Key
2. Using Postman, I set Basic Auth using the key as username and token as password
3. Successfully call https://[myorg].internetofthings.ibmcloud.com/api/v0002/device/types using the GET verb
4. Failed calling the same uri as above using POST with this payload:
   { "id": "myDeviceType", "description": "My first device type", "classId": "Device" }

Response: 403 Forbidden

Nor can I create a device...
I've also tried the same using Operations Application Key

BTW... I'm currently using the free option if that has anything to do with it...

[slaupster]

@wmmihaa The problem with Postman is that it is built on Chrome, and Chrome is inserting additional headers. In particular it sets the Origin header. Due to the CORS implementation in IoTP, when the Origin is set by Chrome (to localhost maybe?), the request is forbidden because it does not match the allowed origin (https://[myorg].internetofthings.ibmcloud.com).

CORS support prevents malicious abusing of the session when logged into IoTP. Applications do not need to worry about this, because typically they would not set Origin header. eg. curl works fine:

curl --user 'apikey:token 'https://orgid.internetofthings.ibmcloud.com/api/v0002/device/types' -H 'Content-Type: application/json' --data '{"id":"mytype","classId":"Device"}'

Unfortunately you cannot specify the Origin header with Postman. You could try Advanced Rest Client (ARC) - https://chrome.google.com/webstore/detail/advanced-rest-client/hgmloofddffdnphfgcellkdfbfbjeloo

[CaroMac]

@wmmihaa I hope that this response has helped you to resolve the issue you were having. If you have future queries, then a good place to go is developerWorks Answers, where you can ask a question and view other questions that have been asked. The link is here: https://developer.ibm.com/bluemix/support/