Access Open edX api's from frontend/postman using tutor

VASANTH_KUMAR · August 17, 2022, 7:11am

We’re creating a custom frontend from openedx APIs using tutor. But when I try to access APIs from a react app or postman I’m getting CORS/403 error but some API’s like /api/bookmarks/v1/bookmarks are working but when I try /api/user/v1/login_session it’s giving me 403.
I added my domain in xdomainproxyconfiguration whitelist still I’m getting CORS error
http://local.overhang.io/admin/cors_csrf/xdomainproxyconfiguration/
Please guide me on how we go about this.

nsprenkle · August 17, 2022, 6:52pm

Hi @VASANTH_KUMAR I would start by taking a look at How to authenticate and query edX APIs with Postman as a starting point. Has info on standard Postman setup that might be missing.

VASANTH_KUMAR · August 18, 2022, 4:40am

Hi, @nsprenkle thank you will check this out.

sarina · August 19, 2022, 8:47pm

Hi! I’ve moved your question to the “Development” topic. Choosing the right topic when you make a post is important for visibility; the default (“Community”) is almost never what you want.

allen_luna · July 30, 2024, 11:21pm

hi @nsprenkle

Just wanna ask if I am correct, My output is
Status Code: 400
Content-Type: application/json
Response Content Length: 123
Response JSON: {‘success’: False, ‘value’: ‘There was an error receiving your login information. Please email us.’, ‘email’: None}

import requests

URL to get the CSRF token and cookie

initial_get_url = ‘https://courses.edx.org’

url = ‘https://courses.edx.org/api/user/v2/account/login_session/’

response = requests.get(url)

csrf_cookie = response.cookies.get(‘csrftoken’)

print(csrf_cookie)

Data to send in the POST request

data = {
“email”: “example@gmail.com”,
“password”: “mypassword”
}

Headers for the request

headers = {
‘Accept’: ‘application/json’,
‘X-CSRFToken’: csrf_cookie,
‘Content-Type’: ‘application/json’,
‘Referer’: initial_get_url
}

response = requests.post(url, json=data, headers=headers, cookies={‘csrftoken’: csrf_cookie})

print(“Status Code:”, response.status_code)
print(“Content-Type:”, response.headers.get(‘Content-Type’))
print(“Response Content Length:”, len(response.content))

if ‘application/json’ in response.headers.get(‘Content-Type’, ‘’):
try:
response_json = response.json()
print(“Response JSON:”, response_json)
except requests.exceptions.JSONDecodeError:
print(“Response is not valid JSON.”)
else:

print("Response is not JSON or Content-Type is missing.")
print("Response Content:", response.text)

Topic		Replies	Views
Correct config for cross-domain access to Open edX API Site Operators api , juniper	2	1596	December 29, 2021
Tutorial \| Open edX Nutmeg with Tutor 14 on Ubuntu 20 and disabling rate limiting step by step Site Operations Help api , how-to , tutor , nutmeg	1	611	October 2, 2022
Enable CORS in tutor AWS AMI Site Operators api , how-to , tutor	4	341	November 8, 2023
Adding ALLOW_CORS_HEADER plugin in tutor Tutor Help tutor	1	514	March 7, 2024
Open edX api issue Development api , tutor , olive	1	199	November 27, 2023

Access Open edX api's from frontend/postman using tutor

URL to get the CSRF token and cookie

Data to send in the POST request

Headers for the request

Related topics