HTTP 403 indeed indicates missing or incorrect credentials or a fact that the user is not authorized to table or query resource.
First of all, make sure that the username you will be using to send requests to SlashDB has been assigned Execute permission to the query. To do that, go to Configuration->Queries, and open the query definition. In the Execute field type in the username. You can assign multiple user names by separating them with commas. As a side note user public does not require credentials, so if your resource can be publicly available, simply add public the Execute field.
For non-public users you need to provide those credentials with your HTTP request.
SlashDB allows for two ways to send your credentials:
- Username/Password using BasicAuthentication
- API keys
Ad.1 Construct your HTTP request with the Authorization header and a binhexed value for username:password. See this Stackoverflow recipe how to do that: Calling a rest api with username and password - how to
Ad.2 To use API keys, first assign the SlashDB user a key (alphanumerical string) then provide it with your request.
To do that, go to Configuration->Users, and open the user's configuration dialog. Scroll down to the bottom to the API Authentication section and paste your key in the field provided. For inspiration see CodeIngniter or WEP256 keys on http://randomkeygen.com/. Do not use strings containing ":" because it is used for splitting the key to app-key and api-key. For now just go with a single key.
Send your key with your request either as a header or in the URL query string. By default the parameter is called "apikey":
Option 1: In headers
(HttpWebRequest)WebRequest.Create(@"https://slashdb.yourdomain.com/db/Northwind/Customers/CustomerID/ALFKI.json");
req.Headers.Add("apikey", "12345678");
Option 2: In URL
(HttpWebRequest)WebRequest.Create(@"https://slashdb.yourdomain.com/db/Northwind/Customers/CustomerID/ALFKI.json?apikey=12345678");
