0

I'm doing a PUT "/api/shipments/H10372375236/ready_for_pickup", but that stops in Spree::BaseController#authenticate_user. My PUT request does not contain any X-Spree-Token header as required by BaseController#api_key

This is the code for my button:

 <%= form_tag(spree.api_ready_for_pickup_path(shipment), { method: "PUT", remote: true, id: "admin-ship-shipment" }) do %>
   <%= submit_tag Spree.t(:ready_for_pickup), class: "ship-shipment-button" %>
 <% end %>

This is my routes:

Spree::Core::Engine.routes.draw do
  namespace :api, defaults: { format: 'json' } do
    put '/shipments/:id/ready_for_pickup' => 'shipments#ready_for_pickup', as: :ready_for_pickup
  end
end

Rails.application.routes.draw do    
  mount Spree::Core::Engine, :at => '/' 
end

rake routes available as a Gist here. I have created an API key for the current user in the admin interface. How do I make sure the PUT request contain the missing X-Spree-Token?

martins
  • 9,669
  • 11
  • 57
  • 85

3 Answers3

0

I would be in favor of that SO answer, which is to set the header in the update action of your controller like so:

response.headers["X-Spree-Token"] = auth_token
Community
  • 1
  • 1
born4new
  • 1,677
  • 12
  • 12
0

I fixed it by sending spree_api_key as a token param on the form.

    <%= form_tag(spree.api_ready_for_pickup_path(shipment), { method: "PUT", remote: true, id: "admin-ship-shipment" }) do %>
      <%= hidden_field_tag :token, try_spree_current_user.spree_api_key %>
      <%= submit_tag Spree.t(:ready_for_pickup), class: "ship-shipment-button" %>
    <% end %>
martins
  • 9,669
  • 11
  • 57
  • 85
0

It's working using token in params as you said, but in the documentation it's recommended passing it in headers like this :

Authorization: Bearer API_KEY

(of course, replace API_KEY by your own api key)

source : https://solidus.docs.stoplight.io/authentication

Geoffrey Dulac
  • 46
  • 3