Connect from Zendesk(javascript) to Acumatica(IIS)

Question

I am trying to connect from Javascript to Acumatica with following code:

var xmlhttp = new XMLHttpRequest();
URL = "h ttps://demo.mytestwebsite.com/entity/auth/login/";
xmlhttp.open("POST", URL, false);
xmlhttp.setRequestHeader("Authorization", "Basic " + btoa("Admin:hgfjk"));
xmlhttp.send();

And getting error:

VM2372:7 OPTIONS https ://demo.mytestwebsite.com/entity/auth/login/ 405 (Method Not Allowed) connect @ VM2372:7 (anonymous) @ VM2374:1 VM2372:7 XMLHttpRequest cannot load http s://demo.mytestwebsite.com/entity/auth/login/. Response for preflight has invalid HTTP status code 405 connect @ VM2372:7 (anonymous) @ VM2374:1 VM2372:7 Uncaught DOMException: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'http s://demo.mytestwebsite.com/entity/auth/login/'. at connect (:7:15) at :1:1

Answer 1

This issue is caused by CORS, i.e. the web browser does not get the necessary response from IIS hosting Acumatica, to satisfy CORS. CORS is a mechanism of increasing security in browsers.

When encountering this issue you can also run into these sorts of errors:

• Response for preflight has invalid HTTP status code 500
• Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource

As of Acumatica Version 6.10.0945, this is how you configure IIS to make it CORS compatible for Acumatica for this type of requirement.

Add the following HTTP Response Headers within IIS.

• Name: Access-Control-Allow-Origin Value: http://5.5.5.5 (IP Address or URL of the site that will connect to Acumatica - eg. https://mycompany.zendesk.com)
• Name: Access-Control-Allow-Headers Value: Content-Type, cache-control
• Name: Access-Control-Allow-Credentials Value: true

When values are added from Internet Information Services (IIS) Manager, they also appear in the web.config file in the Acumatica application folder as Custom Headers. For example - C:\Program Files (x86)\Acumatica ERP\MainAcumatica\web.config

I experienced issues adding the entries directly to web.config so suggest it is done through IIS.

Secondly, an entry needs to be made into the Global.asax file located in the same directory as web.config

This is the complete file with the function to insert being Application_BeginRequest():

    <%@ Application Language="C#" Inherits="PX.Web.PXApplication" %>
<script RunAt="server">
    protected override void MergeAdditionalAssemblyResources()
    {
        PX.Web.UI.AssemblyResourceProvider.MergeAssemblyResourcesIntoWebsite<PX.Web.Controls.PXResPanelEditor>();
    }

    protected override void Initialization_ProcessApplication()
    {
        Initialization.ProcessApplication();
    }

protected void Application_BeginRequest() {
    if (Request.Headers.AllKeys.Contains("Origin") && Request.HttpMethod == "OPTIONS") {
        Response.Flush();
    }
}
</script>

The function Application_BeginRequest() in this file is flushing the response generated by the application for CORS OPTIONS requests, and letting IIS handle it with its header configuration.

OPTIONS requests are made by the CORS mechanism in the web browser, referred to as ‘pre-flight’, in order to confirm that the target server for the request is CORS compliant.

These settings will resolve the issue reported.

Answer 2

Instead of using basic authentication, try to pass username, password, company, branch, and locale (company, branch, and locale are optional) as request body following the sample below:

URL = "http://10.211.55.3/StackOverflow/entity/auth/login";  //Your URL
var xmlhttp = new XMLHttpRequest();
xmlhttp.open("POST", URL, false);
xmlhttp.setRequestHeader("Content-Type", "application/json");
var params = "{ name: '<username>', password: '<password>' }";
xmlhttp.send(params);