HTTP Response not sending X-Auth-Token in Header

Question

I´m trying to make a post request to a third party API.

In this request I have to send my username and password on the header, and It will return a response header with the X-Auth_token. The problem is that I´m not getting the X-Auth-Token in the header if I make the posto from a client to my server and then to the API. If I make the request from Postman directly to the API url, it works fine.

This is the code:

SERVER

app.post("/signin", async (req, res) => {
  console.log("BODY", await req.body);
  try {
    const xToken = await axios.post(loginUrl, {
      headers: {
        "Content-Type": "application/x-www-form-urlencoded",

        "X-Username": req.body.username,
        "X-Password": req.body.password,
      },
    });
    console.log(xToken.headers);

    //res.send(xToken);
  } catch (error) {
    console.log("SERVER Error: ", error.message);
  }
});

CLIENT

const signin = async () => {
  try {
    const TOKEN = await axios.post("http://localhost:3000/signin", {
      username: "AGU",
      password: "MIOTTI",
    });

    
    console.log("TOKEN", TOKEN);

    return TOKEN;
  } catch (error) {
    console.log("CLIENT Error: ", error.message);
  }
};

signin();

What can be the problem?

some data of postman:

This is the response header when you try to make the post with postman directly to https://api.remarkets.primary.com.ar/auth/getToken:

and this is the response header when you make the reques to the serven on express:

Can you share succussed Postman screen (Authorization, Headers, Body, POST URL and response statue) with hide private information? It will be help to understand which `auth` using in your `loginUrl` server. — Bench Vue, Feb 04 '23 at 21:48
Thanks for your updating, I think you missing send `Body` part(x-www-form-urlencoded)` the Key/Value list and received `Body` part with Status.(status 200?) One more, I checked API documentation. https://apihub.primary.com.ar/ Can you point out `authentication` page? It should be help the `X-Username`/`X-Password` format( base 64 or not). Some documentation shows `curl` example for get token. It will increase a percentage you get an answer. — Bench Vue, Feb 04 '23 at 22:31
@BenchVue idk if I understand you well, but are you saying that I did not send the content type x-www-form-urlencoded? Honestly I dont understand the explanation. Sorry I m noob.. XD — miouri, Feb 04 '23 at 22:36
I can't test your `api.primary.com.ar` token, but I will answer with similar web site(spotify), You can apply your problem. Give me a 10 minutes, I will try answer your question. — Bench Vue, Feb 04 '23 at 22:42
I try answer it. It is not matched your direct case but you can leverage it. I think we can talk about a detail during convert into your case. — Bench Vue, Feb 04 '23 at 22:57

Bench Vue · Accepted Answer · 2023-02-05T01:44:37.607

1

The Server side as `server.js` file

const express = require("express")
const axios = require('axios')
const cors = require("cors")
const bodyParser = require('body-parser')
const corsOptions = {
    exposedHeaders: 'Authorization',
};

const app = express()
app.use(cors(corsOptions))
app.use(bodyParser())

const loginUrl = 'https://api.remarkets.primary.com.ar/auth/getToken'

app.post("/signin", async (req, res) => {
    console.log("BODY", await req.body);
    const response = await axios.post(
        url = loginUrl,
        '',
        config = {
            headers: {
                "X-Username": req.body.username,
                "X-Password": req.body.password,
            }
        })
    return res.send(response.headers["x-auth-token"])
});

app.listen(3000, () => { console.log("Listening on :3000") })

The Cliet side as `client.js` file

const axios = require('axios')
const signin = async () => {
    try {
        const response = await axios.post("http://localhost:3000/signin", {
            username: "<your id>",
            password: "<your password>",
        });
        return Promise.resolve(response.data);
    } catch (error) {
        return Promise.reject(error);
    }
};

signin()
    .then(token => {
        console.log('token is : ' + token);
    })
    .catch(error => {
        console.log(error.message);
    });

Install dependencies

npm install express axios cors body-parser

Confirmed dependencies

$ npm ls --depth=0
@ D:\temp\working
├── axios@1.3.2
├── body-parser@1.20.1
├── cors@2.8.5
└── express@4.18.2

Run Server first

node server.js

Run client later

node client.js

Result in client

References

Axios get access to response header fields

Unable to access JSON property with "-" dash

edited Feb 05 '23 at 01:44

answered Feb 04 '23 at 22:56

Bench Vue

5,257
2
10
14

OK, I resume. First step is I needs to success the Postmen with your credential Can you confirm three items? First, header item, I added two items(X-Username/X-Password) from default Postman header. Correct? Second is I needs Body section, can you shows your Postmen Body part? The `x-www.form-urlencooded`'s Key/Value list, I have no information. Third, can you shows your response body part. It will shows token and status. Last item you can delete your credential. I copied it. – Bench Vue Feb 04 '23 at 23:53
In your post request to the loginUrl you need to add on the header the x-username and x-password. Body is empty. – miouri Feb 05 '23 at 00:12
OK, I try to send message but No response of Body, just 200 OK, Did you got the access token? – Bench Vue Feb 05 '23 at 00:13
The body responde is empty too. When you try directly making the request with postman, the response header has the X-Auth-Token. But nothing with my program – miouri Feb 05 '23 at 00:15
I think we are messed up. When you try with postman to make a post to https://api.remarkets.primary.com.ar/auth/getToken , with the X-Username and X-Password on header, it works OK. The response header has the X-Auth_token. When you try to make the post with postman to the server on express, the response header doesn´t have the X-Auth-token. – miouri Feb 05 '23 at 00:17
I don't get it this means "The response header has the X-Auth_token." – Bench Vue Feb 05 '23 at 00:18
one coment, the API: https://api.remarkets.primary.com.ar/auth/getToken is a third party one... Every request you make, I dont get any information... – miouri Feb 05 '23 at 00:22
OK, I can get the `X-Auth-Token` information in header of response by Postman. Now first step done. Let me try by code. – Bench Vue Feb 05 '23 at 00:29