Small and medium business | Business Central, N...

Business Central web services Query param instead of header param

(0) Share

Report

Posted on by Salomon

Heya

trying to connect to the web services via javascript. Having a really hard time succeeding. Keeps giving me a cors error. Wonder - Is it possible to connect to it with a query param instead of a header param? My experience is, that it is a lot easier. Example:

localhost:endpoint/username=xxxxx&password=&&&&&&

Currently I'm doing as follows (but i keep getting 401 even though I'm certain the credentials are correct.):

async function getUser() {

try {

const response = await fetch("">xxxxx.dv.local:7048/.../xxxxxxx", {

method: 'GET',

mode: 'no-cors',

headers: {

accept: 'application/json',

'Authorization': 'Basic '+btoa('xxxxxx:xxxxxxx.')

});

if (!response.ok) {

throw new Error(`Error! status: ${response.status}`);

}

const result = await response.json();

console.log(result)

return result;

} catch (err) {

console.log(err);

}

getUser();

</script>

All responses (8)

Answers (0)

Salomon 5 on at

Like (0)

Report

RE: Business Central web services Query param instead of header param

It seems i can only authenticate via NTLM. This does not provide a javascript code snippet that is functional. Am not completely sure why this is the case.
Salomon 5 on at

Like (0)

Report

RE: Business Central web services Query param instead of header param

Hey Jeffrey

Not too worrid about exposing the credentials as it is an on-premise application. However i will look into switching to Oath2 if possible for a localhosted BC365.
Salomon 5 on at

Like (0)

Report

RE: Business Central web services Query param instead of header param

Tried it in postman but can strangely only get it to work with NTLM authentication. This does not provide a code snippet that is functional in Javascript.
Suggested answer

Nitin Verma 21,544 Moderator on at

Like (0)

Report

RE: Business Central web services Query param instead of header param

Hi,

Its not recommended to use URL with credentials, you can try OAuth.

Thanks.
Suggested answer

YUN ZHU 81,360 Super User 2025 Season 1 on at

Like (0)

Report

RE: Business Central web services Query param instead of header param

Hi, This seems to be an authentication issue.
Although Microsoft recommends Oauth, it can still be used until BC21.

You can test it in PostMan and then turn to Code.

Hope this helps.

Thanks.

ZHU
Suggested answer

Jeffrey Bulanadi 644 on at

Like (0)

Report

RE: Business Central web services Query param instead of header param

Hi Salomon,

This is vulnerable to web attacks as you exposed the credentials thru url.

Going back to your requirements, Microsoft recommends to use the OAuth 2.0 authentication method. Below links is much easier to understand as it shows an actual procedure how to do it.

robertostefanettinavblog.com/.../

www.kauffmann.nl/.../

https://yzhums.com/20690/

If you find this useful please give it a like or verify the answer. By this way you can help other members know that the topic has been answered. Have a nice day. Thank you.

Cheers,
Suggested answer

Inge M. Bruvik 1,021 Moderator on at

Like (0)

Report

RE: Business Central web services Query param instead of header param

You should probably switch to Oauth instead of basic authentication.

Here are some links for you:

docs.microsoft.com/.../authenticate-web-services-using-oauth

docs.microsoft.com/.../web-services-authentication
Salomon 5 on at

Like (0)

Report

RE: Business Central web services Query param instead of header param

Not Cors but 401 Unathorized.