add item to collection by rest api
86 views
Skip to first unread message
Alex B
Mar 4, 2025, 4:35:11 AM3/4/25
to DSpace Technical Support
Dear colleagues, I try to add item to a collection by rest api but I get the following error:
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 10.220.16.19...
* TCP_NODELAY set
* Connected to 10.220.16.19 (10.220.16.19) port 8080 (#0)
> POST /server/api/core/items?owningCollection=7ef17dc4-9504-449b-9417-88a10af447e9 HTTP/1.1
> Host: 10.220.16.19:8080
> User-Agent: curl/7.61.1
> Content-Type: application/json
> Accept: application/json
> Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiJmOWMzMTA1YS1mOTEzLTQxYWItYjUzMy1jNDM2MTIyOGU2MTgiLCJzZyI6W10sImF1dGhlbnRpY2F0aW9uTWV0aG9kIjoicGFzc3dvcmQiLCJleHAiOjE3NDEwNzk2Nzh9.qHJp_DlzTGUNFQQhnw7TdmRO74lkQ0oOiE-7dLGv5Oo
> X-CSRF-TOKEN: 22ca855a-46a2-4f2f-9795-1e2a8ac30bcf
> Content-Length: 260
>
* upload completely sent off: 260 out of 260 bytes
< HTTP/1.1 403
< Vary: Origin
< Vary: Access-Control-Request-Method
< Vary: Access-Control-Request-Headers
* Added cookie DSPACE-XSRF-COOKIE="dfa26213-89c7-4856-a8dc-5d406959f562" for domain 10.220.16.19, path /server, expire 0
< Set-Cookie: DSPACE-XSRF-COOKIE=dfa26213-89c7-4856-a8dc-5d406959f562; Path=/server; HttpOnly; SameSite=Lax
< DSPACE-XSRF-TOKEN: dfa26213-89c7-4856-a8dc-5d406959f562
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Tue, 04 Mar 2025 08:50:52 GMT
<
* Connection #0 to host 10.220.16.19 left intact
{"timestamp":"2025-03-04T08:50:52.775+00:00","status":403,"error":"Forbidden","message":"Access is denied. Invalid CSRF token.","path":"/server/api/core/
* Trying 10.220.16.19...
* TCP_NODELAY set
* Connected to 10.220.16.19 (10.220.16.19) port 8080 (#0)
> POST /server/api/core/items?owningCollection=7ef17dc4-9504-449b-9417-88a10af447e9 HTTP/1.1
> Host: 10.220.16.19:8080
> User-Agent: curl/7.61.1
> Content-Type: application/json
> Accept: application/json
> Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiJmOWMzMTA1YS1mOTEzLTQxYWItYjUzMy1jNDM2MTIyOGU2MTgiLCJzZyI6W10sImF1dGhlbnRpY2F0aW9uTWV0aG9kIjoicGFzc3dvcmQiLCJleHAiOjE3NDEwNzk2Nzh9.qHJp_DlzTGUNFQQhnw7TdmRO74lkQ0oOiE-7dLGv5Oo
> X-CSRF-TOKEN: 22ca855a-46a2-4f2f-9795-1e2a8ac30bcf
> Content-Length: 260
>
* upload completely sent off: 260 out of 260 bytes
< HTTP/1.1 403
< Vary: Origin
< Vary: Access-Control-Request-Method
< Vary: Access-Control-Request-Headers
* Added cookie DSPACE-XSRF-COOKIE="dfa26213-89c7-4856-a8dc-5d406959f562" for domain 10.220.16.19, path /server, expire 0
< Set-Cookie: DSPACE-XSRF-COOKIE=dfa26213-89c7-4856-a8dc-5d406959f562; Path=/server; HttpOnly; SameSite=Lax
< DSPACE-XSRF-TOKEN: dfa26213-89c7-4856-a8dc-5d406959f562
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Tue, 04 Mar 2025 08:50:52 GMT
<
* Connection #0 to host 10.220.16.19 left intact
{"timestamp":"2025-03-04T08:50:52.775+00:00","status":403,"error":"Forbidden","message":"Access is denied. Invalid CSRF token.","path":"/server/api/core/
------------------------------------------------------------------------------------------------
Authorization and receipt of Bearer is successful.
My request:
curl -v -X POST "http://10.220.16.19:8080/server/api/core/items?owningCollection=7ef17dc4-9504-449b-9417-88a10af447e9" \
-b "$COOKIE_FILE" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiJmOWMzMTA1YS1mOTEzLTQxYWItYjUzMy1jNDM2MTIyOGU2MTgiLCJzZyI6W10sImF1dGhlbnRpY2F0aW9uTWV0aG9kIjoicGFzc3dvcmQiLCJleHAiOjE3NDEwNzk2Nzh9.qHJp_DlzTGUNFQQhnw7TdmRO74lkQ0oOiE-7dLGv5Oo" \
-H "X-CSRF-TOKEN: 22ca855a-46a2-4f2f-9795-1e2a8ac30bcf" \
-d @- <<EOF
{
"metadata": {
"dc.title": [
{
"value": "Test Item Title",
"language": "en"
}
],
"dc.contributor.author": [
{
"value": "John Doe",
"language": "en"
}
]
},
"inArchive": true,
"discoverable": true
}
EOF
-b "$COOKIE_FILE" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiJmOWMzMTA1YS1mOTEzLTQxYWItYjUzMy1jNDM2MTIyOGU2MTgiLCJzZyI6W10sImF1dGhlbnRpY2F0aW9uTWV0aG9kIjoicGFzc3dvcmQiLCJleHAiOjE3NDEwNzk2Nzh9.qHJp_DlzTGUNFQQhnw7TdmRO74lkQ0oOiE-7dLGv5Oo" \
-H "X-CSRF-TOKEN: 22ca855a-46a2-4f2f-9795-1e2a8ac30bcf" \
-d @- <<EOF
{
"metadata": {
"dc.title": [
{
"value": "Test Item Title",
"language": "en"
}
],
"dc.contributor.author": [
{
"value": "John Doe",
"language": "en"
}
]
},
"inArchive": true,
"discoverable": true
}
EOF
-----------------------------------------------------------------------------
another request:
curl -v -X POST --data "user=xx%40xx.com&password=xxx" "https://xxx/server/api/authn/login" -H "X-XSRF-TOKEN: {csrf-token}" --cookie "DSPACE-XSRF-COOKIE={csrf-token}"
curl -v -X POST 'https://url/server/api/core/items?owningCollection=acf7c773-f2bb-47e4-8c55-e6e8fd086dec' -H 'X-XSRF-TOKEN: {csrf-token}' --cookie 'DSPACE-XSRF-COOKIE={csrf-token}' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiI1ODg4MzU2NC00ZmFmLTQxY2QtYmY1Ny1iNTJiOWY2M2FhYjIiLCJzZyI6W10sImF1dGhlbnRpY2F0aW9uTWV0aG9kIjoicGFzc3dvcmQiLCJleHAiOjE3NDEwNzU4NTJ9.DMbDPALjb5c8sC20D3rB5fXTC7wr33bCX3DwKB0wDps' -H 'Content-Type:text/uri-list' --data 'item.json'
{
"name": "Practices of research data curation in institutional repositories: A qualitative view from repository staff",
"metadata": {
"dc.contributor.author": [
{
"value": "Stvilia, Besiki",
"language": "en",
"authority": null,
"confidence": -1
}
],
"dc.title": [
{
"value": "Practices of research data curation in institutional repositories: A qualitative view from repository staff",
"language": "en",
"authority": null,
"confidence": -1
}
],
"dc.type": [
{
"value": "Journal Article",
"language": "en",
"authority": null,
"confidence": -1
}
]
},
"inArchive": true,
"discoverable": true,
"withdrawn": false,
"type": "item"
}
"name": "Practices of research data curation in institutional repositories: A qualitative view from repository staff",
"metadata": {
"dc.contributor.author": [
{
"value": "Stvilia, Besiki",
"language": "en",
"authority": null,
"confidence": -1
}
],
"dc.title": [
{
"value": "Practices of research data curation in institutional repositories: A qualitative view from repository staff",
"language": "en",
"authority": null,
"confidence": -1
}
],
"dc.type": [
{
"value": "Journal Article",
"language": "en",
"authority": null,
"confidence": -1
}
]
},
"inArchive": true,
"discoverable": true,
"withdrawn": false,
"type": "item"
}
curl -i -X POST 'https://url/server/api/core/items?owningCollection=acf7c773-f2bb-47e4-8c55-e6e8fd086dec' -H 'X-XSRF-TOKEN: {csrf-token}' --cookie 'DSPACE-XSRF-COOKIE={csrf-token}' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiI1ODg4MzU2NC00ZmFmLTQxY2QtYmY1Ny1iNTJiOWY2M2FhYjIiLCJzZyI6W10sImF1dGhlbnRpY2F0aW9uTWV0aG9kIjoicGFzc3dvcmQiLCJleHAiOjE3NDEwNzU4NTJ9.DMbDPALjb5c8sC20D3rB5fXTC7wr33bCX3DwKB0wDps' -H 'Content-Type:text/uri-list' --data 'item.json'
HTTP/1.1 400
Date: Tue, 04 Mar 2025 07:49:38 GMT
Server: Apache/2.4.37 (Oracle Linux Server) OpenSSL/1.1.1k
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Content-Language: en,ru
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: https://url --
Access-Control-Allow-Methods: GET, POST, OPTIONS, PATCH, DELETE
Access-Control-Allow-Headers: Content-Type, Authorization, x-referrer, x-correlation-id, x-xsrf-token
Access-Control-Allow-Credentials: true
Connection: close
Transfer-Encoding: chunked
{"timestamp":"2025-03-04T07:49:38.658+00:00","status":400,"error":"Bad Request","message":"An exception has occurred","path":"/server/api/core/items"}
HTTP/1.1 400
Date: Tue, 04 Mar 2025 07:49:38 GMT
Server: Apache/2.4.37 (Oracle Linux Server) OpenSSL/1.1.1k
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Content-Language: en,ru
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: https://url --
Access-Control-Allow-Methods: GET, POST, OPTIONS, PATCH, DELETE
Access-Control-Allow-Headers: Content-Type, Authorization, x-referrer, x-correlation-id, x-xsrf-token
Access-Control-Allow-Credentials: true
Connection: close
Transfer-Encoding: chunked
{"timestamp":"2025-03-04T07:49:38.658+00:00","status":400,"error":"Bad Request","message":"An exception has occurred","path":"/server/api/core/items"}
------------------------------------------------------------------
used documentation: https://github.com/DSpace/RestContract/blob/main/items.md
and
curl -i -X POST https://demo.dspace.org/server/api/core/items?owningCollection=1c11f3f1-ba1f-4f36-908a-3f1ea9a557eb \
-H "Content-Type:text/uri-list" \
--data "https://demo.dspace.org/server/api/integration/externalsources/orcid/entryValues/0000-0002-4271-0436"
-H "Content-Type:text/uri-list" \
--data "https://demo.dspace.org/server/api/integration/externalsources/orcid/entryValues/0000-0002-4271-0436"
Help me please. How to add item to collection by rest api?
Best regards,
Alex
DSpace 7.6, REST API 7.6
Alex B
Mar 7, 2025, 3:39:41 PM3/7/25
to DSpace Technical Support
problem solved, issue closed
вторник, 4 марта 2025 г. в 12:35:11 UTC+3, Alex B:
Ari
Mar 18, 2025, 6:16:16 AM3/18/25
to DSpace Technical Support
Alex B, could you share your solution? I also getting 403 errors when trying to create items via rest API no matter what I do.
Reply all
Reply to author
Forward
0 new messages