REST API Authentication on client-side requests

user5c3dce335aa316.9 · July 24, 2020, 10:33am

Hello everyone,

I tried searching for an issue similar to mine but nothing came up.

I’m trying to use the GF V2 REST API but something came up while I was exploring it.

This is going to be used in a headless WordPress project, where the frontend will be built using a React framework (Frontity). I want to use Gravity Forms as my forms solutions so I need to use its API.

My plan is to just make a form in React and then onSubmit make the form send the POST request to the form entry endpoint, however, in order to do that, I have to use authentication. And since I’m going to do this with JavaScript, the authentication will be client-side.

I’m trying to figure out a way of hiding the client-side Consumer Key and Consumer Secret. My main concern is that with the credentials that have write permissions (the ones I have to use to submit the entries) someone can use those same credentials do delete entries.

Am I missing something? Any best practices that I should be aware of?

Jake_Jackson · August 3, 2020, 5:20am

I’m pretty sure this endpoint is public and doesn’t require authentication to submit new form entries: https://docs.gravityforms.com/rest-api-v2/#post-forms-form-id-submissions

user5c3dce335aa316.9 · August 3, 2020, 11:32am

Thank you for your suggestion, I actually wasn’t using that endpoint.

I did just try to POST with no authentication and it never works, I always get this response:

{
    "is_valid": false,
    "validation_messages": {
        "1": "This field is required.",
        "2": "This field is required."
    },
    "page_number": 1,
    "source_page_number": 1
}

Even though I’m sending information with the correct field keys in the JSON object.
On my logs, I get this:

2020-08-03 11:28:25.155483 - DEBUG --> GF_REST_Authentication::authenticate(): Running. 
2020-08-03 11:28:25.168237 - DEBUG --> GF_REST_Authentication::perform_basic_authentication(): Running. 
2020-08-03 11:28:25.168459 - ERROR --> GF_REST_Authentication::perform_basic_authentication(): Aborting; credentials not found. 
2020-08-03 11:28:25.168644 - DEBUG --> GF_REST_Authentication::perform_oauth_authentication(): Running. 
2020-08-03 11:28:25.168960 - ERROR --> GF_REST_Authentication::perform_oauth_authentication(): Aborting; OAuth parameters not found.

Which leads me to believe that it does need authentication, what do you think?

chrishajer · August 3, 2020, 11:50am

This response is not about authentication; it’s about missing a required field. Ensure that all the required data is being submitted, or try making the field (not required) and test again (without authentication.) Thank you.

user5c3dce335aa316.9 · August 3, 2020, 11:53am

Well, I tried that already.
If I make the fields not required then I get an error message stating that one of the fields must be filled.
Just for reference, here is the body of my request:

{
    "input_1": "test",
    "input_2": "test@test.com",
    "field_values": "",
    "source_page":  1,
    "target_page":  0
}

chrishajer · August 3, 2020, 6:03pm

That is a different sort of error. You must submit a value in one of the fields, that is true. Why are you not sending any values, whether or not the fields are required?

Topic		Replies	Views
Gravity Forms API 2 JavaScript authentication problems Get Help custom , api , authentication	7	4169	January 4, 2022
V2 Rest form Authentication Get Help authentication , rest-api	1	702	February 19, 2022
Using Oauth 2.0 with GF Get Help webhooks , oauth , gform_webhooks_request_headers	2	24	October 20, 2024
GravityForms Api Get Help gfapi , apiv2 , authentication	2	1045	January 4, 2022
Support REST API by User entries Get Help cosmicgiant , capabilities , advanced-permissions , restapi , donthack , gform_rest_api_capability_get_entries	2	21	September 13, 2024

REST API Authentication on client-side requests

Related topics