I noticed that the local development branch of an app our team uses is not allowing REST API called.
Error: Failed
Epicor: Forbidden
This is odd, as I have never had this issue, and no code on my end has changed. In fact, the same app/codebase is running on another server on the same network and is able to call the REST API without any issues. The Epicor rest API seems to also be working fine when calling from the browser’s swagger UI provided by epicorhosting.
Does anyone know of any recent changes made to the Epicor REST API which could cause issues calling the rest API from a local development instance running in Node.js?
Did your server certificate expire — I do not believe so. I am running the app locally in dev mode (npm run dev), on localhost:3000. Oddly, the app on the server is running the same code, the same way, just with the only difference being the base url is not locahost:3000
Did an API-Key expire? (Although V2 did not exist in 10.1.600) — I do not use an “API” key so to speak. I simply authenticate when calling the API using the login credentials. In that regard, I do not think so.
I think this could be related to issues where my laptop once connected to a virtual ethernet IP address, possibly linked to having podman installed. I removed podman (I was not using it, but it was running in the background), and then I saw the correct local network IP appear when re-running npm run dev.
I am lost as to why the same codebase, with minor changes in .env, is running fine on the same network (different device), but not on my local development instance.
It’s like Epicor’s REST API all of a sudden does not accept my localhost development connection anymore.
Swagger UI and production server REST API calls work fine.
There was a set duplicate credentials keys in our environmental variables, each with different values. This caused an issue where the authentication logic was using the wrong key:value for authentication.
This is weird because the duplicate credentials key seemed to have existing for a while, but only recently caused an issue. This made the bug difficult to find, because I was checking codebase commits thinking code changes were the root cause; not environment variables (for which commits are not tracked).
When I couldn’t find any changes in the code/auth logic, I assumed the issue was caused by changes/updates with the REST API/hosting authentication logic.
The issue seems to have been fixed by removing the duplicate key. Thank you for your help @Mark_Wonsil.