1.8.0-rc1 Xibo API AngularJS HTTP Request 400 Error

Hi guys!, i’m having an issue when trying to authenticate with the xibo API, im performing an angulajs http post to /api/authenticate/access_token , passing client_id , client_secret, and grant_type with content-type header as application/x-www-form-urlencoded to prevent the OPTIONS request, but it gives me a 400 bad request error with this message

            client_id:"DQGcOyXE3GeUnyyMdMbnNAW8GwZDCGe2keN3iUo5",                    client_secret:"RL2SDzLm0byXlUcpAaKyNLo60bl3Ft8Yr8tZinEibr5GeAYUI4Y1tbkT71bG3oH3cWF9Z6LsCWyO69qk59jKxqwFghzy8LdRZxtUgOqMkoVrxBkPIXCmRSsVPH8W7JkP0Zkrlw72GbgoMeEK7sqNTSg4NtIyid6chk9uApyEXXEVKIvnIentZWPETbyGT3GbmkT8CxQ0cnluEqD97UY5vsNvX6c5KmnmcBw8Th8hqEi1hcmXyhrMyuceqVJgnr",

  "error": {
    "message": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"grant_type\" parameter.",
    "code": 400,
    "data": []

as you can see it’s saying that the grant type parameter is missing or wrong, but…it is present in the payload ( checking with console mode ) … so … anyone has a clue? Thanks in advance…

I’d say that this is the problem, you will most likely want to get rid of it and pass it as normal form data without headers.

It’s an educated guess - I tried it with Postman just now to confirm :slight_smile:

Hi Peter, the {headers:{‘Content-Type’:‘application/x-www-form-urlencoded’}} or {headers:{‘Content-Type’:‘text/plain’}} is being added to avoid the preflight OPTIONS request that returns a 404 if I remove the header,and indeed, from postman or performing a jQuery ajax its working well… but performing an XMLHttpRequest from angular doesn’t seems to be working as expected… so im hitting my head against the wall to get this thing working… any other idea?

I can confirm that using urlencoded shouldn’t make any difference, the API will understand that request.

Here is an example working request:

var data = "client_id=GO0JL0R58rSuD09zzMzL5B8Q3PfnfmfD9aGYG5cy&client_secret=pKPEBGpFZsq84EJ4ZivvldCZPAwW5kH4XDvZaJJi6JD0IgQVyWLHgMbid3EQ1O0bjBaHTcWIMjSV2vamRa1V9y6GUTkiSQaswWHrkFfu7FwrzfGBoxdOeO9iZk6Tu5vNJ9ZbZZBPJFxq5fpkyNNrwnWfamKUxLevyspAbfHKwimGQ1RlBLl67faaIeLsHP8xiZtzJ7CBS85KKIWayeiGK4TqphxLNMoNx2DVUqeDIFfQClFQ3WKxBLekyjXvfm&grant_type=client_credentials";

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === 4) {

xhr.open("POST", url+"/api/authorize/access_token");
xhr.setRequestHeader("cache-control", "no-cache");
xhr.setRequestHeader("content-type", "application/x-www-form-urlencoded");


Perhaps it doesn’t like that your parameter names are non-string based (massive long shot)