How can I send a POST request to start a password reset flow using axios

Question

I'm implementing the Forgot password feature using truevault API. Now, I've been testing the requests following the flow with Postman, and it works, but, when I started coding using axios, it keeps throwing issues about authentication. I've tried several combinations (logical ones, not just random craziness).

Also, worth mentioning that I was able to list my truevault users from UI (not only postman), and tried to mimic the same principle to the post request, but it didn't work

Here is the postman request that worked for me:

• for the url request, method is: POST
• url: https://api.truevault.com/v1/password_reset_flows
• For the Authorization tab, I filled the "username" field with the truevault user API Key, and left the "password" field empty
• And the "Body" tab, I filled it with a Json text, and for radio button options, I selected raw, and picked json as the format. (these are the only tabs being used)

The json body is as follow

{
   "name":"XXXXX password reset",
   "sg_template_id":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXcf42",
   "sg_api_key":"XX.XXXXXXXXXXXXXXXXXXXXXX.XXXXXX_XXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXZftJo",
   "user_email_value_spec":{
      "system_field":"username"
   },
   "from_email_value_spec":{
      "literal_value":"do-not-reply@XXXXXX.com"
   },
   "substitutions":{
      "{{FIRST_NAME}}":{
         "user_attribute":"first_name"
      }
   }
}

And the result was successful,

Now, when I tried with axios, I kept getting the auth error. Code is as follows:

createPasswordResetFlow()
{
    axios.defaults.headers.common["Authorization"] = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX27"; //tv user API KEY
    axios.defaults.headers.post["Content-Type"] = "application/json";


    var request = axios.post("https://api.truevault.com/v1/password_reset_flows",
        {
            auth:
            {
                username: 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX27',
                password: ""
            },
            data:
            {
                "name": "XXXXX password reset",
                "sg_template_id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXcf42",
                "sg_api_key": "XX.XXXXXXXXXXXXXXXXXXXXXX.XXXXXX_XXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXZftJo",
                "user_email_value_spec":
                {
                    "system_field": "username"
                },
                "from_email_value_spec":
                {
                    "literal_value": "do-not-reply@XXXXXX.com"
                },
                "substitutions":
                {
                    "{{FIRST_NAME}}":
                    {
                        "user_attribute": "first_name"
                    }
                }
            }
        })
        .then((res) =>
        {
            console.log(res);

            return res.data.users;
        })
        .catch(error =>
        {
            console.log('error', error);
            return error;
        });
}

As mentioned also earlier, I've been researching and trying, but to no avail, if someone could help me please.

Answer 1

There are two issues with the JS code you shared which are causing the problem:

1. The line where you set the default Auth header looks like this: axios.defaults.headers.common["Authorization"] = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX27"; //tv user API KEY. Note that the Authorization header is being set to the API key, not an HTTP Basic Auth header value. If you want to set the default auth header this way, you need to set it to base64(API_KEY:) rather than just API_KEY.

2. According to the axios docs the post method has the signature .post(url, data, config). As a result, your code is POSTing a JSON object that looks like {auth: ..., data: ...}.

Try removing the line where you set the authorization header, and changing the post call to look something like this:

axios.post("https://api.truevault.com/v1/password_reset_flows",
        {
                "name": "XXXXX password reset",
                "sg_template_id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXcf42",
                "sg_api_key": "XX.XXXXXXXXXXXXXXXXXXXXXX.XXXXXX_XXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXZftJo",
                "user_email_value_spec":
                {
                    "system_field": "username"
                },
                "from_email_value_spec":
                {
                    "literal_value": "do-not-reply@XXXXXX.com"
                },
                "substitutions":
                {
                    "{{FIRST_NAME}}":
                    {
                        "user_attribute": "first_name"
                    }
                }
            }
        }, {
                username: 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX27',
                password: ""
            })