I’ve found a few other posts with questions about the API and getting 404 errors but I think most of these were caused by confusion between the API key and the API token which is not the source of my problem. My goal is to use the API to retrieve data only using the API token but I’ve not been able to do this so far.
I’m running OJS 3.1.1.2 and trying to use the API with an API token for a user with journal manager role. My initial attempts to access the API (requesting a URL via curl, wget, in a browser, etc) without a logged in session always produces a 404 error. To try to pinpoint the source of the error, I tested the following scenarios with combinations of logged in/out with token/without token/ with invalid token in a web browser:
- Access https://example.com/test2/api/v1/submissions - logged in, I get the expected JSON results.
- Access https://example.com/test2/api/v1/submissions/?apiToken=my_token_123 - I also get the expected JSON results (when still logged into the same browser session)
- Access https://example.com/test2/api/v1/submissions/?apiToken=my_token_123 - when NOT logged in I get a 404 error but I expected the token to authorize access to the URL
- Access https://example.com/test2/api/v1/submissions/?apiToken=my_token_WRONG - when logged in but with an intentionally incorrect API token I get a 404 error which isn’t surprising, but seems to suggest that in the case of #2 (logged in and using a correct token) the authentication is based on the session cookie but the token is still being read and validated and if it’s incorrect (even if logged in) the 404 error is produced as in #4.
So I feel like the URLs are constructed correctly but for some reason the API token isn’t providing access to the resource I’m requesting. Any suggestions?