Hi everyone,
After several hours of debugging while integrating with the Maarch RM REST API, I want to share two issues that are not documented and could save others a lot of time.
Issue 1 — 404 with Undefined user command: the User-Agent header is mandatory
Symptom
Every API request returned a 404 with the following error in the response header:
X-Laabs-Exception: Undefined user command for route create recordsManagement/archive
Root cause
Without the User-Agent header set to the correct value, LAABS routes the request to the API (the web UI) instead of processing it as an API call. The expected value matches the SERVICE_CLIENT_TOKEN variable defined in the Apache vhost.conf of the instance.
Fix
Add the following header to every API request:
User-Agent: <value of SERVICE_CLIENT_TOKEN in vhost.conf> default "service"
gives :
User-Agent: service
This requirement does not appear anywhere in the API documentation. It would be very helpful to add it explicitly in the API « Prerequisites » section, with a note that the value depends on the vhost configuration of each instance.
Issue 2 — 401 Unauthorized Missing authentication credential: cookie conflict in Insomnia
Symptom
Despite a valid LAABS-AUTH token, every request returned:
401 Unauthorized - Missing authentication credential
Root cause
Insomnia silently saves cookies received in HTTP responses (such as LAABS-CSRF and other) into its Cookie Jar. If you then manually add LAABS-AUTH as a separate Cookie header, you end up with two distinct Cookie headers in the request. HTTP only supports one Cookie header — the server reads the first one and ignores the second.
As a result, LAABS-AUTH was systematically ignored.
Fix
Watch your Cookie or cancel cookie usage on request.
It would be good that the API do not send cookies.
Hope this saves someone a few hours. Both points would in my opinion be worth adding to the official API documentation.
Best regards