API - post /experiments not working as expected


#1

Hi Chai Developers!

What do I need to do to create an experiment?

I’ve been working with the API to control the Chai and have successfully for some of the calls. I found there are differences on how the authentication token is passed.

Login

  • gets the authentication_token on success

Get Experiments
Get Experiment
Get Amplification Data

  • passes the token in the request cookie

Get Status

  • passes the token as a query parameter

The use case I haven’t been able to finish is create an experiment from scratch using stored app data.
I expect to do a post /experiments followed by a put /experiments to create and update the experiment.

I’ve used both techniques mentioned to pass the authentication_token and got a 401 Unauthorized message in both cases.

Note: I had to remove base of the url so I could post this message.

I logged in successfully:

POST /login HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Accept-Encoding: gzip, deflate
Content-Length: 67
Host: 10.1.10.134

{“role”:“admin”,“email”:“REDACTED”,“password”:“REDACTED”}

HTTP/1.1 201 Created
Server: nginx/1.2.1
Date: Thu, 31 Aug 2017 20:05:04 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 201 Created
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-UA-Compatible: chrome=1
ETag: "bb732a04aa7306389d17d5f339d92b2f"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: 22a5dfa5-5ca6-40e2-b520-10a35c77d8e6
X-Runtime: 0.579196

3d
{“user_id”:2,“authentication_token”:“ZC8NzMp_bawUzEGURgx9EQ”}
0

Next I attempt to create a new Experiment

POST /experiments HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json; charset=UTF-8
Accept-Encoding: gzip, deflate
Cookie: authentication_token=ZC8NzMp_bawUzEGURgx9EQ
Content-Length: 56
Host: 10.1.10.134

{“experiment”:{“name”:“TEST 2 TEST TEST”,“protocol”:{}}}

HTTP/1.1 401 Unauthorized
Server: nginx/1.2.1
Date: Thu, 31 Aug 2017 20:05:05 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 401 Unauthorized
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-UA-Compatible: chrome=1
Cache-Control: no-cache
X-Request-Id: a615eed1-f0b6-4599-a2e4-f435d8b0f7d8
X-Runtime: 0.067233

15
{“errors”:“login in”}
0

When I do the same using the web app I see an additional cookie set…

POST /experiments HTTP/1.1
Host: 10.1.10.134
Connection: keep-alive
Content-Length: 54
Accept: application/json, text/plain, /
Origin: http://10.1.10.134
X-CSRF-Token: F3aPlW5zqG4CDOtWvwnHmAsu1UJprv6DJ+ZYqUgVK/Q=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
X-Requested-With: XMLHttpRequest
Content-Type: application/json;charset=UTF-8
Referer: http://10.1.10.134/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: authentication_token=zruNv2InjXvNjGHELec5lA; _qpcrctl_session=ZCtpVFJQbGNFNS9xY09xOHJrL3hndWNVYWViUC9sQjBoUkZFaThUYkYwTFl2Q2ozVHJSeCsvQTh3ZzVNVTFQQzdZMTNlbSswYno0b2t0YVJsSkNsMlV3U0NEUldUd2xuaCtmS1RPWFRXeFhOOENzcHBtQVBhbnhrQjJ3cDlWUGNiOXZJcnVnS1FZbDNlT29TOExoUUFxMFlVWFJxSGhob3ZsUGkrYjdzQ3l5aFNISWNwamFma0ZsUzIwWE1SSWRWLS1PTHhETXcrb25nRWRKUGNHaDRFMTh3PT0%3D–b4752dc6bbb75c15b55a1ae416e9462a0f96df00

{“experiment”:{“name”:“TEST TEST TEST”,“protocol”:{}}}

HTTP/1.1 200 OK

Server: nginx/1.2.1
Date: Thu, 31 Aug 2017 19:21:37 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 200 OK

X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-UA-Compatible: chrome=1
ETag: "af8a5b754f649063540382932726a2e8"
Cache-Control: max-age=0, private, must-revalidate
Set-Cookie: _qpcrctl_session=SGJReTNKSERkbldRL3JKeCtRNGlya2xhYjJOTmhkenNHRGxwNnY3OW5oM0JhOS9JU2s4TGZCMjBVMTlLeUYxbXNzWkV6T0VQK09mWHdPVjlpWHFMdVRzN2hJZE02OTVQdkllS09tcldSWjdicUxNUTF0a3NTNWFabWk5YUVCZ0hFcFEwdjZZMllIN2wyZXhRenV0cGorL2FyZG1xdnQyM3ZtaWVONGp5bUVnd2FSTEU4OW9OZzhqellOV2JaSjF3LS1LTUxHczdWajlLTCt4blk4L205ODRnPT0%3D–66ee5f9d1c0df6057bd15b9ec0590cacb6d73781; path=/; HttpOnly
X-Request-Id: b7fc2321-fa4d-437f-ad73-af2e13f7a40b
X-Runtime: 0.836615

508
{“experiment”:{“id”:284,“name”:“TEST TEST TEST”,“time_valid”:true,“started_at”:null,“completed_at”:null,“completion_status”:null,“completion_message”:null,“created_at”:“2017-08-31T19:21:36.831Z”,“type”:“user”,“protocol”:{“id”:255,“lid_temperature”:“110.0”,“estimate_duration”:3527,“stages”:[{“stage”:{“id”:500,“stage_type”:“holding”,“name”:“Holding Stage”,“num_cycles”:1,“auto_delta”:false,“auto_delta_start_cycle”:1,“order_number”:0,“steps”:[{“step”:{“id”:778,“name”:“Initial Denaturing”,“temperature”:“95.0”,“hold_time”:180,“pause”:false,“collect_data”:false,“delta_temperature”:“0.0”,“delta_duration_s”:0,“order_number”:0,“ramp”:{“id”:778,“rate”:“0.0”,“collect_data”:false}}}]}},{“stage”:{“id”:501,“stage_type”:“cycling”,“name”:“Cycling Stage”,“num_cycles”:40,“auto_delta”:false,“auto_delta_start_cycle”:1,“order_number”:1,“steps”:[{“step”:{“id”:779,“name”:“Denature”,“temperature”:“95.0”,“hold_time”:30,“pause”:false,“collect_data”:false,“delta_temperature”:“0.0”,“delta_duration_s”:0,“order_number”:0,“ramp”:{“id”:779,“rate”:“0.0”,“collect_data”:false}}},{“step”:{“id”:780,“name”:“Anneal”,“temperature”:“60.0”,“hold_time”:30,“pause”:false,“collect_data”:true,“delta_temperature”:“0.0”,“delta_duration_s”:0,“order_number”:1,“ramp”:{“id”:780,“rate”:“0.0”,“collect_data”:false}}}]}}]}}}
0


#2

Please use “Authorization: Token ZC8NzMp_bawUzEGURgx9EQ” instead of Cookie header. The cookie is used for browser. For API access, please use Authorization header.

We have forgery protection check if you send cookie header, which requires CSRF token to be validated. For API, please use Authorization header to bypass the CSRF check.

You can use authorization header for GetStatus, start and stop experiments too.

Thanks
Xia


#3

That did the trick, thank you.