On 16/03/2017 22:27, Vlad Zelenko wrote:
> Hey all. I am evaluating syncope as IMS, and want to test the REST
> API. For starters, I am using Swagger UI to test self-registration.
glad of your interest in Apache Syncope.
> 1. (POST /users/self) When I execute it from the browser, I
> invariably receive CODE 403 with message "Access to the specified
> resource has been forbidden."
Question: what is the value of the 'selfRegistration.allowed'
configuration parameter  in your Syncope deployment? (You can find it
out from Admin Console under Configuration > Parameters).
E.g. was self-registration enabled at all?
When enabled, the "POST /users/self" endpoint requires to be invoked
anonymously, e.g. without any 'Authorization' HTTP header.
Are you sure that you did not populate the username / password fields in
the Swagger UI when attempting the "POST /users/self" invocation?
Use "curl -v" and you will get all the response headers, including
X-Application-Error-Code and X-Application-Error-Info.
More on available REST headers at .
> 3. When I use regular create user in Swagger UI (POST /users) with the
> same UserTO payload (see below), the user is created in syncope, code
> 201 is returned with a Generated Key.
> My question is, what is the correct way of performing
> Self-registration using REST API (I need this for our web
> application?) Losing my mind over this...
It seems - for very valid reasons, I presume - that you are not
interested in the Enduser application  nor in using the Java client
library  for communicating via REST with Core (architectural
reference available at ).
I would invite you anyway to carefully consider all the related security
aspects: you can read from  how we did tackle them in the Enduser