0

I m trying to do a get request from my ionic 4 project but I need to use username and password for it or else I get error 403

here is my code :

  constructor(public httpClient: HttpClient){
    this.items = this.httpClient.get('http://www.fostania.com/api/items/');
this.items.subscribe(data => {
  console.log('my data: ', data);
})
}

Where should i add the username and password for this??

UPDATE

tried to do it like 'http://username:password@www.fostania.com/api/items/'

but still gives me the error 

HttpErrorResponse {headers: HttpHeaders, status: 403, statusText: "Forbidden", url: "http://www.fostania.com/api/items/", ok: false, …}
Ahmed Wagdi
  • 3,913
  • 10
  • 50
  • 116

1 Answers1

3

First and foremost, I wouldn't advise you to use a GET request if you want to include a request body on it.There may be some workarounds, but it probably goes against standard practices. You should be using a POST request instead.

Next, if you are to send sensitive information (such as password) over API requests, it is definitely against security protocols to send plain-text passwords over HTTP. You should be using HTTPS instead, thanks to TLS/SSL encryption.

Use this instead: 

getData() {
  .
  .
  .
  return `this.httpClient.post('https://www.fostania.com/api/items/', requestBody, httpOptions)
    .pipe(
      tap(data => console.log(data))
    );`
}

And on your server side, you will can implement your backend logic, and return the appropriate. response body to the frontend.

I am not an expert in information security, but I have previously read about the practice of sending passwords over HTTPS, and if it is indeed 100% secure. Turns out that there may be certain instances when the attacker can still bypass these protocols. Therefore, some organisations/software teams may practice the hashing or salting of passwords, instead of transmitting the actual password on the request body. You may want to read more about it here! (Credits: @user3299591)

wentjun
  • 40,384
  • 10
  • 95
  • 107