REST API authentication?

I’m currently trying to make a REST API with a knime workflow deployed in AWS.

However, each time I call the REST, there is a weird dialogue asking for authentication.

Since it is just a workflow which works with the SQL server, I feel there is no need for user’s authentication.

Is there a way or two to get around this?

1 Like

Sounds like you’re trying the REST call via the browser? You need to pass the authentication details along with the REST call. You can do that by either first logging into the WebPortal in the same browser, or by explicitly adding the basic auth (or a JWT) along with the request.

e.g. curl -u ‘knime-rest-user:knockknock’ -i https://localhost:8080/com.knime.enterprise.server/rest

where username is kniem-rest-user
and password is knockknock

I tried to add basic auth through postman, and then it would return a message saying :

http://localhost:8080’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”

Is there a way to change this CORS setting in knime AWS server?

I have a suspicion that this problem manifests with the ‘browser-based’ Postman version, but not the Desktop Postman application. Is it possible to try with the desktop version?

The postman version I am currently using as of now is the desktop based version where you have to actually install.

I should add, that it is possible to modify CORS policies, e.g. to add specific allowed origins. But it’s probably not needed if you can use the desktop app.

Wow really? Is it for the postman, or for the AWS server-side?
Its my first time doing this REST API thing, so please understand that I might sound like a total beginner.

Hey there,

I’m a little confused that you’re seeing this message from the desktop Postman application. Usually this message will be returned if you were making a request to the server via, for instance, javascript running locally and executing in your browser. This error comes from a browser like Chrome attempting to prevent malicious code from hijacking requests.

Could you explain in a little more detail exactly how you are calling the KNIME Server?


I’m trying to call through an ajax call. Does this involve the browser (chrome, IE etc)

Ironically enough, this problem was not there with the browser postman. Instead, it happened on the native postman.

Also, is there a way to configure Access-Control-Allow-Origin in the KNIME server?

It’s definitely possible to modify the Access-Control-Allow-Origin header. The link that Jon provided above will allow you to configure this within the TomEE server that the KNIME Server is running on.

With regards to the ajax call, it’s still a little unclear how you’re making these requests. Are you writing javascript or python or some other kind of script? I’m guessing if that is the case then your browser must be involved somehow as there needs to be a javascript engine running somewhere and Postman doesn’t come bundled with one. A screenshot of your Postman setup or some other more detailed description would really help me to understand your problem a little more.


Here’s the psotman setup.

As it is a relatively simple call that I must just set the workflow work, I made it like this.

There’s the authorization header as well.

Thanks. Long time, no discussion (cos I have been away doing something else)

Hi @jwyrocks,

I’ve deleted the screenshot as there was a key shown openly.

I think what @rene.damyon was particulary interested in was URL with query parameters and the request headers. Please share them with us (except for authorization info).


well now I managed to get the REST API up, and I have been using the information given in the swagger API other than the authorization. However, it keeps on throwing me a CORS error.

The header except the authorization bits are as follows :

‘accept’: ‘application/vnd.mason+json’,‘cache-control’: “no-cache”,

According to what rene said, I guess my best bet is go into the SSH and tweak some info related to CORS, right?

If you’re not comfortable with SSH and modifying config files then I would first suggest trying out another non-browser based REST client.
I would recommend Insomnia or Advanced REST Client

I would be surprised if you are still seeing this messages from one of these clients and if that’s the case then there is a different problem going on here. Possibly something unusual with your network configuration or proxies.

Editting the configuration to remove the CORS problem would also work if you are happy with that, we can also provide more assistance there if the link above isn’t informative enough.

Apologies that this has taken a while to resolve for you, it’s not something we’ve been able to reproduce ourselves, my own version of postman does not show this error (and as far as I’m aware, can’t produce this error).


1 Like

By the way, thank you so much. I’ve just now finished this CORS authorization issue. Now the JDBC is raising another issue.

Thank you so much for your help. Thanks to you, I’ve got this issue resolved!