Occasional Contributor I

ClearPass API Authentication

I am new to the ClearPass API, and having issues with the CORS requests.


Using XMLHTTPRequest I have been trying to send a POST request to the ClearPass server but the preflighted OPTIONS request returns a 403 Forbidden.


var xmlhttp = new XMLHttpRequest();

    var url = "https://websitename/api/oauth";


    xmlhttp.onreadystatechange = function () {

        if (this.readyState == 4 && this.status == 200) {



    };"POST", url, true);

    xmlhttp.setRequestHeader("Content-Type", "application/json");


            "grant_type": 'password'

            , "username": username

            , "password": password

            , "client_id": 'NameOfAPIClient'





In API Framework > Allowed Origins

I have tried to specify both * and a specific domain with no luck.  I have created a API client, with a grant_type = password, and set the client as a public (trusted) client.


All the documentation and examples that I have seen use curl to test the clien which bypasses this OPTIONS request issue. Is it possible to make these API calls using just javascript? 

Aruba Employee

Re: ClearPass API Authentication

I am not sure any of us have tried this under JavaScript.  Under what scenario is having the password in the clear like that acceptable?  


You never mentioned that testing via curl or some other CLI tool worked.  Your username and password are OK and you created the appropriate OAuth2 API User Access service within Policy Manager?

Search Airheads
Showing results for 
Search instead for 
Did you mean: