Open a web form with API from an external web page link

1. What is the problem? Be very detailed.
I’m authenticated as an administrator in CENTRAL.
I want to open the WEBEnketo page of a submission using the APIs, from a LIZMAP web app for example.
I use: https://my_central_server/v1/projects/projectId/forms/xmlFormId/submissions/instanceId/edit
But unfortunately my request resulted a 403.1 error page - "The authentication you provided does not have rights to perform that action."
Yet I’m already authenticated in CENTRAL, in the browser.

2. What app or server are you using and on what device and operating system? Include version numbers.
ODK Central v1.4.1
Mozilla Firefox 96.

3. What you have you tried to fix the problem?
If I press ENTER on my query https://my_central_server/v1/projects/projectId/forms/xmlFormId/submissions/instanceId/edit in the browser address bar, then the WEBEnketo form gets displays correctly.

Question :
Why does the query not work when called directly from another webpage?
What should I do to make this work?

Cordially,

Hi @Rudy! In general, linking to a Central page or endpoint from an external page won't use an existing session. That is, even if you are logged in, the link will not use that login information.

Something similar comes up when an external page links to a Submission's media file. You can't link directly to the API path for the media file; instead, you must link to a separate media download page. That page will prompt for login, then after login will automatically initiate the download. You can find an explanation of that download page in the API docs, as well as the main docs.

As a technical note, the reason why this happens is that Central authenticates in the browser using a cookie. We secure that cookie by restricting its use to Central only. (Specifically, we set SameSite=Strict.)

We are thinking of ways to improve this workflow. In your case, one thing we could consider is a mechanism like the media download page that will prompt for login, then after login will redirect the user to Enketo or to a page that links to Enketo.

For now, you could consider linking to the Submission Details page instead of the API .../edit endpoint. Once you log in, you will see a button to edit the Submission.

Hello,

Thank you @Matthew_White for your prompt response.
The solution of linking to the Submission Detail page in CENTRAL will help me out by passing the instanceID value.
However, when it comes to a submission that has already been edited (existence of a deprecatedID value) this solution becomes very complicated to implement.

I would like you to implement solutions that allow interoperability between CENTRAL/Enketo and external pages. For example, being able to integrate a CENTRAL or Enketo page into the frame of an external page as is done for example with GoogleMap.

However, when it comes to a submission that has already been edited (existence of a deprecatedID value) this solution becomes very complicated to implement.

Could you say more about the complexity that you're encountering? The URL of a Submission Details page uses the original instance ID, not the instance ID of an edit, so as long as you have the original instance ID available, you should be able to use that.

For example, being able to integrate a CENTRAL or Enketo page into the frame of an external page as is done for example with GoogleMap.

What do you mean by integrating Central into the frame of an external page? Do you mean using an iframe to embed Central in your web app? Or do you have something else in mind?