I am constructing a chat app in Swift utilizing URLSession. I’ve an authenticated GET request to fetch the present consumer’s pals checklist. The request works completely in Postman utilizing the identical token and URL, however my iOS app persistently returns a 403 with { "element": "Not Authenticated" }.
What I’ve Tried:
- Ensured the Authorization header is included (
Bearer) - Logged the total URL and token — they’re appropriate!
- Verified the backend server is accessible (I can POST efficiently)
- Confirmed the identical GET request with token works positive in Postman
- Allowed insecure HTTP in
Information.plist(server ishttp://52.23.164.179:8000)
My Code:
ContactListVC.swift:
non-public func fetchContacts() {
ContactService.shared.getFriends { [weak self] success, contacts in
guard let self = self else { return }
DispatchQueue.foremost.async {
if success, let contacts = contacts, !contacts.isEmpty {
self.contacts = contacts
self.tableView.reloadData()
} else {
self.contacts = []
self.showEmptyStateIfNeeded()
}
}
}
}
ContactService.swift:
func getFriends(completion: @escaping (Bool, [ChatPartner]?) -> Void) {
guard let request = contactRequest.getFriends() else {
completion(false, nil)
return
}
NetworkService.shared.sendRequest(request, parse: { knowledge in
guard let json = attempt? JSONSerialization.jsonObject(with: knowledge) as? [String: Any],
let dataObject = json["data"] as? [String: Any],
let friendsArray = dataObject["friends"] as? [[String: Any]] else {
return nil
}
return friendsArray.compactMap { ChatPartner(json: $0) }
}) { lead to
swap outcome {
case .success(let companions):
completion(true, companions)
case .failure:
completion(false, nil)
}
}
}
ContactRequest.swift:
func getFriends() -> URLRequest? {
guard let baseURL = BASE_URL else { return nil }
let url = baseURL.appendingPathComponent("pals")
var request = URLRequest(url: url)
request.setValue("Bearer (token ?? "")", forHTTPHeaderField: "Authorization")
request.httpMethod = "GET"
return request
}
NetworkService.swift:
func sendRequest(_ request: URLRequest, parse: @escaping (Knowledge) -> T?, completion: @escaping (End result) -> Void) {
let process = URLSession.shared.dataTask(with: request) { knowledge, response, error in
guard let httpResponse = response as? HTTPURLResponse, let knowledge = knowledge else {
completion(.failure(.invalidResponse))
return
}
swap httpResponse.statusCode {
case 200:
if let outcome = parse(knowledge) {
completion(.success(outcome))
} else {
completion(.failure(.parsingFailed))
}
default:
completion(.failure(.statusCode(httpResponse.statusCode)))
}
}
process.resume()
}
Information.plist:
NSAppTransportSecurity
NSExceptionDomains
52.23.164.179
NSExceptionAllowsInsecureHTTPLoads
NSIncludesSubdomains
NSAllowsArbitraryLoads
Questions:
- Why am I getting a 403 response in iOS however not in Postman with the identical token?
- Is it potential that some lacking headers (e.g. Person-Agent) trigger the API to reject it?
Further Notes:
- I confirmed the request contains the
Authorizationheader by logging it. - I am utilizing an area IP tackle (not HTTPS).
- The token shouldn’t be expired (verified in Postman).
- Listed below are some photographs once I debug: