Need Help with Web Requests


1) Give a description of the problem
I’ve been playing around with controlling my Daikin One thermostat via REST API. I’ve successfully have tested my REST API calls via POSTMAN but when I try to recreate it in webcore, I can’t seem to send the proper requests. When I make my “web request” actions, I get "Error executing external web request: Forbidden"

2) What is the expected behaviour?
I should be getting back HTTP status 200 codes with JSON data passed back to me and saved in a variable.

3) What is happening/not happening?
I’m getting forbidden responses back and I am not getting the JSON data I need passed back to me. As mentioned earlier, I can successfully test the API calls in POSTMAN but have not been able to recreate it in webcore successfully. Here is the Daikin One REST API documentation

4) Post a Green Snapshot of the piston!

5) Attach logs after turning logging level to Full
|+0ms|╔Received event [Home].test = 1651522485236 with a delay of 0ms|
|+44ms|║RunTime Analysis CS > 21ms > PS > 11ms > PE > 13ms > CE|
|+47ms|║Runtime (53591 bytes) successfully initialized in 11ms (v0.3.110.20191009) (46ms)|
|+48ms|║╔Execution stage started|
|+53ms|║║Cancelling statement #1’s schedules…|
|+60ms|║║Calculating (string) URL + (string) /v1/token >> (string) URL|
|+76ms|║║Calculating (string) x-api-key: + (string) 8aty1DYvQ…[TRUNCATED] >> (string) x-api-key: 8aty1DYvQ…[TRUNCATED]|
|+81ms|║║Calculating (string) Content-Type: application/json + (string) , >> (string) Content-Type: application/json,|
|+84ms|║║Calculating (string) Content-Type: application/json, + (string) x-api-key: 8aty1DYvQ…[TRUNCATED] >> (string) Content-Type: application/json, x-api-key: 8aty1DYvQ…[TRUNCATED]|
|+92ms|║║Calculating (string) integratorToken: + (string) eyJjdHkiOiJKV…[TRUNCATED]|
|+96ms|║║Sending external web request to: URL|
|+308ms|║║Error executing external web request: Forbidden|
|+310ms|║║Executed virtual command httpRequest (224ms)|
|+316ms|║║Executed virtual command setVariable (3ms)|
|+318ms|║╚Execution stage complete. (270ms)|
|+319ms|╚Event processed successfully (319ms)|


Remove the token from the snapshot, it will be visible when we import your code.


Are you using ‘Send variables’ to form the body? That would use the variable names as the keys and the variable contents as the values and it would all be formatted as JSON for you because that is your content type.

A slight complication might be that the Daikin API doesn’t actually seem to use valid JSON which strictly speaking has double quotes around the key names. Hopefully it accepts valid JSON too.

I can’t tell how you are handling the API key. It should be entered in the Authorization Header box in a fudged way as webCoRE never allowed for arbitrary headers.


Thanks for the tip, done.


here’s a breakdown of my web request

I am indeed using send variables to form the body. I believe I’ve tried to form the header with ’ and " without success but I can try it again if it works on other services.


OK, I believe that the Request body type is actually your content-type header so you don’t need it repeated, but otherwise your Authorization header is fine because it wasn’t as much of a fudge I remembered - the presence of the colon suffices to change the way the box is used.

You should be able to just define variables named email and integratorToken with the basic values and they’ll be formatted as:

      "email": "[email protected]",
      "integratorToken": "blah"


OK, I modified the variables and made sure they only contained the needed values (no extra text). I also removed content type from the authorization header. Here’s the latest version but it’s still producing the same error.


@orangebucket do you have any advice for me after trying your last suggestions?


I think you need to try your script with one of the websites that shows you exactly what request and headers you are sending out.