ECONNREFUSED when trying to use API from another backend

I’m trying to make an api request from another backend (written in Node.js), but everything I try just results in ECONNREFUSED. What am I doing wrong?

const res = await fetch(`${apiUrl}/auth`, {
  headers: {
   'Authorization': `Basic ${base64.encode(username + ":" + password)}`

I’ve tried HTTP and HTTPS, I’ve tried different endpoints, all of them give me the same result.

By contrast, fetching the same URL directly with my browser provides me with a JSON response saying that I’m unauthorized (expected).

Why doesn’t it work when making the request programmatically?

I have this in my config.php, although I’d like to remove that allowInsecure if I can :

'api' => [
  'basicAuth' => true,
  'allowInsecure' => true,

Any thoughts on how to troubleshoot this?

New to Kirby so excuse me if this is a newbie question.

1 Like

Not tried from from Node but i know this works from Nuxt

const headers = {
    Authorization: 'Basic ' + Buffer.from(config.username + ':' + config.password).toString('base64'),
    'Content-Type': 'application/json'

The user name and pword are in the nuxt config, and basiclly the same as what your doing, besides supplying the content type.

Have you tried hitting from a tool like Insomnia?

I know the above the works locally with Kirby allow insecure flag to true. It should be false for live site.

Edit: missed a bit out… the above was using the KQL plugin which gives you alot of power…

You could go that way :slight_smile:

Thanks jimbobrjames,

I am using kql. I tried specifying the Content-Type. I also tried using Buffer.from instead of the base-64 package.

None of this changes anything unfortunately. Still getting FetchError: request to http://localhost:8000/api/auth failed, reason: connect ECONNREFUSED

By the way, the username and password that I’m using correspond to those of a user I create via the panel (localhost:8000/panel) who has the API role.

An admin user account is enough i believe. I used my own login, which is admin, with no roles at all in play, other then out the box. I havent set roles myself at all.

Just spotted something. The url in the fetch request should be


I’ve tried:

  • http:// localhost:8000 /api/auth
  • https:// localhost:8000 /api/auth
  • http:// localhost:8000 /api
  • https:// localhost:8000 /api
    any many more. Which query would you suggest I try first?

Ignore the spaces in the links, it says I can’t post more that 2 links because I’m a newbie…

hmm that’s not the post I quoted in my response… Just ignore the quote, still figuring out how to get this forum to work properly

it should be

That is what the KQL responds to.

See the example in the docs

That’s KQL-specific, though, not standard Kirby API

@shawninder is using the KQL plugin.

I understand, but I’m running Kirby locally for now. Are you saying the API won’t work if it’s on localhost?

It will work but you will likely need to set alow insecure flag in the kirby config. I think you dont need that unless you have working local SSL.

Hi texnixe,

could you give me an example using localhost and the standard Kirby API?

I do have the allowInsecure flag, yet it does not work.

Hrmm… im using Valet without insecure enabled so i can hit the site via projectname.test

I am not using localhost:portnumber urls. I also have allowinsecure enabled in the kirby config.

Oops, totally missed that, sorry.

Can anyone confirm that Kirby’s api just won’t work on localhost? Seems pretty surprising to me since it’s the most common workflow I’ve ever seen. In fact, if this is indeed the case, I think I’ll just ditch Kirby and use something a little more mature…

The API works on localhost.

Not for me. Do you have any open source example I could look at or even better try out locally?