No luck with that. I did try to change content-type in Postman to application/x-www-form-urlencoded and I got the same error that I’m getting on the System i. So, content-type has to be multipart/form-data in order to work properly in Postman.
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx <ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx>
On Behalf Of Brad Stone
Sent: Wednesday, March 10, 2021 12:19 PM
To: FTPAPI/HTTPAPI mailing list <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Ftpapi] What am I missing?!?!
|
|
[CAUTION] This email originated from outside Core-Mark. Do not click links or open attachments unless you recognize the sender and know the content is safe.
|
It's saying that because you are sending the data as a query string in the URI instead of in the body.
Normally with GET you don't send data in the body.
The request should look like this:
GET /535b2d87-664f-415a-b7fa-fd3f1086d450/oauth2/token HTTP/1.1
Host:
login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id=xxxxxx&client_secret=xxxxxx
It appears in Postman you are using "form-data" instead of "x-www-form-urlencoded" which is why you're seeing the HTTP code you are... with the data separated by boundaries.
I believe you actually should be doing a POST. Now, I use GETURI so I am going to try to put together a post for HTTPAPI:
URL = '';
FormData = 'grant_type=client_credentials'
+ '&client_id=' + %TRIM(ClientID)
+ '&client_secret=' + %Trim(ClientSecret);
rc = http_post(URL:%addr(FormData):%len(%trimr(FormData)):'/tmp/httpauth.json':30)
Give that a shot.
On Wed, Mar 10, 2021 at 11:33 AM Weaver, Corby <corby.weaver@xxxxxxxxxxxxx> wrote:
I am new to Postman. I hope this is what you’re looking for. Code Snippet and select HTTP. From Postman….
GET /535b2d87-664f-415a-b7fa-fd3f1086d450/oauth2/token HTTP/1.1
Host: login.microsoftonline.com
Authorization: Bearer null
Cookie: fpc=AmlHew07s8NFsD-l8jtX0Ief_YrjAQAAANvp2tcOAAAA; stsservicecookie=ests; x-ms-gateway-slice=prod
Content-Length: 398
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
----WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="client_id"
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
----WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="client_secret"
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
----WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="grant_type"
client_credentials
----WebKitFormBoundary7MA4YWxkTrZu0gW
My code:
URL = ''
+ '?grant_type=client_credentials'
+ '&client_id=' + %TRIM(ClientID)
+ '&client_secret=' + %Trim(ClientSecret);
http_xproc( http_point_addl_header: %paddr(AddHeader));
rc = http_req('GET'
: URL
: '/tmp/httpauth.json');
*inlr = *on;
P AddHeader B
D PI
D Header 32767a varying
D CRLF C x'0d25'
Header = 'Authorization: Bearer null' + CRLF;
P E
Httplog
http_long_ParseURL(): entered
do_oper(GET): entered
There are 0 cookies in the cache
GET /535b2d87-664f-415a-b7fa-fd3f1086d450/oauth2/token?grant_type=client_credentials&client_id=XXXXXXXXXXXXXXXXXXXXXXX&client_secret=XXXXXXXXXXXXXXXXXXXXXXXXXX HTTP/1.1
Host: login.microsoftonline.com
User-Agent: http-api/1.43
Authorization: Bearer null
recvresp(): entered
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Length: 150398
Content-Type: text/html; charset=utf-8
In the stmf that comes back, it states the end point is used for POST, OPTIONS. I asked the support staff from Altria about this and the response was “Please make sure the client_id,client_secret&grant_type are sent in the ‘body’ of the call rather than ‘parameters’.”
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx <ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx> On Behalf Of Brad Stone
Sent: Wednesday, March 10, 2021 11:09 AM
To: FTPAPI/HTTPAPI mailing list <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Ftpapi] What am I missing?!?!
[CAUTION] This email originated from outside Core-Mark. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Well, if you have Postman working, post the raw HTTP request from postman, and if HTTPAPI can do a debug to show the exact request made, post that as well and maybe we can tell where the difference is.
On Wed, Mar 10, 2021 at 10:58 AM Weaver, Corby <corby.weaver@xxxxxxxxxxxxx> wrote:
Vendor is Altria. They are using the Microsoft site to issue the authorization token. I would guess that 535b2d87-664f-415a-b7fa-fd3f1086d450 is used for all of their customers to get the token from Microsoft. Once I have the token, I go to another endpoint to get the actual data. This part I’m able to get to work. I just copy and paste the token that I get from Postman into a data area.
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx <ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx> On Behalf Of Brad Stone
Sent: Wednesday, March 10, 2021 10:51 AM
To: FTPAPI/HTTPAPI mailing list <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Ftpapi] What am I missing?!?!
[CAUTION] This email originated from outside Core-Mark. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Is the vendor Microsoft?
Is that your tenant ID (or possibly an example?)
535b2d87-664f-415a-b7fa-fd3f1086d450
On Wed, Mar 10, 2021 at 10:43 AM Weaver, Corby <corby.weaver@xxxxxxxxxxxxx> wrote:
The documentation (attached) is from the vendor.
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx <ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx> On Behalf Of Brad Stone
Sent: Wednesday, March 10, 2021 10:30 AM
To: FTPAPI/HTTPAPI mailing list <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Ftpapi] What am I missing?!?!
[CAUTION] This email originated from outside Core-Mark. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Is that your tenant ID?
535b2d87-664f-415a-b7fa-fd3f1086d450
Is that documentation from Microsoft or someone else? Provide a link if possible.
On Wed, Mar 10, 2021 at 10:19 AM Weaver, Corby <corby.weaver@xxxxxxxxxxxxx> wrote:
This is from the vendor’s documentation…
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx <ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx> On Behalf Of Brad Stone
Sent: Wednesday, March 10, 2021 10:03 AM
To: FTPAPI/HTTPAPI mailing list <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Ftpapi] What am I missing?!?!
[CAUTION] This email originated from outside Core-Mark. Do not click links or open attachments unless you recognize the sender and know the content is safe.
If that was provided by microsoft then you'll want to ask them why your request isn't working. Also, we see a cookie and Authorization header in their example as well.
Where exactly did you get that example? And is that your tenant ID (535b2d87-664f-415a-b7fa-fd3f1086d450)?
On Wed, Mar 10, 2021 at 9:56 AM Weaver, Corby <corby.weaver@xxxxxxxxxxxxx> wrote:
curl --location --request GET 'https://login.microsoftonline.com/535b2d87-664f-415a-b7fa-fd3f1086d450/oauth2/token' \
--header 'Authorization: Bearer null' \
--header 'Cookie: fpc=AsRmKCSoZd5MoZkTHpKLW42f_YrjAQAAALHJ2tcOAAAA' \
--form 'client_id="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"' \
--form 'client_secret="XXXXXXXXXXXXXXXXXXXXXXXXXXx"' \
--form 'grant_type="client_credentials"'
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx <ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx> On Behalf Of Brad Stone
Sent: Wednesday, March 10, 2021 9:38 AM
To: FTPAPI/HTTPAPI mailing list <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Ftpapi] What am I missing?!?!
[CAUTION] This email originated from outside Core-Mark. Do not click links or open attachments unless you recognize the sender and know the content is safe.
A GET doesn't have data in the body of the request, a POST does.
Ask them if they can provide a cURL example that works... or a Postman example.
On Wed, Mar 10, 2021 at 9:32 AM Weaver, Corby <corby.weaver@xxxxxxxxxxxxx> wrote:
I have very little experience with HTML and have followed the examples and suggestions in the forum. However, I am still having some issues. The support staff with the endpoint assure me that this should be a GET.
I am trying to get an authentication token, passing Client ID and Client Secret.
Here is my code:
URL = '';
FormData = 'grant_type=client_credentials'
+ '&client_id=' + %TRIM(ClientID)
+ '&client_secret=' + %Trim(ClientSecret);
http_xproc( http_point_addl_header: %paddr(AddHeader1));
rc = http_req('GET'
: URL
: '/tmp/httpauth.json'
: *Omit
: *Omit
: FormData);
I have also tried:
URL = ''
+ '?grant_type=client_credentials'
+ '&client_id=' + %TRIM(ClientID)
+ '&client_secret=' + %Trim(ClientSecret);
http_xproc( http_point_addl_header: %paddr(AddHeader1));
rc = http_req('GET'
: URL
: '/tmp/httpauth.json');
They have told me that “grant_type”, “client_id”, and “client_secret” need to be in the body of the request. At this point, I am stumped. Any help is greatly appreciated.
Corby Weaver - Core-Mark Midcontinent, Inc.
Iowa Division IT
--
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi--
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi--
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi--
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi--
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi--
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi
