REST API authentication issue

[kanakag]

Hi,

This is my first experience with HTTPAPI.

We do have a REST API exposed in our ESB to validated Blacklisted customers. ESB services requires API key to access. We have written a Java program to access this REST API and it is mentioned below.

Code: Select all

import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.json.simple.JSONObject;
import org.json.simple.JSONValue;

public class AMLNameScreen {

	public static void main(String[] args) {
		
		// Create a trust manager that does not validate certificate chains
		//Trust SSL
		TrustManager[] selfTrustManager = new TrustManager[] {
				new X509TrustManager() {
					
					@Override
					public X509Certificate[] getAcceptedIssuers() {
						return null;
					}
					@Override
					public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
					}
					@Override
					public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
					}
				}
		};
		

		// Install the all-trusting trust manager
		try {
		    SSLContext sc = SSLContext.getInstance("SSL"); 
		    sc.init(null, selfTrustManager, new java.security.SecureRandom()); 
		    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
		    
			//String query="AccountCategory="+URLEncoder.encode("EXT",StandardCharsets.UTF_8.toString())+"&AccountNumber="+URLEncoder.encode("008000102000001",StandardCharsets.UTF_8.toString());
			URL url=new URL("https://dev.apigateway1.seylan.ad:2260/inquiry/customer/customerscanning/1.0/AMLNameScreening");
			
			
			HttpURLConnection conn=(HttpURLConnection)url.openConnection();
			
			conn.setRequestMethod("POST");
			conn.setRequestProperty("api_key", "CQgeMbtWGFLbwPJSf-FOfxDo");
			conn.setRequestProperty("Content-Type", "application/json");
			conn.setRequestProperty("Accept", "application/json");
			conn.setDoOutput(true);
			
			Date date = Calendar.getInstance().getTime();  
            //DateFormat dateFormat = new SimpleDateFormat("yyyymmddhhmmss");  
			DateFormat dateFormat = new SimpleDateFormat("yyyymmddmmss");
            String strDate = dateFormat.format(date);  
			
            String reqId = "EQU"+strDate;
            
			String inputStr = "{ \r\n"
					+ "  \"AMLNameScrnWS_request\": { \r\n"
					+ "    \"Unique_request_id\": \""+reqId +"\", \r\n"
					+ "    \"Black_List_check\": \"Y\", \r\n"
					+ "    \"Customer_database_check\": \"Y\", \r\n"
					+ "    \"Rejected_list_check\": \"Y\", \r\n"
					+ "    \"Employee_database_check\": \"N\", \r\n"
					+ "    \"Name1\": \"smith\", \r\n"
					+ "    \"Name2\": \"john\", \r\n"
					+ "    \"Name3\": \"\", \r\n"
					+ "    \"Name4\": \"\", \r\n"
					+ "    \"Name5\": \"\", \r\n"
					+ "    \"Dob\": \"01-01-1950\", \r\n"
					+ "    \"Doi\": \"01-01-1950\", \r\n"
					+ "    \"Address\": \"\", \r\n"
					+ "    \"Passport_no\": \"\", \r\n"
					+ "    \"Nic_no\": \"\", \r\n"
					+ "    \"Id_number1\": \"\", \r\n"
					+ "    \"Id_number2\": \"\", \r\n"
					+ "    \"Id_number3\": \"\", \r\n"
					+ "    \"Id_number4\": \"\", \r\n"
					+ "    \"Id_number5\": \"\", \r\n"
					+ "    \"Country1\": \"\", \r\n"
					+ "    \"Country2\": \"\", \r\n"
					+ "    \"Country3\": \"\", \r\n"
					+ "    \"Country4\": \"\", \r\n"
					+ "    \"Country5\": \"\", \r\n"
					+ "    \"Remarks\": \"test transaction 123456\" \r\n"
					+ "  } \r\n"
					+ "}";
			

			OutputStream out=conn.getOutputStream();
			out.write(inputStr.getBytes("utf-8"));
			
			int response_code=conn.getResponseCode();
			if(response_code!=200) {
				System.out.println("Failed: HTTP Response Code : "+response_code);
				InputStream instr=new BufferedInputStream(conn.getErrorStream());
				
				BufferedReader reader =new BufferedReader(new InputStreamReader(instr));
				
				String output="";
				System.out.println("Server output:");
				while ((output=reader.readLine())!=null) {
					System.out.println(output);
				}
				
			}
			
			else {
				System.out.println("Success: HTTP Response Code : "+response_code);
				InputStream instr=new BufferedInputStream(conn.getInputStream());
				
				BufferedReader reader =new BufferedReader(new InputStreamReader(instr));
				
				String output="";
				String wsOutput = "";
				System.out.println("Server output:");
				while ((output=reader.readLine())!=null) {
					System.out.println(output);
					wsOutput = wsOutput.concat(output).trim();
				}
			
				Object obj = JSONValue.parse(wsOutput);
				JSONObject jsonObject = (JSONObject) obj;
				
				Object obj_root = jsonObject.get("AMLNameScrnWS_response");
				JSONObject jsonObject_root = (JSONObject) obj_root;
				
				// Status of the call
				Object obj_status = jsonObject_root.get("Status");
				JSONObject jsonObject_status = (JSONObject) obj_status;
				String status_code = (String)jsonObject_status.get("Code");
				String status_desc = (String)jsonObject_status.get("Description");
				
				// AML server response
			
				Object obj_response = jsonObject_root.get("Srv_response");
				JSONObject jsonObject_response = (JSONObject) obj_response;
				String respose_code = (String)jsonObject_response.get("Response");
				
				// AML server message
				Object obj_message = jsonObject_root.get("Srv_response");
				JSONObject jsonObject_message = (JSONObject) obj_message;
				String respose_msg = (String)jsonObject_message.get("Message");
				
				System.out.println(status_code);
				System.out.println(status_desc);
				System.out.println(respose_code);
				System.out.println(respose_msg);
				
			}
			
			
		    
		} catch (GeneralSecurityException e) {
			e.printStackTrace();
		} catch (MalformedURLException e) {
			e.printStackTrace();
		} catch (UnsupportedEncodingException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		} 
		
		
		

	}

}

To achieve the same we have written a sample RPGLE program in order to get connected and validate. The sample RPG code given below.

Code: Select all

     h dftactgrp(*no) actgrp(*CALLER) bnddir('HTTPAPI')
      *
     d/copy qrpglesrc,httpapi_h
      *
     d cmd             pr                  extpgm('QCMDEXC')
     d  command                     200a   const
     d  length                       15p 5 const
      *
     d rc              s             10i 0
     d msg             s             52a
     d fromAddr        s            100a   varying
     d Subject         s            100a   varying
     d message         s           1000a   varying
     d myPointer       s               *
     d dataSize        s             10i 0
     d formData        s          32767a   varying
     d op              s             50a
     d userid          s             32a
     d pass            s             32a
     d Url             s            100a
     d reqId           s             10a
     d cust_name       s             30a
     d dob_4_api       s             10a
      *
     d CRLF            c                   const(x'0D25')
      *
      /free

         http_debug(*on: '/Download/my_httpapi_log.txt');

         userid = 'api_key';
         pass = 'CQgeMbtWGFLbwPJSf-FOfxDo';

         formData = ' ';
         reqId = '1245';
         cust_name = 'smith';
         dob_4_api = '19500101';

         http_setauth(HTTP_AUTH_MD5_DIGEST: userid : pass);

         http_setOption( 'content-type'
                       : 'application/json');
         formData = '{"AMLNameScrnWS_request": +
                      {"Unique_request_id": reqId, +
                                        "Black_List_check": "Y", +
                                        "Customer_database_check": "Y", +
                                        "Rejected_list_check": "Y", +
                                        "Employee_database_check": "N", +
                                        "Name1": cust_name, +
                                        "Name2": " ", +
                                        "Name3": " ", +
                                        "Name4": " ", +
                                        "Name5": " ", +
                                        "Dob": dob_4_api, +
                                        "Doi": " ", +
                                        "Address": " ", +
                                        "Passport_no": " ", +
                                        "Nic_no": " ", +
                                        "Id_number1": " ", +
                                        "Id_number2": " ", +
                                        "Id_number3": " ", +
                                        "Id_number4": " ", +
                                        "Id_number5": " ", +
                                        "Country1": " ", +
                                        "Country2": " ", +
                                        "Country3": " ", +
                                        "Country4": " ", +
                                        "Country5": " ", +
                                        "Remarks": "test transaction 123456" +
                                  } +
                                }';

         Url = 'https://dev.apigateway1.seylan.ad:2260/inquiry/customer/custome+
                rscanning/1.0/AMLNameScreening';

         rc = http_req( 'POST'
                      : %trim(Url)
                      : '/Download/testpost.html'                         // file to receive
                      : *omit                                             // string to receive
                      : *omit                                             // file to send
                      : formData );                                       // string to send

         if rc <> 1;
              msg = http_error();
              dsply msg;
         else;
              cmd('DSPF ''/Download/testpost.html''': 200);
         endif;

         *inlr = *on;

Unfortunately, we get authentication failure. We have changed http_setauth to HTTP_AUTH_BASIC and HTTP_AUTH_MD5_DIGEST but none of them are not working. Since we are new to this and we are clueless now. The generated log is given below.

Code: Select all

HTTPAPI Ver 1.48 released 2023-09-13
NTLM Ver 1.4.0 released 2014-12-22
OS/400 Ver V7R3M0

http_setauth(): entered
http_persist_open(): entered
http_long_ParseURL(): entered
DNS resolver retrans: 2
DNS resolver retry  : 2
DNS resolver options: x'00000136'
DNS default domain: seylan.ad
DNS server found: 10.66.10.11
DNS server found: 10.66.10.12
DNS server found: 10.82.10.11
Nagle's algorithm (TCP_NODELAY) disabled.
SNI hostname set to: dev.apigateway1.seylan.ad
-------------------------------------------------------------------------------------
Dump of server-side certificate information:
-------------------------------------------------------------------------------------
Cert Validation Code = 6000
-----BEGIN CERTIFICATE-----
MIIEojCCA4qgAwIBAgIJAKdL6Mq2+lINMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
VQQGEwJMSzEQMA4GA1UECAwHV2VzdGVybjEQMA4GA1UEBwwHQ29sb21ibzEYMBYG
A1UECgwPU2V5bGFuIEJhbmsgUExDMQ4wDAYDVQQLDAVJVC1TRTEXMBUGA1UEAwwO
aXRzZS5zZXlsYW4uYWQxHjAcBgkqhkiG9w0BCQEWD2l0LXNlQHNleWxhbi5sazAe
Fw0yMDEwMTAwMDAxMjNaFw0zMDEwMDgwMDAxMjNaMH8xCzAJBgNVBAYTAkxLMRAw
DgYDVQQIDAdXZXN0ZXJuMRAwDgYDVQQHDAdDb2xvbWJvMRgwFgYDVQQKDA9TZXls
YW4gQmFuayBQTEMxDjAMBgNVBAsMBUlULVNFMSIwIAYDVQQDDBlkZXYuYXBpZ2F0
ZXdheTEuc2V5bGFuLmFkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
uZMpQGVes3W1LK5MR4YaKvXWONqU2P7F39pZL+5dQDMLj6YYN2Bk7tkf0arkLG4y
LjXPpPnYOBshubygsHidtuPJdi+IPKXUxGs5+0YzOYRa4Bn+tqQQgCbdfKoHySvQ
cVQoquvB+AstpDq0YUPfoN7/cjpfmc7qaDpTEXSdBrlaFI71tECGC1k43NNZWSLf
5xKGAPHMqx5IHLVS5W+zelfYnDiQp9MLF0M5X5q23Pg3hS5Ko5iRpsn9Ca1qOhrt
HRIroKYo85XFtVVeAhuS6MSAnSEx8zMcPEaXk/DCP/i9puR26ccx5x04/amS6YBV
VE8cb8j9v5/UyI1wPPsO5QIDAQABo4IBCTCCAQUwgbMGA1UdIwSBqzCBqKGBmqSB
lzCBlDELMAkGA1UEBhMCTEsxEDAOBgNVBAgMB1dlc3Rlcm4xEDAOBgNVBAcMB0Nv
bG9tYm8xGDAWBgNVBAoMD1NleWxhbiBCYW5rIFBMQzEOMAwGA1UECwwFSVQtU0Ux
FzAVBgNVBAMMDml0c2Uuc2V5bGFuLmFkMR4wHAYJKoZIhvcNAQkBFg9pdC1zZUBz
ZXlsYW4ubGuCCQDg6lNdgPQanzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DA1BgNV
HREELjAsghlkZXYuYXBpZ2F0ZXdheTEuc2V5bGFuLmFkgg9kZXYuYXBpZ2F0ZXdh
eTEwDQYJKoZIhvcNAQELBQADggEBAKDzOhGv5BocBPGVdqVAbY8q9DeQvXzRUitU
pu7XP6SB7S2t9ALJSVTLxlmsBVqb/U3TCQ6JdNp1hNfWwJUwk0u6352CHVgb/p/Z
cpuT732gVyDYNphETkaX9931nsPoXqfdRZ5ZoR52Zv+znoKIaA8hFaj8Dc1L5YaL
F6veaC/4YFD8ZtJpBn0fU6Bb9Fd7RNasCdksdNOaYNiGg+Qh/q23m+uu53qFbSYs
2b7dbczMTDPXTgAvx+wyZsriitC3B80ikBjKoGyVwKfau7Y7hgkjOMhUWO/L0R9I
hmlHtq3xbpqRSNlBUZ9USvZ59vi80kLW9U6WBFlk8yNjJUQc2II=
-----END CERTIFICATE-----
Serial Number: 00:A7:4B:E8:CA:B6:FA:52:0D
Common Name: dev.apigateway1.seylan.ad
Country: LK
State/Province: Western
Locality: Colombo
Org Unit: Seylan Bank PLC
Org: IT-SE
Issuer CN: itse.seylan.ad
Issuer Country: LK
Issuer State/Province: Western
Issuer Locality: Colombo
Issuer Org: Seylan Bank PLC
Issuer Org Unit: IT-SE
Issuer E-Mail: it-se@seylan.lk
Version: 3
not before: 20201010053123
Unknown Field: 05:31:23 10-10-2020
not after: 20301008053123
Unknown Field: 05:31:23 08-10-2030
pub key alg: 1.2.840.113549.1.1.1
signature algorithm: 1.2.840.113549.1.1.11
Unknown Field: 0382010F003082010A0282010100B9932940655EB375B52CAE4C47861A2AF5D638DA94D8FEC5DFDA592FEE5D40330B8FA618376064EED91FD1AAE42C6E322E35CFA4F9D8381B21B9BCA0B0789DB6E3C9762F883CA5D4C46B39FB463339845AE019FEB6A4108026DD7CAA07C92BD0715428AAEBC1F80B2DA43AB46143DFA0DEFF723A5F99CEEA683A5311749D06B95A148EF5B440860B5938DCD3595922DFE7128600F1CCAB1E481CB552E56FB37A57D89C3890A7D30B1743395F9AB6DCF837852E4AA39891A6C9FD09AD6A3A1AED1D122BA0A628F395C5B5555E021B92E8C4809D2131F3331C3C469793F0C23FF8BDA6E476E9C731E71D38FDA992E98055544F1C6FC8FDBF9FD4C88D703CFB0EE50203010001
Unknown Field: 2048
Unknown Field: 70D30AD2BBEB74B29B3359D8DD926262
Unknown Field: 1.2.840.113549.2.5
Unknown Field: 3AC443E1F750B0FC7F1F383F5C68E6491C3DA2DC
Unknown Field: 419A5E563C6AF93F3456AA16B5AB2136F3662CD0AFB33B87A034A274E3A47A04
Unknown Field: 15
Unknown Field: dev.apigateway1.seylan.ad
Unknown Field: 0

Protocol Used: TLS Version 1.2
http_persist_req(POST) entered.
http_long_ParseURL(): entered
http_long_ParseURL(): entered
do_oper(POST): entered
mkdigest(): entered
There are 0 cookies in the cache
POST /inquiry/customer/customerscanning/1.0/AMLNameScreening HTTP/1.1
Host: dev.apigateway1.seylan.ad:2260
User-Agent: http-api/1.48
Content-Type: application/json
Content-Length: 549
Authorization: Digest username="api_key", realm="", nonce="", uri="/inquiry/customer/customerscanning/1.0/AMLNameScreening", response="cbce977886835eccae9ee574553b7d01"


senddoc(): entered
{"AMLNameScrnWS_request": {"Unique_request_id": reqId, "Black_List_check": "Y", "Customer_database_check": "Y", "Rejected_list_check": "Y", "Employee_database_check": "N", "Name1": cust_name, "Name2": " ", "Name3": " ", "Name4": " ", "Name5": " ", "Dob": dob_4_api, "Doi": " ", "Address": " ", "Passport_no": " ", "Nic_no": " ", "Id_number1": " ", "Id_number2": " ", "Id_number3": " ", "Id_number4": " ", "Id_number5": " ", "Country1": " ", "Country2": " ", "Country3": " ", "Country4": " ", "Country5": " ", "Remarks": "test transaction 123456" } }
recvresp(): entered
HTTP/1.1 401 Unauthorized
Date: Thu, 30 Nov 2023 02:08:06 GMT
Access-Control-Allow-Methods: GET,PUT,POST,DELETE
Access-Control-Allow-Headers: Content-Type, api_key, Authorization, Accept, DNT, Referer
Access-Control-Allow-Credentials: FALSE
Content-Type: application/json
Connection: close
Server: Jetty(9.2.14.v20151106)


SetError() #13: HTTP/1.1 401 Unauthorized
recvresp(): end with 401
recvdoc parms: identity 0
SetError() #36: This page requires a user-id & password
header_load_cookies() entered
recvdoc(): entered
SetError() #0:
recvdoc(): No content-length: receiving until disconnect
{
  "ErrorMessage" : "The subscription corresponding to the key apikey is invalid",
  "ErrorCode" : "Invalid Subscription",
  "MoreInfo" : "Policy Name - Verify API Key, Type - VERIFY_API_KEY"
}
SetError() #44: CommTCP_read: Socket has been shut down.
SetError() #36: This page requires a user-id & password
http_close(): entered

Kindly help us on how to achieve this based on the java code mentioned above.

Thank you in advance.

[Scott Klement]

I'm not familiar with the Java code. What does this line of code do?

Code: Select all

conn.setRequestProperty("api_key", "CQgeMbtWGFLbwPJSf-FOfxDo");

Several other calls to the setRequestProperty method seem to be setting HTTP headers. "api_key" is not a standard HTTP header, though -- but, is that what it's doing? Setting a header named "api_key"? (If so, why the heck is the method called 'set request property' instead of 'set header' that's really confusing.)

At any rate, I don't see any Java code that's setting basic or digest authentication... I can't imagine setRequestProperty does that, does it? Why are you coding basic or digest auth in RPG?

[kanakag]

Hi Scott,

Thank you for the prompt reply.

I'm not familiar with the Java code. What does this line of code do?

Code: Select all

conn.setRequestProperty("api_key", "CQgeMbtWGFLbwPJSf-FOfxDo");

It is for api authentication key. Basically it is a header. Futher, 'SetHeader' method is not available in referred class.

Please refer below cURL command.

Code: Select all

curl -H "api_key:STEyBYYIgTIdHqtNnfGGZwsP" -v https://dev.apigateway1.seylan.ad:2260/Inquiry/Account/AccountInquiry/1.0/GetAccountBalance?"AccountCategory=EXT&AccountNumber=003000170015001"

As mentioned in you comment I've added a custom header to the code.

Code: Select all

     **free
         ctl-opt dftactgrp(*no) actgrp(*CALLER) bnddir('HTTPAPI');

         /copy qrpglesrc,httpapi_h

         dcl-pr cmd extpgm('QCMDEXC');
              command char(200) const;
              length packed(15:5) const;
         end-pr;

         dcl-s rc int(10:0);
         dcl-s msg char(52);
         dcl-s fromAddr varchar(100);
         dcl-s Subject varchar(100);
         dcl-s message varchar(1000);
         dcl-s dataSize int(10:0);
         dcl-s formData varchar(32767);
         dcl-s op char(50);
         dcl-s userid char(32);
         dcl-s pass char(32);
         dcl-s Url char(100);
         dcl-s reqId char(10);
         dcl-s cust_name char(30);
         dcl-s dob_4_api char(10);

         dcl-c CRLF const(x'0D25');

         // main coutine

         http_debug(*on: '/Download/my_httpapi_log.txt');

         http_xproc(HTTP_POINT_ADDL_HEADER: %paddr(AddHeaders));

         formData = ' ';
   
         http_setauth(HTTP_AUTH_NONE: '' : '');

         http_setOption ( 'network-ccsid' : '1208' );
         http_setOption( 'content-type'
                       : 'application/json');
         http_setOption( 'accept'
                       : 'application/json');
         formData = '"AccountCategory=EXT+
                      &AccountNumber=003000170015001"';

         Url = 'https://dev.apigateway1.seylan.ad:2260/Inquiry/Account/AccountI+
                nquiry/1.0/GetAccountBalance?'+formData;

         rc = http_req( 'GET'
                      : %trim(Url)
                      : '/Download/testpost.html'                         // file to receive
                      : *omit                                             // string to receive
                      : *omit                                             // file to send
                      : *omit                                             // string to send
                      : 'application/json');

         if rc <> 1;
              msg = http_error();
              dsply msg;
         else;
              cmd('DSPF ''/Download/testpost.html''': 200);
         endif;

         http_xproc(HTTP_POINT_ADDL_HEADER: *NULL);

         *inlr = *on;

         dcl-proc AddHeaders;
          dcl-pi *n ;
               ApiKey varchar(32767);
          end-pi;

          ApiKey = '"api_key:STEyBYYIgTIdHqtNnfGGZwsP"' + x'0d25';
           
         end-proc;

Still I'm unable to receive the payload. Please refer below log.

Code: Select all

HTTPAPI Ver 1.48 released 2023-09-13
NTLM Ver 1.4.0 released 2014-12-22
OS/400 Ver V7R3M0

http_setauth(): entered
New iconv() objects set, PostRem=1208. PostLoc=0. ProtRem=819. ProtLoc=0
http_persist_open(): entered
http_long_ParseURL(): entered
DNS resolver retrans: 2
DNS resolver retry  : 2
DNS resolver options: x'00000136'
DNS default domain: seylan.ad
DNS server found: 10.66.10.11
DNS server found: 10.66.10.12
DNS server found: 10.82.10.11
Nagle's algorithm (TCP_NODELAY) disabled.
SNI hostname set to: dev.apigateway1.seylan.ad
-------------------------------------------------------------------------------------
Dump of server-side certificate information:
-------------------------------------------------------------------------------------
Cert Validation Code = 6000
-----BEGIN CERTIFICATE-----
MIIEojCCA4qgAwIBAgIJAKdL6Mq2+lINMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
VQQGEwJMSzEQMA4GA1UECAwHV2VzdGVybjEQMA4GA1UEBwwHQ29sb21ibzEYMBYG
A1UECgwPU2V5bGFuIEJhbmsgUExDMQ4wDAYDVQQLDAVJVC1TRTEXMBUGA1UEAwwO
aXRzZS5zZXlsYW4uYWQxHjAcBgkqhkiG9w0BCQEWD2l0LXNlQHNleWxhbi5sazAe
Fw0yMDEwMTAwMDAxMjNaFw0zMDEwMDgwMDAxMjNaMH8xCzAJBgNVBAYTAkxLMRAw
DgYDVQQIDAdXZXN0ZXJuMRAwDgYDVQQHDAdDb2xvbWJvMRgwFgYDVQQKDA9TZXls
YW4gQmFuayBQTEMxDjAMBgNVBAsMBUlULVNFMSIwIAYDVQQDDBlkZXYuYXBpZ2F0
ZXdheTEuc2V5bGFuLmFkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
uZMpQGVes3W1LK5MR4YaKvXWONqU2P7F39pZL+5dQDMLj6YYN2Bk7tkf0arkLG4y
LjXPpPnYOBshubygsHidtuPJdi+IPKXUxGs5+0YzOYRa4Bn+tqQQgCbdfKoHySvQ
cVQoquvB+AstpDq0YUPfoN7/cjpfmc7qaDpTEXSdBrlaFI71tECGC1k43NNZWSLf
5xKGAPHMqx5IHLVS5W+zelfYnDiQp9MLF0M5X5q23Pg3hS5Ko5iRpsn9Ca1qOhrt
HRIroKYo85XFtVVeAhuS6MSAnSEx8zMcPEaXk/DCP/i9puR26ccx5x04/amS6YBV
VE8cb8j9v5/UyI1wPPsO5QIDAQABo4IBCTCCAQUwgbMGA1UdIwSBqzCBqKGBmqSB
lzCBlDELMAkGA1UEBhMCTEsxEDAOBgNVBAgMB1dlc3Rlcm4xEDAOBgNVBAcMB0Nv
bG9tYm8xGDAWBgNVBAoMD1NleWxhbiBCYW5rIFBMQzEOMAwGA1UECwwFSVQtU0Ux
FzAVBgNVBAMMDml0c2Uuc2V5bGFuLmFkMR4wHAYJKoZIhvcNAQkBFg9pdC1zZUBz
ZXlsYW4ubGuCCQDg6lNdgPQanzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DA1BgNV
HREELjAsghlkZXYuYXBpZ2F0ZXdheTEuc2V5bGFuLmFkgg9kZXYuYXBpZ2F0ZXdh
eTEwDQYJKoZIhvcNAQELBQADggEBAKDzOhGv5BocBPGVdqVAbY8q9DeQvXzRUitU
pu7XP6SB7S2t9ALJSVTLxlmsBVqb/U3TCQ6JdNp1hNfWwJUwk0u6352CHVgb/p/Z
cpuT732gVyDYNphETkaX9931nsPoXqfdRZ5ZoR52Zv+znoKIaA8hFaj8Dc1L5YaL
F6veaC/4YFD8ZtJpBn0fU6Bb9Fd7RNasCdksdNOaYNiGg+Qh/q23m+uu53qFbSYs
2b7dbczMTDPXTgAvx+wyZsriitC3B80ikBjKoGyVwKfau7Y7hgkjOMhUWO/L0R9I
hmlHtq3xbpqRSNlBUZ9USvZ59vi80kLW9U6WBFlk8yNjJUQc2II=
-----END CERTIFICATE-----
Serial Number: 00:A7:4B:E8:CA:B6:FA:52:0D
Common Name: dev.apigateway1.seylan.ad
Country: LK
State/Province: Western
Locality: Colombo
Org Unit: Seylan Bank PLC
Org: IT-SE
Issuer CN: itse.seylan.ad
Issuer Country: LK
Issuer State/Province: Western
Issuer Locality: Colombo
Issuer Org: Seylan Bank PLC
Issuer Org Unit: IT-SE
Issuer E-Mail: it-se@seylan.lk
Version: 3
not before: 20201010053123
Unknown Field: 05:31:23 10-10-2020
not after: 20301008053123
Unknown Field: 05:31:23 08-10-2030
pub key alg: 1.2.840.113549.1.1.1
signature algorithm: 1.2.840.113549.1.1.11
Unknown Field: 0382010F003082010A0282010100B9932940655EB375B52CAE4C47861A2AF5D638DA94D8FEC5DFDA592FEE5D40330B8FA618376064EED91FD1AAE42C6E322E35CFA4F9D8381B21B9BCA0B0789DB6E3C9762F883CA5D4C46B39FB463339845AE019FEB6A4108026DD7CAA07C92BD0715428AAEBC1F80B2DA43AB46143DFA0DEFF723A5F99CEEA683A5311749D06B95A148EF5B440860B5938DCD3595922DFE7128600F1CCAB1E481CB552E56FB37A57D89C3890A7D30B1743395F9AB6DCF837852E4AA39891A6C9FD09AD6A3A1AED1D122BA0A628F395C5B5555E021B92E8C4809D2131F3331C3C469793F0C23FF8BDA6E476E9C731E71D38FDA992E98055544F1C6FC8FDBF9FD4C88D703CFB0EE50203010001
Unknown Field: 2048
Unknown Field: 70D30AD2BBEB74B29B3359D8DD926262
Unknown Field: 1.2.840.113549.2.5
Unknown Field: 3AC443E1F750B0FC7F1F383F5C68E6491C3DA2DC
Unknown Field: 419A5E563C6AF93F3456AA16B5AB2136F3662CD0AFB33B87A034A274E3A47A04
Unknown Field: 15
Unknown Field: dev.apigateway1.seylan.ad
Unknown Field: 0

Protocol Used: TLS Version 1.2
http_persist_req(GET) entered.
http_long_ParseURL(): entered
http_long_ParseURL(): entered
do_oper(GET): entered
There are 0 cookies in the cache
GET /Inquiry/Account/AccountInquiry/1.0/GetAccountBalance?"Account HTTP/1.1
Host: dev.apigateway1.seylan.ad:2260
User-Agent: http-api/1.48
Accept: application/json
"api_key:STEyBYYIgTIdHqtNnfGGZwsP"


recvresp(): entered
HTTP/1.1 401 Unauthorized
Date: Fri, 01 Dec 2023 07:11:08 GMT
Access-Control-Allow-Methods: GET,PUT,POST,DELETE
Access-Control-Allow-Headers: Content-Type, api_key, Authorization, Accept, DNT, Referer
Access-Control-Allow-Credentials: FALSE
Content-Type: application/json
Connection: close
Server: Jetty(9.2.14.v20151106)


SetError() #13: HTTP/1.1 401 Unauthorized
recvresp(): end with 401
recvdoc parms: identity 0
SetError() #36: This page requires a user-id & password
header_load_cookies() entered
recvdoc(): entered
SetError() #0:
recvdoc(): No content-length: receiving until disconnect
{
  "ErrorMessage" : "The subscription corresponding to the key apikey is invalid",
  "ErrorCode" : "Invalid Subscription",
  "MoreInfo" : "Policy Name - Verify API Key, Type - VERIFY_API_KEY"
}
SetError() #44: CommTCP_read: Socket has been shut down.
SetError() #36: This page requires a user-id & password
http_close(): entered

[Scott Klement]

I would suggest removing the extra quotes from the formData and ApiKey variables. These would not be included in either the Java or Curl exxamples. (In Java, the double quote " characters do what the single quote ' characters do in RPG. In curl, they are just used to prevent special characters from being handled by the shell.)

Code: Select all

         formData = 'AccountCategory=EXT+
                      &AccountNumber=003000170015001';

Code: Select all

ApiKey = 'api_key: STEyBYYIgTIdHqtNnfGGZwsP' + x'0d25';

[kanakag]

Hi Scott,

Thank you for the guidance. Now we are able to receive the payload from the API.

Have a wonderful weekend.