Server using a single key authentication

Discussions related to HTTPAPI (An HTTP Client Package for RPG programming.) http://www.scottklement.com/httpapi/
Post Reply
Paul C
Posts: 13
Joined: Fri Nov 25, 2022 6:38 am

Server using a single key authentication

Post by Paul C »

I was trying to use http_auth_basic which we provide user Id and password but now learning that the server I need get to is using a single key authentication. They say to use postman but how do I still use RPGLE to send my json request to the server? Thanks.
jonboy49
Posts: 112
Joined: Wed Jul 28, 2021 8:18 pm

Re: Server using a single key authentication

Post by jonboy49 »

Postman is a tool mainly to help test web service calls. Certainly you can use it to confirm the header requirements but it is not really for production. You can do the same stuff with HTTPAPI that you can do with Postman. They just need to show you what kind of authentication header they need you to send.
Paul C
Posts: 13
Joined: Fri Nov 25, 2022 6:38 am

Re: Server using a single key authentication

Post by Paul C »

They gave me an authentication key which is a very long string looking like encrypted information and it is not a user id and password that I am trying to use in http_auth_basic. What tool in httpapi can I use instead in my case? Thanks
jonboy49
Posts: 112
Joined: Wed Jul 28, 2021 8:18 pm

Re: Server using a single key authentication

Post by jonboy49 »

You've told us you have a key - but not how it is to be sent.

How did they tell you to use it in postman? That will tell you the format it is to be sent in.
Paul C
Posts: 13
Joined: Fri Nov 25, 2022 6:38 am

Re: Server using a single key authentication

Post by Paul C »

They say to use POSTMAN to see how to get connectivity setup but as far as how it can be used in my RPGLE with HTTPAPI, they wouldn't know.
I tried using http_auth_bearer and http_auth_usrdfn and it is still not working. here is a snip it of the coding:

http_setAuth(HTTP_AUTH_USRDFN
: ' '
: '%3c%3fxml+version%3d%221.0%22+encoding%3d%22utf-16 ..... ');

url = 'https://cpmwatestweb.xxxxxxxx.com:1234/'
+'xxxxxxREST/api/xxxxxxAdvantage';

monitor;
response = http_string('GET':URL:REQUEST:'application/json/');
on-error;
HTTPCODE = http_error(ERRNUM:STATUS);
endmon;

SetError() #7: Timeout occurred while trying to connect to server!
jonboy49
Posts: 112
Joined: Wed Jul 28, 2021 8:18 pm

Re: Server using a single key authentication

Post by jonboy49 »

jonboy49 wrote: Tue Nov 29, 2022 5:00 pm You've told us you have a key - but not how it is to be sent.

How did they tell you to use it in postman? That will tell you the format it is to be sent in.
I can only repeat what I said before. You still haven't said how they told you to use Postman. Did they give you a swagger document?

Just as an example - I use the Zoom APIs - they require that I supply a JWT as a Bearer token. It is passed as a header via the http_xproc API. In order to code this Zoom had to tell me that a) It had to be an "authorization" header and b) That the type was to be "Bearer". THAT is the info you need - and you would need it for Postman or Insomnia or ....

This is the header I use - it is created by calling my own GetJWTKey API and appending the key to the 'Bearer ' keyword.

authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOm51bGwsImlzcyI6Ii1uQ1Y3cTRRU2FPWkVTUXdSTnFoc0EiLCJleHAiOjE2NjE3MDY0OTIsImlhdCI6MTY2MTcwMTA5Mn0.CX1YY3PKMT_wTxzolhMKmKkEjBTkwF59s3CJk9P7pLs

And to set that I use http_xproc to register my header routine and then when httpAPI calls my routine it just adds the data.

Code: Select all

authorizationToken = 'Bearer ' + GetJWTKey();

http_xproc( HTTP_POINT_ADDL_HEADER
      : %paddr(addSpecialHeaders)
      : %addr(authorizationToken) );
             
.....
   
Dcl-Proc addSpecialHeaders;
Dcl-Pi *N;
   headersToAdd    Varchar(32767);
   var             like(authorizationToken) const;
End-Pi;

Dcl-c  CRLF  x'0d25';

   headersToAdd = 'authorization: ' + var + CRLF;

End-Proc;
Paul C
Posts: 13
Joined: Fri Nov 25, 2022 6:38 am

Re: Server using a single key authentication

Post by Paul C »

I will need to schedule a meeting with the guy who said I need to you postman to get a more understand of the requirement. I have downloaded postman. Now I just need to get educated on how it is used. I believe it is to help set up an authentication ticket to the server that I am trying to connect to, then perhaps I can use this ticket to apply it to the httpapi to connect to that server which is what I am not clear on the rest of the setup.

and sound like you are saying the authentication ticket need to be appended to the Bearer keyword. They are using key/authenticationTicket

I will study your notes below.
Paul C
Posts: 13
Joined: Fri Nov 25, 2022 6:38 am

Re: Server using a single key authentication

Post by Paul C »

In the Postman tool after we can confirm the header requirement and from where we get the authenticationTicket, do we put that ticket value in the password of http_setAuth?

http_setAuth(HTTP_AUTH_BEARER
: ' ' <-- can be left blank
: '%3c%3fxml+version%3d%221.0%22+encoding%3d%22utf-16'); <-- authenticationTicket placed in password.
jonboy49
Posts: 112
Joined: Wed Jul 28, 2021 8:18 pm

Re: Server using a single key authentication

Post by jonboy49 »

Paul ... Postman is a TESTING tool. You use it to check that you can connect to a given web service. I don't use it much so I can't be certain, but most tools in this arena require _you_ to supply the key as I did in this example of manually using Postman to make the same Zoom API call I described before.
2022-11-29_17-04-12.png
2022-11-29_17-04-12.png (76.7 KiB) Viewed 311 times
As to your question - nobody can answer that until your API supplier tells you how to authenticate. Try asking them for a Swagger file and import that into Postman that should show you.
Scott Klement
Site Admin
Posts: 343
Joined: Sun Jul 04, 2021 5:12 am

Re: Server using a single key authentication

Post by Scott Klement »

Yes, if you're trying to do a bearer token, the token is placed in the "password" field of http_setAuth.

The example data you provided does not look like a typical bearer token to me -- but, if that's the correct token for this particular service, then it should work fine if placed in the password field. (Just like you coded in your example.)

Jon's screenshot shows a more typical looking bearer token.

You shouldn't need to do that "special headers" stuff that he's doing unless you're on a very old version of HTTPAPI. Current versions allow using http_setAuth just like your example.
Post Reply