HTTPAPI header authentication

Discussions related to HTTPAPI (An HTTP Client Package for RPG programming.) http://www.scottklement.com/httpapi/
Post Reply
gsuelves1
Posts: 1
Joined: Thu Mar 09, 2023 5:42 pm

HTTPAPI header authentication

Post by gsuelves1 »

Hi all.
I'm making a request against a webservice with http_url_post_stmf function. This request only check the webservice status. The web service require authentication.
Basically this is my code:

http_setAuth( HTTP_AUTH_BASIC
: %trim(Usuario)
: %trim(Contrase) );

rc = http_url_post_stmf(%trim(httpurl)
: %trim(inpfile)
: %trim(outFile)
: 120
: HTTP_USERAGENT
: 'text/xml;charset=UTF-8'
: %trim(SoapAct));

The post function fails. Mi http_log say:
Authorization: Basic UHJveGl1bVdTOlBYQ2xpZW50ZXNXUw==

The response xml say:
<SOAP-ENV:Fault>
<faultcode>wsse:FailedAuthentication</faultcode>
<faultstring>The security token could not be authenticated or authorized</faultstring>
<detail></detail>

I'm trying set user and password with HTTP_SETAUTH function, but it don't works. I tried with all options: HTTP_AUTH_NTLM, HTTP_AUTH_MD5_DIGEST and
HTTP_AUTH_BASIC.

Anyway, I tested with SOAPUi app and it works fine.
The webservice admin said me that in the log appears the follow string for authentication as HEADER SECTION:
---- webservice log - begin -------------------------
<soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org
/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org
/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken wsu:Id=
"UsernameToken-D1C0FA819A1166BA9C16783646053262">
<wsse:Username>UserWS</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/ ... sswordText">
PasswordWS</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-soap-message-security-1.0#Base64Binary">X8vCvBOX5zZ+5SH/dC3mvg==</wsse:Nonce>
<wsu:Created>2023-03-09T12:23:25.326Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
---- webservice log - end -------------------------

I copied and pasted this header in my RPG program and worked fine.
But I have to do my program allow to use parameters dynamically, taking user and password as need.

Does anyone knows how I can replicate this header with a HTTPAPI function?

Thanks, regards!
Gerardo
Scott Klement
Site Admin
Posts: 635
Joined: Sun Jul 04, 2021 5:12 am

Re: HTTPAPI header authentication

Post by Scott Klement »

It appears that the userid/token is to be passed in the Soap header -- so should be part of the XML document you create -- it is NOT sent with BASIC authentication in this case.
Preethi
Posts: 11
Joined: Mon Apr 10, 2023 1:00 pm

Re: HTTPAPI header authentication

Post by Preethi »

Hi Scott, I am seeing the same error. I am connecting to RestAPI endpoint using JSON request. May I please know how to add the authentication section?
Scott Klement
Site Admin
Posts: 635
Joined: Sun Jul 04, 2021 5:12 am

Re: HTTPAPI header authentication

Post by Scott Klement »

Sorry, I don't understand the question. What sort of authentication are you asking about?
Post Reply