|
FORUMS PROFESSIONNELS
WINDEV, WEBDEV et WINDEV Mobile |
| | | | | |
| Débuté par Sammy Broeders, 15 sep. 2014 19:24 - 10 réponses |
| |
| | | |
|
| |
Posté le 15 septembre 2014 - 19:24 |
Hello,
We try to integrate into Windev18 the code below.
Does anyone know a solution
Authentication
You need to be authenticated if you wish to make any requests to the API. Each application (either website, mobile application, desktop application) requires an API-key to identify the application against the API. The API key is unique per application and shouldn't be shared.
You need 3 things to authenticate the user with the API:
API key
Username
Password
The API key needs to be sent with in a header named X-ApiKey. The username and password are in the message body in the preferred media type format. There is a 3rd optional body parameter named RememberMe. This will determine if the session is temporary or permanent. The default value is false. This only applies to browser based clients.
Note that the Host header is required with every request.
Example request
POST http://api.ghs-automotive.nl/api/auth/credentials HTTP/1.1
X-ApiKey: [ApiKey]
Host: <a class="ExternalLink" rel="nofollow" target="_blank" href="http://api.ghs-automotive.nl">http://api.ghs-automotive.nl</a>
Content-Length: 38
Content-Type: application/json
Accept: application/json
{"UserName":"[UserName]", "Password":"[Password]", "RememberMe": [true|false] }
Example response
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ServiceStack/3.971 Win32NT/.NET
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: X-ApiKey, Content-Type, Authorization
Access-Control-Expose-Headers: Location
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ss-id=P7/JJm75PKnIDw+THfzS; path=/; HttpOnly
Set-Cookie: ss-pid=IwEIOR4NqRKqKHVV8PaG; expires=Sat, 27-May-2034 13:16:04 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET (GHS-02)
Date: Tue, 27 May 2014 13:16:06 GMT
Content-Length: 71
{"sessionId":"P7/JJm75PKnIDw+THfzS","userName":"[username]","responseStatus":{}}
You will receive a session id when you successfully authenticate. You will need to send this session id as the ss-id cookie with every request. Note that the server also returns several Set-Cookie headers. This will instruct any browser to automatically set those cookies for the current host. Also note that they are HttpOnly which means you cannot access these cookies using javascript.
Session ID cookies are automatically set when the authentication is done within a browser. There will be a ss-id cookie when RememberMe was false and a ss-pid when RememberMe was true |
| |
| |
| | | |
|
| | |
| |
Posté le 15 septembre 2014 - 20:08 |
Hi Sammy
look at the help for httprequest. There is a syntax for POST mode. that is what you are looking for
Best regards |
| |
| |
| | | |
|
| | |
| |
Posté le 15 septembre 2014 - 20:54 |
| |
| |
| | | |
|
| | |
| |
Posté le 16 septembre 2014 - 11:17 |
Hi Sammy
I'm not sure about the CONTENT/Message to send (what you need to send), as what you are writing seems to be describing the WHOLE request, and not the extra parameters...
However, I can already tell you this:
- there is a trick for the extra headers: each needs to be followed by a CR (each is a LINE of the final "file")
- logically, the "content" should be only {"UserName":"[UserName]", "Password":"[Password]", "RememberMe": [true|false] } (everything else should be created for you by the httprequest). I'm not even sure that you need the {}
- you httprequest is missing the Type of message (that's where you put the "application/json " information)
Best regards |
| |
| |
| | | |
|
| | |
| |
Posté le 16 septembre 2014 - 11:54 |
Fabrice,
I think also that the solution is in httprequest, but how put i the values in this.
I tried now as below but it won't be work
HTTPRequest("http://api.ghs-automotive.nl/","","X-ApiKey: xxxx8bb-0c70-44c0-853f-30ea8cxxx5840","","application/json","x","xxxxx")
This is a example request what is in the documentation of this REST service.
POST http://api.ghs-automotive.nl/api/auth/credentials HTTP/1.1
X-ApiKey: xxxxxxxxxxxxx
Host: <a class="ExternalLink" rel="nofollow" target="_blank" href="http://api.ghs-automotive.nl">http://api.ghs-automotive.nl</a>
Content-Length: 38
Content-Type: application/json
Accept: application/json
{"UserName":"xxx", "Password":"xxx", "RememberMe": true } |
| |
| |
| | | |
|
| | |
| |
Posté le 16 septembre 2014 - 14:39 |
Hi Sammy
it looks like :
- you did not add a CR at the end of the header line as previously indicated
- you did not pass the user name+password at all
- you added a username and password to be sent at the end (I suppose), but that is for a completely different case
Best regards |
| |
| |
| | | |
|
| | |
| |
Posté le 16 septembre 2014 - 19:33 |
Fabrice,
What do you mean with a CR at the end of the header? The header is still "X-ApiKey: xxxx8bb-0c70-44c0-853f-30ea8cxxx5840" Or am i wrong?
Where is the CR needed? |
| |
| |
| | | |
|
| | |
| |
Posté le 16 septembre 2014 - 20:12 |
Hi Sammy,
Fabrice means that each line of HTTP header must be separated with CR. Indeed in your case there is only one line.
Expanding Fabrice's hints he gave you and from what I can also see (looking very quickly), the error you are making is that the user name and password inside HTTPRequest are for webserver basic http authentication. This is useless in your case. What you must send to the web application is JSON content for authentication.
Then you will receive an answer with cookies information (you will have to read the header manually). Then you must send back this cookie in every future call in the header with proper length. (This is a bit complex if you must handle cookies.) All these lines will need to be separated by CR.
Now for your example:
HTTPRequest("http://api.ghs-automotive.nl/","","X-ApiKey: xxxx8bb-0c70-44c0-853f-30ea8cxxx5840","{""UserName"":""xxx"", ""Password"":""xxx"", ""RememberMe"": true }","application/json")
(If you have WinDev 19, you can use the new JSON functions and structures if you want.)
This will make a POST request to the server with the JSON content for authentication. Then you should receive a valid answer if it succeed with the cookies you must set.
I hope this can help you.
Best regards,
Alexandre Leclerc
Edit 1: I just saw that cookies can be handled very easily with all HTTP* functions. So this will be not too hard to manage. You can check the doc from that page, there are many links to other functions: <a class="ExternalLink" rel="nofollow" target="_blank" href="http://doc.windev.com/en-US/?1000019222">http://doc.windev.com/en-US/…</a> |
| |
| |
| | | |
|
| | |
| |
Posté le 17 septembre 2014 - 09:04 |
For your problem with a cookie here is a solution which works for me:
LOCAL sURL is string gsCookie is string sHeader is string sBuffer is string t is int n is int sUsername is string="user" sPasswort is string="password" sURL="https://www.yourdomain.com/apps/login" HTTPRequest(sURL,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0","","login="+sUsername+"&password="+sPasswort+"&remember=on") sHeader=HTTPGetResult(httpHeader) n=Position(sHeader,"Set-Cookie: ") IF n>0 THEN t=Position(sHeader,";",n) gsCookie="Cookie: "+Middle(sHeader,n+12,t-(n+12)) END sURL="<a class="ExternalLink" rel="nofollow" target="_blank" href="https://www.yourdomain.com//apps/list?filter=catalog&list=true">https://www.yourdomain.com//apps/list…</a>" HTTPRequest(sURL,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0",gsCookie,"","text/xml") sHeader=HTTPGetResult(httpHeader) sBuffer=HTTPGetResult(httpResult) |
| |
| |
| | | |
|
| | |
| |
Posté le 17 septembre 2014 - 13:12 |
Hi Sammy
yes, you are wrong... the header is
"X-ApiKey: xxxx8bb-0c70-44c0-853f-30ea8cxxx5840"+CR
The header content you are providing is inserted AS IS in the message... This means that if you don't add the CR, as previously indicated TWICE, you'll end up with two header lines on the SAME line, without separator between them.
Best regards |
| |
| |
| | | |
|
| | |
| |
Posté le 17 septembre 2014 - 17:14 |
Thanks a lot Fabrice! This works for me. Now i recieve the sessio id and can go on with the post from Alexander.
Thanks again!! |
| |
| |
| | | |
|
| | | | |
| | |
| | |
| |
|
|
|