Just using postman I can set up a certificate and connect to active subscriptions. When I try and connect to the Mock API to test the connection for, getting course runs, for example, I am getting an error
Error: error:0b000074:X.509 certificate routines:OPENSSL_internal:KEY_VALUES_MISMATCH
Is there a different way I am supposed to test certificate connections?
While it's not such a big deal with GET requests, this is going to be important for POST requests.
You don't need a certificate to call Mock APIs.
You can instead try to call it directly without the certificate as it will only display a mock response of the API.
Related
By watching Computerphile YouTube videos, I know that today's browsers perform a TLS Handshake with every HTTPS website they display for me on my PC. For this question, let us assume the request is pointed at my server, running an Express API, protected by a valid SSL certificate. Will a TLS Handshake be performed even when I send a POST request with the help of:
Requests module in Python, a simple POST request to my server from a Python script.
NodeJS (Express.JS), a simple POST request (containing username and password) from a HTML webpage to my server.
From a mobile app programmed in MIT App Inventor 2, which gives me an option of making a POST request.
... and not a browser?
I am asking this question in regards to an app I am programming, wherein the user has to identify himself with a key and a password, and I want the information (log-in and else) to be securely conveyed to my VPS.
HTTPS means HTTP inside TLS. This means accessing a https:// URL always requires also TLS and thus a TLS handshake. It does not matter if the client is a browser, Python code, NodeJS or whatever. It does not matter if it is GET or POST request either.
I have an application that needs to communicate with a third-party SOAP/WCF API using a client certificate. I have tried everything on the web how to call SOAP/WCF API using a client certificate. But every time I am getting a client certificate authentication failed. Is there is a way to see whether I am passing the client certificate or not? Fiddler is not showing whether the client cert is sent with the request or not.
I do not know much about computer networks but I've been dabbling with flutter and aws lambda.
I have a flutter (dart) code that uses http package to make an http request like the following:
import 'package:http/http.dart' as http
final response = await http.get('https://<address to my lambda function via api gateway>');
final body = response.body;
Looking at the http package in pub.dev, it says that the package is a A composable, Future-based library for making HTTP requests. and does not say anything about TLS(SSL). However, the url I provided in the above code is https generated by aws API gateway. So my question is, in the above code, is it using https or http? If it is using http, it is not secure hence, i need to add another layer of security to prevent hackers such as Man in the middle attack. If it is https, does that mean the data that gets sent is encrypted via TLS, hence I do not need any sort of asymmetric encryption between the client and the server?
I will start by saying I'm not a developer and don't know too much about API's.
Using BambooHR (Cloud based HR service) I have an API that I can call through a browser and it returns a CSV report. I am looking to automate this but not too sure how to call this through PowerShell to return my file.
The API url looks like this:
HTTP://<API TOKEN >:x#api.bamboohr.com/api/gateway.php/<COMPANY Name>/reports/<report>/?format=csv
When I try the following in Powershell:
Invoke-WebRequest -URI HTTP://<API TOKEN>:x#api.bamboohr.com/api/gateway.php/<COMPANY Name>/reports/<report>/?format=csv
I get the following error:
The underlying connection was closed: An unexpected error occurred on
a send.
Any ideas how I can just create a simple PowerShell script to download this file?
According to bamboohr api documentation you should only use https with signed certificate:
All requests made to our APIs must be sent over HTTPS. The SSL
certificate used for the HTTPS connection is signed and all
implementations should configure their SSL layer to verify it.
Is there a Groovy way to open a SSL connection to a server with client side authentification without using the JVM keystore?
I want to enable users to upload a public key over a website and then access a REST API on their server in a secure way. So I can have a lot of different keys which have to be loaded during runtime. I don't know if this is even possible using keystores.
I am looking for a solution, where I can just provide the keystring on connection initialization.