I am trying to utilize the OroCommerce Web API which was introduced to interact with my clients.
The first step of oauth2-token seems to be working well, but he consequent requests to the api's such as customers GET, customerusers GET etc all end up with 401-Unauthorized Error.
I am trying to test the whole flow through the POSTMAN.
I have checked the Web API access is enabled and also verified that the guest users are enabled.
What's strange is the the /api/doc seems to be working well, but when I try to mimic the same via POSTMAN, it always ends up with 401 -Unauthorized Access.
Any idea why it could be failing?
Make sure you included Content-Type and Bearer prefixed Authorization headers in the request built using POSTMAN. Like explained in the OroCommerce documentation.
The authentication with Bearer header also explained in POSTMAN documentation.
I am trying to excute IBM BPM Rest api call from Post man client
Ex:
https://ustrial01.bpm.ibmcloud.com/bpm/dev/rest/bpm/wle/v1/user/current?includeInternalMemberships=true&parts=all
I set Basic Authentication values( Username, password)
I am getting status code as 200, but response i am getting some HTML code.
Can any one help me on this.Any help is greatly arreciated.
If you are getting a 200 status then why do you need the response? the status code should be good enough for you because 200 means the REST call worked fine.
I'm not familiar with the product you're referring to, but it sounds like you need to specify the media type you want to get back in an Accept header of your request. I suggest you try specifying
Accept: application/json
or (being an IBM product I'm guessing XML might be preferred)
Accept: application/xml
I tried to access BPM REST api call using Chrome's Postman & REST Console plugins.
Based on my experience, sometimes I don't no why it looks like Postman will not take auth details.
But, below steps always worked for me:
1. login to BPM account in Chrome,
2. open REST Console plugin and can access REST api GET/PUT all the time.
Hope this helps. Thanks
There are two parts to this answer, the 'long story short' part and the elaborate part.
Long Story Short:
IBM BPM Cloud exposes a variety of REST APIs to interact with its BPM engine and let it be as a service or more commonly known as 'Headless BPM' or 'BPM-as-a-Service'.
These REST API calls are secured by basic authentication i.e. by username/password
For Cloud, the username and password used for the REST API is not the same as the User's credential, which the User will use for logging into IBM BPM Process Portal or website. For on-prem solution, it is the same.
For Cloud, a 'functional' username password has to be requested for (Cloud Admin can create those) and that has to be used in the service call.
For example, if you are username/password for logging into BPM Cloud is 'johndoe#gmail.com/Test123' then there will be functional credential created for this ID (say, 'somefunctionalusernamedjohn123/8jdklajl23').
We can use this credential with every reqeust but what we should do is, use these credentials in the very 1st call to BPM server, in the response of which there will be a specific 'cookie'. We should save it and re-use that in our sub-sequent calls until it expires (you'll receive appropriate http status code if you disable 'follow redirect' in your http client config).
I had to raise a PMR to get this information. https://www.ibm.com/support/knowledgecenter/en/SSFPJS_8.6.0/com.ibm.wbpm.wle.editor.doc/topics/int_ext_services_start_process.html
Sample Java code to start a process:
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://ustrial03.bpm.ibmcloud.com:443/bpm/dev/rest/bpm/wle/v1/process?
processAppId=3u092jr02j-fghjkyk.u078992c166c1&bpdId=25.jk8989-539a-4150-
b63e-ggui67868gjkgj7&action=start")
.put(null)
.addHeader("Content-Type", "application/x-www-form-urlencoded")
.addHeader("Accept", "application/json")
.addHeader("Connection", "keep-alive")
.addHeader("Authorization", "Basic YXJrYX242232jklkljljLmNvbTpkZWZjb240QA==")
.addHeader("Cache-Control", "no-cache")
.addHeader("Postman-Token", "f46c1525-899-9897-uoh89-bb2b21a57f16")
.build();
Response response = client.newCall(request).execute();
Before finding this solution through PMR, I was desperately looking for a solution or a workaround. I noticed that my REST calls are getting redirected to an authentication page and I also noticed that, it is quite similar to what happens when you try logging into any IBM BPM Process Portal.
Once you login to IBM BPM Portal using Chrome, observe that it doesn't log you out. So I guessed the answer to be in the cookie and through trial and error, I picked up the cookie, which is PD-S-SESSIONID (named Something like that), and started using them in my service but obviously they expire in like 30-40 mins. So, I went ahead and used selenium and headless chrome to do the same thing as what I did manually. Anyway, this hack shouldn't be needed for On-Prem solution or with functional IDs for cloud.
Another very useful API wrapper which I have used in my project is:
https://github.com/egetman/ibm-bpm-rest-client. I had to make some changes to make this work with the trial account and for some other reasons.
And of course, we can't go far without the help of in-built REST API tester by IBM
e.g. https://ustrial03.bpm.ibmcloud.com/bpm/dev/bpmrest-ui/BPMRestAPITester/index.jsp
Thanks!
I am using apimanger 1.9.
I read this already : Add header with username into request to backend in wso2 apimanager.
I am able to add and forward username to backend in wso2 apimanager for specific service; but I want this for all service. I am modifying admin--<api_name>_<version>.xml for all services(50 services), which is very much manual. Something it leads to manual error.
Is there a single place configuration where I can set this (forward username to backend endpoint) for all service?
One more question - if I create and publish the APIs using "Publisher API" feature, is there a way to post something to set up the add header for each API?
Modify the velocity_template.xml which decides the template of an API. Please read my answer given to a similar requirement. You need to modify the relevant section in the velocity_template.xml.
I'm trying to implement the Rest API for Yodlee using Spring RestTemplate.
For starter I'm trying to use the simple chrome extenuation to test the API but it doesn't seem to work.
(see image url here)
https://www.evernote.com/shard/s3/sh/3c42d3fb-e69f-49c4-ab80-e4b607aca13e/03aea0e891c1f2c40414fcc992f2c307
The content type needs to be application/x-www-form-urlencoded and the request needs to be properly formatted.For example:
cobrandLogin=yourCobrandLogin&cobrandPassword=yourCobrandPassword
I've noticed that the error messages for the rest api are extremely unhelpful.
I looked through documentation on Event Notification (http://developers.box.com/webhooks/).
I would like to call an REST API, with basic authentication. Is there a way to do this?
like, customizing the HTTP headers (like adding Authorization:Basic ...) of the HTTP call triggered?
There currently isn't support for passing in special headers. You can, however, use HTTP Basic Auth by specifying it in the URL for event notifications to be sent to e.g.
https://username:password#www.example.com/path