I am calling json api built using Symfony2 using LAMP stack.
URL for api is like
http://ab.ab.com/new/358342/17/12.948468/77.718571
Response I get back correctly:
{"Result":{"statusCode":1,"statusMsg":"Created Successfully"}}
However http headers contain the information I am logging in server. Example is
-wf-1-1-1-3:185|[{"Type":"INFO","File":"","Line":"","Label":"app"},"Data From Publisher Device Id:358342045834581 Route Id: 17 Lat:12.948468 Lng77.718571 Timestamp:2014-09-18 13:23:20 Data:tstsst|S-1"]|
Above logging info is coming back in Http header of response.
How should I disable the server logging info coming back.
Finally I figured it out.
I was using firephp handler and firephp adds the logging information back in response through http headers.
firephp is useful tool for debugging json apis, however should be disabled in production to avoid revealing sensitive information.
I switched to fingers_crossed handler.
Related
I have recorded a login flow of an application and found some URIs like below:
/api/oauth2/initiate GET
/oauth2/authorize GET
/api/v1/oauth2/authorize GET
/api/v1/oauth2/authenticate POST
{"username":"${Username}","password":"${Password}","client_id":"${client_Id}","response_type":"code","redirect_uri":"${scheme}://${host}/api/oauth2/callback","server_id":"${server_Id}"}
When I am hitting above in sequence via JMeter I am getting 200 response. Just like JMeter I tried recording in Postman and it worked same, but instead of JSON it gave response in XML format.
It doesn't generate a access_token, it works via session cookies.
My question is - Do I really have API access or it is just browser record n play? If Yes, Does this mean I can get access to any API, if I am a registered user of that application? For ex: Facebook, YouTube or any startup website.
JMeter works on the protocol level. This means that whatever request you are generating. Say a simple browser request or an API call, you can do that easily.
Now the thing is replicating requests. You don't need to record the requests necessarily using the browser. You need to analyze the few things that are required. Say Postman is generating a request. You specify the things you want to send and you use the API Token there. The same things can be specified there as well. It all depends on how you are understanding the concept of request generation.
You simply need to replicate the samplers and the parameters. And the request headers in postman can be replicated here in the same way.
For each HTTP Request Sampler make sure you add a corresponding child HTTP Header Manager config element.
Headers basically tell the server that what client we are using and in what form data is being sent and then server responds accordingly with the information.
What you're recorded is OAuth2 flow and you won't be able to replay it without correlating the dynamic values.
You can have access to Google API or Facebook Graph API given you have proper access_token but I don't think you should be testing them directly, you should focus on solely your application.
I been trying to debug an issue that ONLY happens on safai, I get:
Bad Request - Invalid Header
http Error 400 The request has an invalid header name
However no matter where I look for in the error console, resources, or timeline I cant look at the headers from said request.
Is there a way to get this information?
You can install http-log and point the Safari URL to localhost:7777 and it will print out what headers Safari is sending.
If you can not change the URL or just want more debugging power you should install a debugging proxy e.g. WebScarab and configure Safari to use that. You get a nice GUI where you can see all the request data: WebScarab GUI
Http-log only prints it to command line.
Whenever I try to add the following endpoint, "http://ws.cdyne.com/phoneverify/phoneverify.asmx", during the Managed API setup process and press the Test button I get an error on the server. ERROR - APIProviderHostObject Error occurred while connecting to backend : "stackOverflow preventing me from showing this link", reason: Connect to ws.cdyne.com:80 timed out
When I try this exact same process on a machine outside of our proxy it works fine. I have gone into the axis2.xml file and added proxy information and even went as far as installing cntlm and setting the proxy to localhost - same error.
I can browse to the above link just fine on this machine.
My environment is Windows 10.
I assume you talk about clicking the Test button when providing Backend Endpoint in API publisher.
The way that Test button works at the moment (as far as I understand) is that it invokes HTTP HEAD method on the endpoint provided (because according to RFC 2616, "This method is often used for testing hypertext links for validity, accessibility, and recent modification.")
Then it checks response. If response is valid or 405 (method not allowed), then the URL is marked as Valid.
Thus sometimes, if backend is not properly following RFC, you might get otherwise working URLs declared as Invalid during the test because of that improper HEAD response evaluation. Obviously, this is just a check for your convenience and you can ignore the check if you know the endpoint works for the methods and resources you need it to work.
So my advice would be to try ignoring the Test and just finishing setting up and publishing the API.
P.S. I am checking it on WSO2 API Cloud but behavior is identical to downloadable API Manager.
Is there any way to get detail exception & Stack trace from deployed Web Api?
Even if I deployed in Debug mode, do I get detail error traces?
I got bellow message from server API
"message": "Processing of the HTTP request resulted in an exception.
Please see the HTTP response returned by the 'Response' property of
this exception for details."
This happened only in server, same code running perfectly in local machine.
Did you check the content-type for the request that you are performing?
Sometimes this error comes because you don't specify this value, e.g. "application/json" in the headers of the request.
If your scenario is to have a central place to log any exceptions that happen when requests are being processed, then I would suggest to take a look at 5.1 version of Web API (released couple of days back), specifically the Global Error Handling feature.
http://www.asp.net/web-api/overview/releases/whats-new-in-aspnet-web-api-21#global-error
If you go to the above page,you should notice ExceptionLoggerContext which gives you details of the exception.
About Web API versions 5.0 and before:
In these versions there was no really a central place for catching exceptions. ExceptionFilterAttributes caught exceptions for only certain areas of Web API.
Using WSO2 API Manager 1.3.1. Trying to use the API Manager to proxy to a REST service. I have set up the service in API Mgr and can successfully post and get responses, typically json, though some are text.
However, when I try to GET a resource that returns binary content (a zip "file", content-type:application/octet-stream), the API Manager does not seem to respond and I can see an error in the console window (i'm running wso2server.bat in console):
[2013-07-03 11:52:05,048] WARN - SourceHandler Connection time out
while writing the response: 173.21.1.22:1268->173.21.1.22:8280
I have an HTTPModule on my internal service and it seems to be responding with the appropriate content (I can see the GET and response data logged). I can also call to the internal service directly and get a response, so that end of things seems OK. But going through the API Manager seems to fail.
I found information on enabling other content-types:
WSO2 API Manager - Publishing API with non-XML response
http://wso2.com/library/articles/binary-relay-efficient-way-pass-both-xml-non-xml-content-through-apache-synapse
Using that information I tried to enable the application/octet-stream for messageFormatter and messageBuilder using the binary relay and it did not help (or seem to make a difference). I have even disabled all other content-types and use the binary relay for all content-types and it does not help.
Currently, I'm running with just the following in both axis2.xml and axis2_client.xml (in their appropriate sections):
<messageBuilder contentType=".*" class="org.wso2.carbon.relay.BinaryRelayBuilder"/
<messageFormatter contentType=".*" class="org.wso2.carbon.relay.ExpandingMessageFormatter"/>
I still get my json and text responses, but WSO2 times out getting the zip content. I saw the JIRA referenced in axis2.xml about enabling the ".*" relay, but as the other requests seem to work, I'm not sure it's an issue for me. I did try adding
'format="rest"' to the API definition, but it seemed to break all operations even the ones that worked prior so I've pulled it back out.
Any ideas on what is happening or how to dig in and debug this will help. Thanks!
After working with this for much too long, it turns out that my WSO2 configuration was correct, using the Message Relay and BinaryRelayBuilder, etc. While my REST service could reply immediately, I was setting a HTTP header that I assume WSO2 does not like, because when i removed it WSO2 would reply at an expected rate (instantly).
I was setting the header:
Transfer-Encoding: binary
When I removed that header from my service reply, then WSO2 operated as expected. I don't know if that's a "bug" in WSO2 or if I was implementing incorrectly, but I do have what seems like a "workaround" by omitting that header from my service response.