Apigee Pre-Flight Options Requests - api

I create api proxies and check the box that says "Enable Direct Browser Access for Your API — Allow direct requests from a browser via CORS." but my OPTIONS requests are still failing with :
{
"fault": {
"faultstring": "Received 405 Response without Allow Header",
"detail": {
"errorcode": "protocol.http.Response405WithoutAllowHeader"
}
}
}
From what I understand about CORS Pre-Flight Options requests, the client first sends the OPTIONS request to the server as a safeguard for "safe" CORS. This request should return a response with the list of request types that are available.
My Question: How do I make it so that Apigee responds correctly to OPTIONS requests and does not pass the OPTIONS request to my api behind the proxy?. If it helps I have AngularJS javascript apps trying to communicate with my Apigee endpoint.
Javascript errors:
OPTIONS http://api.example.com No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://client.example.com' is therefore not allowed access.
XMLHttpRequest cannot load http://api.example.com. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://client.example.com' is therefore not allowed access.
Default "Add CORS" xml
<AssignMessage async="false" continueOnError="false" enabled="true" name="Add-CORS">
<DisplayName>Add CORS</DisplayName>
<FaultRules/>
<Properties/>
<Add>
<Headers>
<Header name="Access-Control-Allow-Origin">*</Header>
<Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept</Header>
<Header name="Access-Control-Max-Age">3628800</Header>
<Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header>
</Headers>
</Add>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>
Default Proxy Endpoints xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ProxyEndpoint name="default">
<Description/>
<Flows/>
<PreFlow name="PreFlow">
<Request/>
<Response/>
</PreFlow>
<HTTPProxyConnection>
<BasePath>/v1/cnc</BasePath>
<VirtualHost>default</VirtualHost>
<VirtualHost>secure</VirtualHost>
</HTTPProxyConnection>
<RouteRule name="default">
<TargetEndpoint>default</TargetEndpoint>
</RouteRule>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
</ProxyEndpoint>
Default Target Endpoint xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TargetEndpoint name="default">
<Description/>
<Flows/>
<PreFlow name="PreFlow">
<Request/>
<Response>
<Step>
<Name>Add-CORS</Name>
</Step>
</Response>
</PreFlow>
<HTTPTargetConnection>
<URL>http://api.example.com/v1/assets.json</URL>
</HTTPTargetConnection>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
</TargetEndpoint>

Since you don't want the OPTIONS request to pass through to the backend API, there are two things needed:
A RouteRule to a null target with condition for the OPTIONS request. Notice there is no TargetEndpoint specified.
<RouteRule name="NoRoute">
<Condition>request.verb == "OPTIONS"</Condition>
</RouteRule>
A custom flow in the ProxyEndpoint to handle the CORS response. Since the new RouteRule sends the message to a null Target (echoes request back to client), the message will not route to the 'default' TargetEndpoint where the CORS policy currently is defined.
An updated version of your ProxyEndpoint would look like the below:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ProxyEndpoint name="default">
<Description/>
<Flows>
<Flow name="OptionsPreFlight">
<Request/>
<Response>
<Step>
<Name>Add-CORS</Name>
</Step>
</Response>
<Condition>request.verb == "OPTIONS"</Condition>
</Flow>
</Flows>
<PreFlow name="PreFlow">
<Request/>
<Response/>
</PreFlow>
<HTTPProxyConnection>
<BasePath>/v1/cnc</BasePath>
<VirtualHost>default</VirtualHost>
<VirtualHost>secure</VirtualHost>
</HTTPProxyConnection>
<RouteRule name="NoRoute">
<Condition>request.verb == "OPTIONS"</Condition>
</RouteRule>
<RouteRule name="default">
<TargetEndpoint>default</TargetEndpoint>
</RouteRule>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
</ProxyEndpoint>
NOTE: The RouteRules are evaluated in the order specified in the ProxyEnpoint configuration. You should always have the default (no condition) Route at the end. Otherwise, if at the top, it will always match and never evaluate the other Route possibilities.

I did the same thing mentioned in the above answer but still getting the same issue. Then after doing some research issue was solved.
The issue was that the cors header response was not passed as header during request. To solve that you can do is adding the cors value in proxy endpoint preflow as well:
<PreFlow name="PreFlow">
<Request/>
<Response>
<Step>
<Name>Add-CORS</Name>
</Step>
</Response>
</PreFlow>

Related

How to add HTTP Headers Logback Logstash

I read through the following documentation but cannot figure out what other configuration I need: https://github.com/logstash/logstash-logback-encoder#header-fields
My config file:
<include resource="org/springframework/boot/logging/logback/defaults.xml" />
<include resource="org/springframework/boot/logging/logback/console-appender.xml" />
<property name="LOG_FILE" value="${LOG_FILE:-${LOG_PATH:-${LOG_TEMP:-${java.io.tmpdir:-/tmp}}}/spring.log}"/>
<appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<encoder class="net.logstash.logback.encoder.LogstashEncoder">
<customFields>{"app_name":"${APP_NAME:-N/A}","app_version":"${APP_VERSION:-N/A}","hostname":"${HOST:-N/A}","environment":"${environment:-${ENVIRONMENT:-N/A}}"}</customFields>
<includeContext>false</includeContext>
<timeZone>UTC</timeZone>
</encoder>
<encoder class="net.logstash.logback.encoder.LogstashAccessEncoder">
<fieldNames>
<requestHeaders>request_headers</requestHeaders>
</fieldNames>
</encoder>
<file>${LOG_FILE}</file>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
<fileNamePattern>${LOG_FILE_ROTATION:-${LOG_FILE}%d{yyyy-MM-dd}.%i}</fileNamePattern>
<maxHistory>${LOG_FILE_ROTATION_MAX_HISTORY:-1}</maxHistory>
<totalSizeCap>${LOG_FILE_ROTATION_TOTAL_SIZE_CAP:-3GB}</totalSizeCap>
<maxFileSize>${LOG_FILE_ROTATION_MAX_FILE_SIZE:-1GB}</maxFileSize>
</rollingPolicy>
</appender>
<root level="${LOG_LEVEL:-INFO}">
<appender-ref ref="CONSOLE" />
<appender-ref ref="FILE" />
</root>
</configuration>
Error:
java.lang.IllegalStateException: Logback configuration error detected:
ERROR in ch.qos.logback.core.joran.spi.Interpreter#19:29 - no applicable action for [requestHeaders], current ElementPath is [[configuration][appender][encoder][fieldNames][requestHeaders]]
The xml configuration file you provided appears to be for logback-classic (since it includes <root level=...).
Automatic logging of request headers by logstash-logback-encoder is only available for IAccessEvents logged via logback-access.
In other words, automatic logging of request headers is not available for ILoggingEvents logged via a Logger from logback-classic. However, you can manually include them when using logback-classic as described below.
Logging of request headers with logback-access
To log request headers for IAccessEvents logged via logback-access, follow the instructions for setting up logback-access for tomcat or jetty, and add the following to your logback-access.xml. (Note this is not the logback.xml file used by logback-classic)
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<configuration>
<appender name="console" class="ch.qos.logback.core.ConsoleAppender">
<encoder class="net.logstash.logback.encoder.LogstashAccessEncoder">
<fieldNames>
<requestHeaders>request_headers</requestHeaders>
</fieldNames>
</encoder>
</appender>
<appender-ref ref="console"/>
</configuration>
This configuration was tested using logstash-logback-encoder 5.3. Note that the xml element names are different in logstash-logback-encoder versions prior to 5.0, so ensure you are using 5.0+ with that configuration.
Logging of request headers with logback-classic
logstash-logback-encoder does not provide first-class support for logging request headers via logback-classic. However, you include them in a log event logged via a Logger by using event-specific custom fields.
For example, in a class that has access to the http request (such as a servlet filter), you could do something like this:
Map<String, String> httpHeadersMap = ...; // get http request headers as a map
LOGGER.info("request", StructuredArguments.entries(httpHeadersMap));
and configure a LogbackEncoder in your logback.xml like this:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<configuration>
<appender name="console" class="ch.qos.logback.core.ConsoleAppender">
<encoder class="net.logstash.logback.encoder.LogstashEncoder"/>
</appender>
<root level="info">
<appender-ref ref="console" />
</root>
</configuration>

Why my ariba cannot parse my response api?

My ariba network cannot parse my document cXML response. At ariba screen i have this response
<?xml version="1.0" encoding="UTF-8"?>
<cXML payloadID="1501467044460-2947794417638298020#216.109.111.19" timeStamp="2017-07-30T19:10:44-07:00">
<Response>
<Status code="200" text="OK" />
<PunchOutSetupResponse>
<StartPage>
<URL>test.ariba.com</URL>
</StartPage>
</PunchOutSetupResponse>
</Response>
</cXML>
However I still get this message from Ariba:
Couldn't parse document
Can anyone support me with this.
This is the document we're using and working correctly
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cXML SYSTEM "http://xml.cxml.org/schemas/cXML/1.2.014/cXML.dtd">
<cXML timestamp="<%= #timestamp %>" payloadID="<%= #payload_id %>">
<Response>
<Status code="200" text="success"></Status>
<PunchOutSetupResponse>
<StartPage>
<URL><%= #start_url %></URL>
</StartPage>
</PunchOutSetupResponse>
</Response>
</cXML>
The start_url must be a valid URL like http://test.mysite.com/xxxxx
could you check if there is language dependency. lang="en-US"

WSO2 ESB 4.9 Call mediator is not working fine in same situations

I have a proxy service with below definition:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="TestProxy"
transports="https,http"
statistics="disable"
trace="disable"
startOnLoad="true">
<target>
<inSequence>
<header name="Action" value="urn:loadPerson"/>
<payloadFactory media-type="xml">
<format>
<sear:loadPerson xmlns:sear="http://localhost/SearchService">
<sear:Id>1234</sear:Id>
</sear:loadPerson>
</format>
<args/>
</payloadFactory>
<log level="full"/>
<call>
<endpoint key="SearchService"/>
</call>
<respond/>
</inSequence>
</target>
<description/>
</proxy>
So it's work fine when I call the proxy service(by tryIt) first time and I get right response of proxy service but for the next time it faces a problem and show me fault response:
<soapenv:Fault xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<faultcode>axis2ns11:Server</faultcode>
<faultstring>Missing operation for soapAction [urn:loadPerson] and body element [null] with SOAP Version [SOAP 1.1]</faultstring>
</soapenv:Fault>
As you can see I log the message and it's the same for every proxy call:
INFO - LogMediator To: /services/TestProxy.TestProxyHttpSoap11Endpoint, WSAction: urn:loadPerson, SOAPAction: urn:loadPerson, MessageID: urn:uuid:cc9557cc-e2a0-4b8d-97a8-ae393a411157, Direction: request, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><sear:loadPerson xmlns:sear="http://localhost/SearchService"><sear:Id>1234</sear:Id></sear:loadPerson></soapenv:Body></soapenv:Envelope>
I found that the problem resolved by restarting the server(not redeploying the proxy service) or leave it for few minutes!
any idea?!

Is there some example xml for the FormInfo list for the updateCredentialsForItem1?

I have been receiving the following error when trying to post updated login credentials:
<Exception>org.apache.axis2.AxisFault: org.apache.axis2.databinding.ADBException: Can not invoke the getTypeObject method in the extension mapper class...
I am accessing the SOAP API via a rails app using the savon gem.
addItemForContentService is working with the same xsi:type definition, and I have used getLoginFormCredentialsForItem to retrieve FormInfos to push back into updateCredentialsForItem1, with no success.
If I could just get some sample xml (that works) for this call I would really appreciate it.
It seems like the parameters you are sending are incorrect or the WSDL format.
For your reference below is XML for updateCredentialsForItem1(you need to change values):
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<updateCredentialsForItem1 xmlns="http://itemmanagement.accountmanagement.core.soap.yodlee.com">
<userContext xmlns="">
<cobrandId>134131232</cobrandId>
<channelId>-1</channelId>
<locale>
<country>US</country>
<language>en</language>
<variant></variant>
</locale>
<tncVersion>2</tncVersion>
<applicationId>7A367HGJ621219F00</applicationId>
<cobrandConversationCredentials xsi:type="ns1:SessionCredentials" xmlns:ns1="http://login.ext.soap.yodlee.com">
<sessionToken>YOUR_COBRAND_CONVERSATION_TOKEN_VALUE</sessionToken>
</cobrandConversationCredentials>
<preferenceInfo>
<currencyCode>USD</currencyCode>
<timeZone>PST</timeZone>
<dateFormat>MM/dd/yyyy</dateFormat>
<currencyNotationType>SYMBOL_NOTATION</currencyNotationType>
<numberFormat>
<decimalSeparator>.</decimalSeparator>
<groupingSeparator>,</groupingSeparator>
<groupPattern>###,##0.##</groupPattern>
</numberFormat>
</preferenceInfo>
<fetchAllLocaleData>false</fetchAllLocaleData>
<conversationCredentials xsi:type="ns2:SessionCredentials" xmlns:ns2="http://login.ext.soap.yodlee.com">
<sessionToken>USER_CONVERSATION_TOKEN_VALUE</sessionToken>
</conversationCredentials>
<valid>true</valid>
<isPasswordExpired>false</isPasswordExpired>
</userContext>
<itemId xmlns="">1219123123</itemId>
<credentialFields xmlns="">
<elements xsi:type="ns3:SecureFieldInfoSingle" xmlns:ns3="http://common.soap.yodlee.com">
<name>LOGIN</name>
<displayName>Username</displayName>
<isEditable>true</isEditable>
<isOptional>false</isOptional>
<isEscaped>false</isEscaped>
<helpText>2212059</helpText>
<isOptionalMFA>false</isOptionalMFA>
<isMFA>false</isMFA>
<value>ACTUAL_USERNAME</value>
<valueIdentifier>LOGIN</valueIdentifier>
<valueMask>LOGIN_FIELD</valueMask>
<fieldType>TEXT</fieldType>
<size>20</size>
<maxlength>40</maxlength>
</elements>
<elements xsi:type="ns4:SecureFieldInfoSingle" xmlns:ns4="http://common.soap.yodlee.com">
<name>PASSWORD1</name>
<displayName>Password</displayName>
<isEditable>true</isEditable>
<isOptional>false</isOptional>
<isEscaped>false</isEscaped>
<helpText>22121258</helpText>
<isOptionalMFA>false</isOptionalMFA>
<isMFA>false</isMFA>
<value>ACTUAL_PASSWORD_VALUE</value>
<valueIdentifier>PASSWORD1</valueIdentifier>
<valueMask>LOGIN_FIELD</valueMask>
<fieldType>PASSWORD</fieldType>
<size>20</size>
<maxlength>40</maxlength>
</elements>
<elements xsi:type="ns5:FieldInfoSingle" xmlns:ns5="http://common.soap.yodlee.com">
<name></name>
<displayName>Verify Password</displayName>
<isEditable>true</isEditable>
<isOptional>false</isOptional>
<isEscaped>false</isEscaped>
<helpText>22121258</helpText>
<isOptionalMFA>false</isOptionalMFA>
<isMFA>false</isMFA>
<value>ACTUAL_PASSWORD_VALUE</value>
<valueIdentifier>PASSWORD1</valueIdentifier>
<valueMask>LOGIN_FIELD</valueMask>
<fieldType>PASSWORD</fieldType>
<size>20</size>
<maxlength>40</maxlength>
</elements>
</credentialFields>
<startRefreshItemOnUpdate xmlns="">false</startRefreshItemOnUpdate>
</updateCredentialsForItem1>
</soapenv:Body>
</soapenv:Envelope>

Paypal sandbox endpoint webservice - Error "You do not have permissions to make this API call"

I used this paypal endpoint webservice for my PHP5 SoapClient :
Sandbox API Signature SOAP https://api-3t.sandbox.paypal.com/2.0/
And when i send my soap request with my credentials, i get an error with :
Ack => failure
ErrorCode => 10002
Short message => Authentication/Authorization failed
Long message => You do not have permissions to make this API call
This is current Soap message send to soap paypal API :
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ns1="urn:ebay:apis:eBLBaseComponents"
xmlns:ns2="ebl:SetExpressCheckoutRequestDetails"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:ns3="urn:ebay:api:PayPalAPI"
xmlns:ns4="ebl:UserIdPasswordType">
<SOAP-ENV:Header>
<ns3:RequesterCredentials xsi:type="ns4:UserIdPasswordType">
<Username>xxxxx</Username>
<Password>xxxxx</Password>
<Signature>xxxxx</Signature>
</ns3:RequesterCredentials>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<ns3:SetExpressCheckoutReq>
<ns3:SetExpressCheckoutRequest>
<ns1:Version>84.0</ns1:Version>
<ns1:SetExpressCheckoutRequestDetails
xsi:type="ns2:SetExpressCheckoutRequestDetailsType">
<ReturnUrl>url_to_/success.paypal.php</ReturnUrl>
<CancelUrl>url_to_/cancel.paypal.php</CancelUrl>
<LocaleCode>US</LocaleCode>
</ns1:SetExpressCheckoutRequestDetails>
</ns3:SetExpressCheckoutRequest>
</ns3:SetExpressCheckoutReq>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
I instantiated this PHP5 SoapClient :
//Endpoint
$location = 'https://api-3t.sandbox.paypal.com/2.0/';
$uri = 'urn:ebay:api:PayPalAPI';
//SoapClient options
$options = array('trace' => 1, 'exceptions' => 1, 'location'=>$location, 'uri'=>$uri);
//My Soap Client
$client =new SoapClient('https://www.sandbox.paypal.com/wsdl/PayPalSvc.wsdl',$options);
But when I called SetExpressCheckout paypal soap service, i receive the following soap message :
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:cc="urn:ebay:apis:CoreComponentTypes"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext"
xmlns:ed="urn:ebay:apis:EnhancedDataTypes"
xmlns:ebl="urn:ebay:apis:eBLBaseComponents"
xmlns:ns="urn:ebay:api:PayPalAPI">
<SOAP-ENV:Header>
<Security xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext"
xsi:type="wsse:SecurityType"></Security>
<RequesterCredentials xmlns="urn:ebay:api:PayPalAPI"
xsi:type="ebl:CustomSecurityHeaderType">
<Credentials xmlns="urn:ebay:apis:eBLBaseComponents"
xsi:type="ebl:UserIdPasswordType">
</Credentials>
</RequesterCredentials>
</SOAP-ENV:Header>
<SOAP-ENV:Body id="_0">
<SetExpressCheckoutResponse xmlns="urn:ebay:api:PayPalAPI">
<Timestamp xmlns="urn:ebay:apis:eBLBaseComponents">
2012-01-13T12:09:01Z
</Timestamp>
<Ack xmlns="urn:ebay:apis:eBLBaseComponents">Failure</Ack>
<CorrelationID xmlns="urn:ebay:apis:eBLBaseComponents">
c8d551f118a1
</CorrelationID>
<Errors xmlns="urn:ebay:apis:eBLBaseComponents" xsi:type="ebl:ErrorType">
<ShortMessage xsi:type="xs:string">
Authentication/Authorization Failed
</ShortMessage>
<LongMessage xsi:type="xs:string">
You do not have permissions to make this API call
</LongMessage>
<ErrorCode xsi:type="xs:token">10002</ErrorCode>
<SeverityCode xmlns="urn:ebay:apis:eBLBaseComponents">
Error
</SeverityCode>
</Errors>
<Version xmlns="urn:ebay:apis:eBLBaseComponents">84.0</Version>
<Build xmlns="urn:ebay:apis:eBLBaseComponents">2271164</Build>
</SetExpressCheckoutResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Nevertheless, I used the API credentials of my business account test...
I don't understand why my code doesnt work.
The error is : 'You do not have permissions to make this API call', but how it's possible? Because i use the correct endpoint service (sandbox) ?