I have my django server running in a ssh client (ubuntu) but I want to test the api's in the local window machine. How could I achieve that?
If your web application is hosted ( have domain name like
http://www.stackoverflow.com) use the url in your postman.
If your webapp not yet deployed in some webserver ( apacahe, nginx+gunicorn, etc)
run the django application publicly in the server IP as follows
python manage.py runserver 0.0.0.0:8000 // make sure port 8000 is open or use an open port.
Also find the IP address of your ubuntu using the following command ( in the shell)
ifconfig
Use the ip-address you got in the postman (windows)
eg: if the IP address got is 90.101.111.25,
API endpoint: api/user/
method : POST
In postman client
use the url: 90.101.111.25/api/user/
select method : POST
Next you need to provide the Authorization ( to make sure only guanine users access your API).
Choose Authorization tab in postman, and select the Authorization (
Digest Auth, Basic, Token) your web app supports.
If you go with Token Authentication, find the the token for the (one of the )user created, and use it in postman.
Select Headers and add the following
key: Authorization
value: Token:<space>the-token-generated-by-django-in-the-db
Check the following to implement token based authentication in django( django-rest).
https://www.django-rest-framework.org/api-guide/authentication/
Related
If I make a request to my Daphne/Django server in Postman or the Android app we're developing, Daphne serves the certificate, but it's rejected. If I first make a simple get request to https://letsencrypt.org/ and then make a request to my server, the certificate is accepted.
How can I make sure a client will trust my certificate, even if it's the first time this client is seeing a certificate issued by this CA?
Everything bellow can serve as a history of how I studied the problem.
Original title: SSL Certificate works in browser but can't be verified by Postman
I have an AWS EC2 instance running Ubuntu 18.04, with python 3, Django, a bunch of project dependencies, Daphne running with ASGI, with a certificate by Let's Encrypt. Daphne is using port 8000 for HTTP and por 4430 for HTTPS, iptables is configured to redirect requests from port 80 to 8000 and from port 443 to 4430. Django is configured to enforce secure connections with SECURE_SSL_REDIRECT=True in the settings.py file.
There's a "Site in Construction" temporary page being served, and it's properly accessible from every browser and every device I tested so far. If I explicitly type http, I get redirected to https and the certificate is accepted. Every browser I tested (Firefox, Brave, Chrome, Chrome for Android) says cert is good.
Curl outputs the HTML content returned from the server. I don't know if it accepts the certificate or ignores it.
The Problem
Postman, however, says "Error: unable to verify the first certificate". Only works when I disable "SSL certificate verification", which doesn't answer my question: why Postman is unable to verify my Let's Encrypt certificate?
I'm building an API that runs on the same server, using the same domain, and it's meant to be consumed by a mobile app. Currently, the Android app is throwing a "TypeError: Network request failed", which I suspect could be caused by the same thing Postman is complaining about.
When I spin the server locally and configure 1) the app to use http://localhost:8000 and 2) the server not to enforce SSL, it works in browsers, Postman and in the Android app.
I've being looking for answers in many places for days, so any clue will be very welcome.
EDIT
Interesting clue:
If I make a request to my Daphne/Django server, it servers the certificate, which is rejected. But if I first make a request to https://letsencrypt.org/ and then make a request to my server, it works!
This pattern holds true in both Postman and our Android app.
It also happens when I first make a request to https://alloy.city (instead of letsencrypt.org), which is served by a Node.js app, and uses a certificate also issued by the Let's Encrypt CA.
So maybe the question should be: how to configure my server to politely invite clients to add the CA that issued my certificate if they hadn't done it yet?.
Apparently, that's what my Node.js server does.
Yes, in settings, tap ssl verification off
File > Settings > General > SSL Certificate Verification > off
I'm quite new to AWS and I have been starting to work with EC2 instances. I have a web application that has a frontend and backend separately. So first I hosted the backend application on EC2 instance and it is a Symfony framework based REST API Application. So I have installed all dependencies and now the application is running. But to check the application I ran some API calls to the application using postman and seems application is not working as intended. I get following response from Postman. I have also provided security group configurations properly.
When I start sysmfony app it says [OK] Server listening on http://127.0.0.1:8000.
Can't figure out why this is happening. Can someone help me here?
You are running your application trough CLI (Symfony web server bundle) , by default this will bind to 127.0.0.1 which can't be accessed from outside. To fix this, you must bind to your server's public IP/hostname and port:
php bin/console server:start 192.168.1.1:8000 # replace with your ip
You can also bind to all your IP addresses using 0.0.0.0
But keep in mind, you should not use built in server for production, it's slow and less secure. Use a real web server instead, like Apache or Nginx.
I have build and application with angular 5 and REST API with golang and hosted them on aws ec2 instance, I have installed ssl certificate to run the app and api on https. following is my url structure to run app and api ( api is running on 8080 port
app : https://mysite.maindomain.com
api : https://mysite.maindomain.com:8080
When I hit api after setting up the ip in host file on system it works fine but its not working with aws and redirects to https://mysite.maindomain.com:8080 when I hit any api like https://mysite.maindomain.com:8080/signup or https://mysite.maindomain.com:8080/get-user/10
Nor sure what is the issue here but everything else is working fine
I am using gin gonic as go framework and also have used RunTLS as recommended.
Not sure I fully appreciate the issue, but just in case, have you setup CORS on the API server (https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS).
If you run a browser application served from ORIGIN1, and the browser tries to access an API on DESTINATION2, the API server must state to the browser that it is indeed authorized to reply to a browser originating from ORIGIN1.
You can for example use https://github.com/gin-contrib/cors to add CORS support to your API server.
Good luck.
I created an ExtJS 5 application with Sencha Cmd.
I will deploy this application in a tomcat server where there are some REST web services.
I would need to use these web services but when I run the application with "sencha app watch" (on port 1841) it doesn't find the services because they are on a differente server (tomcat is on a different port).
How can I use an "external" web service with Sencha CMD?
Thanks
stefano
Here are some of the available options:
Option 1 Proxy Web Service
You could create a service on the local machine where the sencha app is that create web requests that then goto the target remote services. This is called a proxy service.
Essentially the proxy service will take a request and resubmit it to the desired target remote machine.
There is a php example here
And a C# web request example here (Although this c# example isn't exactly what you are needing. The base of the web request that would need to be submitted is in this code. )
Option 2 JsonP
The other option off the top, is if the web services on the other machine support jsonp they should be accessible. However, jsonp only supports get so if you have a full rest implementation some services will probably not work.
More information on jsonp
And an extjs request example for JsonP:
Ext.data.JsonP.request({
'url': 'url',
params: {
'param1': 'value'
},
success: function (result, request) {
//success
}
});
Option 3 Hosting multiple apps/paths on single port
However, since it seems like the tomcat server may actually be on the same machine. Is there not a way to host both the web services and the application path through tomcat?
It looks like, for instance, jetty has an option to host two apps on the same port
Option 4 Enable CORS
You can enable cross origin resource sharing on the rest application depending on the architecture/framework used.
The browser will basically send a request first to see if it can access the resource. And then the server would respond with the allowed origin domains. Once CORS is enabled then access could be granted between the two different ports/servers
Great site on CORS with instructions for enabling on most basic setups
Here is example documentation for spring
I have developed a play 1.2.5 application and implemented secure module module for authentication.Its working fine. Now I have developed another play 1.2.5 application which is running on a separate server. I have maintained a href tag in my first play application which has the link to second application.On loging in through my first application, I want the username to be passed to the second application because i am using the logged username. As soon as I log out from the first application, The session (username) should be removed from the second application too.
How can i achieve this ...Plz help!
If you run both of servers on 1 domain (such as www.example.com), and using load balancer (like nginx) to transfer requests to 2 server. You just make sure the config application.secret is the same for both.
If you run on different sub-domain (Recommend), you MUST do like that:
Server should use sub-domain, for example login server is login.example.com and application server is app.example.com
Use config application.defaultCookieDomain=.example.com for both server, then they can use the cookie each others
Make sure both servers have same config application.secret
If you really want to put 2 difference domain, like example.com and example.net. You should implement OAuth on login server and provide API to call from application server.