I have been trying to use the Control-M API documentation provided by BMC, and I am unable successfully invoke an API call to it.
When tried to first provide the login credentials using /login resource to get the apiKey which I could use for further resource calls, I get a variety of Error Responses. i.e. 405 method not allowed while using POST, and 404 Page not found while using GET. At this point I am not sure if there is some problem with Control-M API version(9.20.105), or am I using the correct endpoint (CTRLM URL)?
is is not possible via postman?
Note: I am not sure if I am allowed to paste my clients URL here.
I would be really helpful if someone could illustrate a live Control-M API call which is publicly available to test.
If you have an installation of Control-M with automation API you can use its swagger as reference.
Given a Control-M installed on a host named myControlM you should be able to browse to:
https://myControlM:8443/automation-api
I have api_key for my project on google cloud and I am able to generate authorization code via client_id and subsequently auth token using authorization code.
What is the rest api code to retrieve tenant information ? Can anyone please put a curl command for that.
Have a look at the documentation about how to get tenants list using API; even more - yoo can test it yourself using the pane on the right.
Another piece of documentation you might be interested in to help you understand how this particular API works and what kind of reply you might expect.
More genral explanation of how to construct API's requests you can find here.
Is there a way I can create some dummy APIs with dummy response in WSO2 API Manager? Our API implementation is not yet ready.Till its ready , can we create an API and give some sample json as response?
Best thing would be using the API manager to create API using prototype option.
Create API
Add entries for design screen
On the implementation screen choose - Prototyped API
Choose Implementation Method as inline for JSON (it will not work for
SOAP)
in Resource section click on any of the method types lets say Get
add the java script to mock the json data
/* mc.setProperty('CONTENT_TYPE', 'application/json');
enter code heremc.setPayloadJSON('{ "data" : "sample JSON"}');/
/ Uncomment the above comment block to send a sample response.*/
Publish it.
Hope this helps
Yes, you can create prototype API. please let me know if this help.
Refer following document Deploy and Test as a Prototype
If your servers has internet access, you can use http://www.mocky.io/ to mock your response. When you are creating an API in WSO2 API Manager provide the url of the mocky.io as the endpoint.
I have created an API Key and added it to my functions. I have then deployed the api and tested it but still get:
"message": "Forbidden"
How do I pass the api key with my JSON request as I have been using "x-api-key": "theKey"?
The x-api-key parameter is passed as a HTTP header parameter (i.e. it is not added to the JSON body). How you pass HTTP headers depend on the HTTP client you use.
For example, if you use curl and assuming that you POST the JSON payload, a request would look something like (where you replace [api-id] with the actual id and [region] with the AWS region of your API):
$ curl -X POST -H "x-api-key: theKey" -H "Content-Type: application/json" -d '{"key":"val"}' https://[api-id].execute-api.[region].amazonaws.com
I had to add an API Usage plan, and then link the plan to the API stage.
Seems like this is the only way to link the key to the API, not sure if this is a recent change on AWS.
If you set 'API Key Required' option to true, please check below.
you have to pass 'x-api-key' HTTP Header Parameter to API Gateway.
The API Key had to be created.
In addition, you need to check a Usage Plan for the API Key on API Gateway Console.
If you set 'API' key required to true, you need to pass the api key as header.
API Key is passed as header field 'x-api-key'. Even after adding this field in header, this issue may occur. In that case, please validate below points
Do you have a Usage Plan? if not need to create one.
Link you API with Usage Plan. For that add a stage, it will link your API
Do you have API Key? if not you need to create an API Key and enable it.
Add the Usage Plan which is linked with your API to this API Key. For that, add Usage Plan.
I hope you are not missing to link the API key with the API
I was able to get a successful response from Lambda using below configuration in Postman native app -
Under authorization tab (For some reason this didn't work when i passed the same parameters under header)
Key : x-api-key
Value : your-api-key-value
Add to : Header
I don't have enough reputation to set this as a comment, But I was finally able to find the document specifying that 'x-api-key' belongs in the header for API Gateway calls that come from outside clients (like postman, swagger, etc.) in the AWS Documentation.
The relevant part:
To use header-sourced API keys:
Create an API with desired API methods. And deploy the API to a
stage.
Create a new usage plan or choose an existing one. Add the deployed
API stage to the usage plan. Attach an API key to the usage plan or
choose an existing API key in the plan. Note the chosen API key
value.
Set up API methods to require an API key.
Redeploy the API to the same stage. If you deploy the API to a new
stage, make sure to update the usage plan to attach the new API
stage.
The client can now call the API methods while supplying the x-api-key
header with the chosen API key as the header value.
Choose an API key source
For Private API Gateways accessed through public DNS, we need to pass additional header of 'x-apigw-api-id' with the api id along with 'x-api-key' if configured.
curl -v https://{vpce-id}.execute-api.{region}.vpce.amazonaws.com/test -H 'x-apigw-api-id:{api-id}'
Its documented below,
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-api-test-invoke-url.html#w20aac13c16c28c11
Here a good resource explaining different reasons why we could be getting a Forbidden. The two most important are the request URL and the x-api-key header:
https://{api_id}.execute-api.{region}.amazonaws.com/{stage_name}/{resource_name}
Missing stage name will give you 403 for ex. Maybe for security reasons the response is not revealing an issue with the stage name, and thus you get a generic Forbidden.
I faced the same problem today. I had already mapped the API key to the usage plan (which was linked to the api gateway stage). I was also passing the api key in header correctly.
When none of these solutions work, do remember to check if your API is linked to WAF policy with only a certain ip-addresses permitted. Apparently, my IP address had changed today. So, WAF was blocking me. That can be an additional reason to get {"message": "Forbidden"} error.
Is it possible to get the name of the Application that triggered the API call on WSO2 API Manager and pass it on to the call as a header?
Any can help how to do this please.
Yes, application name is part of the JWT token that you get with the calls. Here's documentation.
JWT tokens are enabled by default in WSO2 API Cloud (the public hosted service from WSO2). So if you are using it - everything just works.
If you are deploying API Manager yourself, you need to configure JWT yourself as explained here.
One option would be to implement an custom handler. See Writing Custom Handlers
APIMgtUsageHandler is one of the handlers in API manager which collects the application name (to collect usage data). So you can refer it as a sample handler on how to get the application name. see APIMgtUsageHandler.java