I'm doing a simple page to register users. However after I get the user's input I need to call a web service to get a token which will then allow me to call another web service which will finally proceed to register the user (using the input AND the token).
So what I want to know is how to call this WS and retrieve it's response and then add that response (which would be the token) to the form used for user registration.
Edit: I'm using classic ASP
Depends on how the web service is written. These days most APIs are written using REST (i.e. standard HTTP GET/POST URL format). So you simply make a call to a URL, and get a value back - you can do this using ASP's "ServerXMLHTTP" component. e.g.
Set xml = Server.CreateObject("MSXML2.ServerXMLHTTP.6.0")
xml.Open "POST", sURL, False
xml.Send parms
returnValue = xml.ResponseText
Then do something with "returnValue"
Related
I'm working on BP monitor app and trying to test web APIs according to the documentation with the OAuth 2.0 type authorization. But I'm facing some problems to get validate GET or POST response.
Could you please help me how I can get the response of GET and POST web APIs.
1) In the postman app, you first enter your API endpoint into the URL field.
2) Just to the left of the URL input, there is a dropdown to select whether you'd like to send your request as GET or POST.
3) To the right of the URL input, you can define any extra parameters needed.
These parameters are where you can define specific details needed for your test-case.
Postman also allows you to easily generate OAuth tokens for testing (support for OAuth 1.0a and OAuth2).
I want to send a http request to a webservice ,which I implemented earlier, that need the user to be login. Now, I implemented a form page that do this for me and I need to change it for every different request.
As far as I know, Django need "csrftoken" and "sessionid" to allow requests. Unfortunately, I can not figure out how to add this two field to Postman client and interact with my Django services.
Postman receives cookies from chrome and you can retrieve them using the Postman interception plugin.
See here
Now after installing the plugin :
Create a new environment so environment variables can be stored
Create a method with a test to store the XSRF cookie value in an environment variable, in the test tab post this code
var token = postman.getResponseCookie("XSRF");
postman.setEnvironmentVariable("xsrf-token", token .value);
Now you will have an environment variable with xsrf-token in it.
Save your method
Create the new post and add XSRF-Token-Header Key in the header.
Access the token value with {{xsrf-token}}
Now before running your new request make sure you run the method, so that it can store the environment variable, and then when you run the actual request it will append its value in the header.
You can also refer this post.
Just in case : For ajax requests you can refer to the django docs
I have a web service which is validated by OAuth (Authorization code).
I am using Oracle IDM stack (OAM /Oath service , OES etc).
The issue is - I want to have OAUth validation only when a webService API is processed at the backend, but not when a client is just browsing a WSDL or XSD.
In my current implementation, I am using filter in the web.xml and I have added web service name ( which is web service Servlet) URL in the filters. The url to browse the service and execute the service, will have same name except the ?WSDL at the end of the URL, in case of WSDL/XSD query.
So, the problem is when I query WSDL, then also it goes goes via OAuth validation, which I don't want!
I tried to add logic to determine if the http query string is ?WSDL then by pass OAUTH validation, but it does not work because clients like SOAP UI and others can actually use ?WSDL in the URL, to even execute the web service API, which sort of fails the whole validation purpose.
Has anyone come across similar issue? how to resolve this issue ?
I'm very novice when it comes to web applications and ASP.
Recently, I've been experimenting with the Microsoft Sync Toolkit to synchronize databases over a OData web service.
The obvious question here is: Once the service is set up and published - so it is open for anyone knowing the URL - how to prevent unauthorized users from accessing this service.
Please note: Basic authentication of forms authentication - as far my little web development knowledge reaches - doesn't seem to be appropriate for this task, as it's not a web page that the client is trying to reach - where the page can display / or re-direct a logon request - it's a service that we are accessing here.
To make things more difficult, for the client-side syncing I'm using a 3rd party library/sync-provider that only accepts a URL for the service. So, there's no way (I think) I can experiment with incorporating login credentials inside a request header etc.
I assume the best bet would be embedding the login credentials inside the URL and use that for the 3rd party library.
Can somebody please direct me how to to set up such thing on the server? I would prefer to have somehow somewhere in the server-side code a place where I can check for the credentials and based upon it to proceed or abort (return 401) the service request.
I could not find any place where to hook such code into the sync service. Although somebody in MSDN suggested to handle the _OnBeginSyncRequest event, there is no way to access the web-request header from within that method.
Is there by-any-chance a global object accessible from everywhere from which I can access the request header? Could anyone please help with this?
And last, I would prefer a plain User / Password string pair. It should not necessarily (or rather not) have anything to do with windows or directory accounts. I would prefer in my code to simple check against plain strings, such if(userStr == "Authenticated user" && passwordStr == "Correct Password").
if you are using SOAP web service, you can use WS-Security usernametoken which adds your user name and password to the request header, otherwise you can add username and password as parameters in your webservice and then simply validate it on the server side. i.e.
instead of
bool SyncData(datatable)
it becomes
bool SyncData(datatable, username, password)
note for web service you will authenticate per call, if you want to do it per session, you need first login with username password, retrieves a token than on each subsequent call your service with the token.
You would also use SSL to secure the channel so username and password aren't transmitted as plain text.
I implemented a batch job which makes a webservice call within the same salesforce instance, which then is supposed to send emails with a pdf attachment,
since you cannot send pdf attachments directly from a batch job. My webservice call looks like this:
public static void callOut(List ids){
InvoiceAttachmentConnector.InvoiceAttachmentService ws = new InvoiceAttachmentConnector.InvoiceAttachmentService();
ws.SessionHeader = new InvoiceAttachmentConnector.SessionHeader_element();
ws.SessionHeader.sessionId = UserInfo.getSessionId();
ws.handleInvoicePdfAttachment(ids);
}
However in batch jobs UserInfo.getSessionId() returns null, therefore i get a INVALID_SESSION_ID exception.
How can i log in to get a SessionId? So far I found no solution to login from salesforce to salesforce. If u can help I would appreciate it! Thanks!
You cannot get a session Id like this in batch apex as it runs under the system context and so has no specific user info for retrieval.
UPDATE:
You have the following options:
Try running the web services wsdl from your Salesforce org through the wsdl to apex generator in your org to generate some classes that may allow you to login. You are only allowed one web service request per execute call.
You could create a sites page that you make a HTTP get request to in your batch apex. This needs to retrieve the Ids of the items you want to send the PDFs for and a particular user to run as for you to use the System.runAs(user) method. You could pass these parameters in the HTTPRequest header or in a custom setting.
Note that neither of these solutions are ideal, you may want to reconsider why you are using Batch apex first of all and see whether you could reimplement it in a different way.