Am currently developing a RestAPI out of some webservices that use soap as messaging protocol.
I managed to develop Login api and I get the needed token but when I attempted to use the token for another api call it is always mentioning the error: token expired
The error can be solved if I manage to add the Set-cookie value from the Login response header to the new api request, is there any idea how can I dynamically get the Set-Cookie value ?
Related
I've automated OAuth2.0 in Katalon to get the token code. The Access token code is replicated as expected in Response with 200 OK.
Now I want to use that Access Token Code and hit another POST API. Can we declare that response as global variable or in HTTP Headers?
I'm trying to get an access token in Jmeter, and it works fine with postman, but I end up with an error in response in Jmeter saying
{
"error":"invalid_grant",
"error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
"status_code":400
}
Postman Body
Header in postman
I get access token as json response when i post this request
My setup in Jmeter looks as follows:
HTTP request
HTTP Header
I get following response when i run the test in jmeter
{
"error":"invalid_grant",
"error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
"status_code":400
}
Given you send the same requests you should be getting the same responses so most probably the requests differ somewhere somehow.
You need to compare raw request body from Postman and the same from JMeter using View Results Tree listener
One obvious difference is missing Accept header in JMeter.
It might be the case that variables like ${_code} and ${base64HeaderValue} don't have their respective values, you might want to check them using Debug Sampler
And last but not the least, if your request works in Postman you can just record it using JMeter's HTTP(S) Test Script Recorder, just configure Postman to use JMeter as the proxy
And next time you run the request in Posman JMeter will capture it and store the relevant HTTP Request sampler (with the HTTP Header Manager) under the Recording Controller
I'm developing a google-smart-home action. I want to authenticate requests by API Key.
So...
Is there a way to add my original header value to HTTPS request from Google-Smart-Home?
If there is no way...
Is there a way to make sure that the google-smart-home webhook request is from Google other than validating Authorization header?
Requests are authenticated using OAuth 2 and an authentication code flow, not an API key. There is not a way to add a header value.
I'm trying to get Azure mobile services working with custom authentication. I came across this article:
Get started with custom authentication
and another thread with detailed explanation:
Implement Custom Authentication In Windows Azure Mobile Services.
My question is:
once the token is received after login, does it need to be validated manually similar to this thread ?
I've tried passing the token as Authorization header, but the ServiceUser is always null. (I'm using Fiddler for testing the endpoints)
You do not need to validate the token. Azure Mobile Services will do this for you. For example, it will automatically check if the token has expired, if it has been generated for your particular service (if it's been derived from your Master key), etc.
For example, if you have marked a method with [AuthorizeLevel(AuthorizationLevel.User)] and the token is not valid, AMS will automatically return error response (probably 401 Unauthorized HTTP response). So you do not have to worry about validating the tokens.
In order to use the provided token you have to add the X-ZUMO-AUTH header with the token as value to the request that you send to your service.
I'm logging my users in using SOAP in my app. But then I want to use Analytics API, which is REST. But I don't want them to enter their credentials all over again.
Is there a way that I can use my already obtained SOAP sessionId as the token for REST API?
When I tried to do that, I got an authentication error back from the REST call. Did I miss something or is it just not possible?
Yes its possible, just use the SOAP session Id in the same place you'd use a access token you'd gotten via OAuth, by adding a Authorization: Bearer {sessionId} HTTP header to your REST API requests.