I've automated OAuth2.0 in Katalon to get the token code. The Access token code is replicated as expected in Response with 200 OK.
Now I want to use that Access Token Code and hit another POST API. Can we declare that response as global variable or in HTTP Headers?
Related
Am currently developing a RestAPI out of some webservices that use soap as messaging protocol.
I managed to develop Login api and I get the needed token but when I attempted to use the token for another api call it is always mentioning the error: token expired
The error can be solved if I manage to add the Set-cookie value from the Login response header to the new api request, is there any idea how can I dynamically get the Set-Cookie value ?
I'm trying to get an access token in Jmeter, and it works fine with postman, but I end up with an error in response in Jmeter saying
{
"error":"invalid_grant",
"error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
"status_code":400
}
Postman Body
Header in postman
I get access token as json response when i post this request
My setup in Jmeter looks as follows:
HTTP request
HTTP Header
I get following response when i run the test in jmeter
{
"error":"invalid_grant",
"error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
"status_code":400
}
Given you send the same requests you should be getting the same responses so most probably the requests differ somewhere somehow.
You need to compare raw request body from Postman and the same from JMeter using View Results Tree listener
One obvious difference is missing Accept header in JMeter.
It might be the case that variables like ${_code} and ${base64HeaderValue} don't have their respective values, you might want to check them using Debug Sampler
And last but not the least, if your request works in Postman you can just record it using JMeter's HTTP(S) Test Script Recorder, just configure Postman to use JMeter as the proxy
And next time you run the request in Posman JMeter will capture it and store the relevant HTTP Request sampler (with the HTTP Header Manager) under the Recording Controller
I use the Postman desktop app for web API testing. I have a lot of controllers and for each need a token. First I get Bearer token and then copy it to other requests. This token have limit time. Can I get token automatically and then automatically set it to all others requests ?
ok, I just used Environments in postman.
1 - create new Environment with token.
2 - add test after auth request like this :
var jsonData = JSON.parse(responseBody);
var token = jsonData._token;
postman.setEnvironmentVariable("token", token);
3 - just set {{token}}
And of course you can set token before request if you use Pre-request Script in one of requests.
Write below code in tests tab in postman for your login request.
if(pm.response.code === 200) {
pm.environment.set('authToken', pm.response.json().token)
}
Then edit your collection and set your env authToken inside.
You can save and re-use the token's using the Token Name from Postman. You can select it from the available token list.
One of the many cases are.
Request for a refresh token using the credentials
Use the refresh token to get an access token
Use the access token to authenticate the API.
The step 1 sometimes requires us to login to an interface of the API provider and get an authentication code to our callback url. Some API provider's allow us to override this by providing the client_secret key and the client_id as an authorization header and the refresh token as the request parameters and by setting prompt as none.
From the documentation.
prompt (optional)
none no UI will be shown during the request. If this is not possible (e.g. because the user has to sign in or consent) an error is returned.
https://identityserver.github.io/Documentation/docsv2/endpoints/authorization.html
All you need to know about the identity servers are here.
https://identityserver.github.io/Documentation/
I want to be able to download a file from an API call. For argument's sake, let's say it's an automagically generated PDF file.
I have two problems:
Anchor tags can't add Authorization headers to the request, only XHR can.
XHR requests cannot download files.
My solution is to write my API with an [AllowAnonymous] end point in it, which takes the access_token as a parameter. I then validate the access token by hand and return a 401 or stream the PDF.
Is there a better solution than this or, if this is the best solution, how do I validate the access_token within the API?
This approach is totally fine.
If you want to use middleware to validate the token - it depends which middleware you are using. The plain Microsoft JWT bearer middleware has some events you can implement to retrieve the token from a query string alternatively.
The identity server token validation middleware has a TokenRetriever property which also allows you to retrieve the tokens from multiple/alternative locations.
I'm logging my users in using SOAP in my app. But then I want to use Analytics API, which is REST. But I don't want them to enter their credentials all over again.
Is there a way that I can use my already obtained SOAP sessionId as the token for REST API?
When I tried to do that, I got an authentication error back from the REST call. Did I miss something or is it just not possible?
Yes its possible, just use the SOAP session Id in the same place you'd use a access token you'd gotten via OAuth, by adding a Authorization: Bearer {sessionId} HTTP header to your REST API requests.