I am using httpclient to automate rest api Get calls and in same I am getting cookies that contains csrf token that I need to login into my project , but I am not able to find out the way how to do so.
just need to print closeableHttpResponse , it will give you all responses and then get the cookie value like this
String value = closeableHttpResponse.getHeaders("Set-Cookie")[0].getValue();
Related
The API:
There is a public API available at https://interviewer-api.herokuapp.com/ that you can use to manage your finances in a very simple way.
The API has 2 endpoints:
/login gives you a token which you need to use in subsequent calls to the API in the Authorization header. Every call returns a new token with some initial transactions and balance.
/balance gives you your current balance along with a currency code.
So what I want to do is that I am sending a POST request for 'login' and getting a token as response. Now I want to use this TOKEN in my next request for 'Balance' as a Header.
So is there a way in SOAP UI and POSTMAN by which I can capture the response and then automatically store it as a header for the next requests so that I do not have to manually do it again and again.
You should do the following:
Execute your /login request to get the token
In the tests sections, do:
var body = JSON.parse(responseBody);
postman.setEnvironmentVariable("token", body.token);
Use the above token in /balance requests as header item:
Authorization: {{token}}
This will make sure all your request have valid token generated on run time.
Normally, /login will send the token in response header so take that response header value and store it as environment variable and use that variable for all subsequent requests.
Token as a response body is bad practice as response body should include only API business logic but your case is to authenticate so it should be a response header or a cookie(correct me if I am wrong).
In postman, if you enable the 'Interceptor' then it will take that cookie by default and use that for all subsequent requests so no need to store that cookie too as a variable.
Im a relative noob to automated testing - currently, I'm using Postman to generate RestSharp code for API requests in Visual Studio 2017 Enterprise.
Esentially, I'm creating a basic unit test, then plopping in the code to execute the test
What I need to know is this - is it possible for me in my tests to first do a login call and SAVE my bearer token in order to use in in all subsequent calls - in postman, this is easy because I can just set an environmental variable that pulls it in.
So essentially, what I need to do is make a login call to return the bearer token
save the bearer token, then use that token in the subsequent calls I make
Any help is GREATLY appreciated!
A bit late, but here is how I does it:
Use RestSharps JwtAuthenticator. Get your access token the way you already do. Next create the JwtAuthenticator and finally use that authenticator in your RestSharp calls:
var accessToken = GetAccessToken(); // Does what ever is required to get the acces token
Authenticator = new JwtAuthenticator(accessToken);
...
var client = new RestClient("http://example.com");
client.Authenticator = Authenticator;
...
// All requests will be correctly authenticated
client.Execute(requestA);
client.Execute(requestB);
client.Execute(requestC);
....
When I try to access rest API using iPhone I have passed following parameter in URL and used both methods POST and GET but it displays Access Denied.
oauth_version="1.0",
oauth_signature_method="HMAC-SHA1",
oauth_nonce="B0dlzkfMWCAn0TJ",
oauth_timestamp="1366280813",
oauth_consumer_key="klkjylsiozbv6vfdsqtuheqo3kmqqzv2",
oauth_token="t9pefrwylmg7webyepsqepotlhzbytkp",
oauth_signature="NeOwbCLUPbIyF9ErnHoFQOl9%2Bwo%3D"
I have worked with REST Client plugin available for Firefox and Chrome, REST API is work well using REST Client plugin but not accessible in iPhone.
I am generating a random value for oauth_timestamp, oauth_signature and oauth_nonce then also REST API is displaying Access Denied.
Please provide suggestions.
//here final_sign is signature generated from following procedure.
$nonce = substr(md5(uniqid('nonce_', true)),0,16);
$temprealm="http://magentohost/api/rest/products";
$realm=urlencode($temprealm);
$oauth_version="1.0";
$oauth_signature_method="HMAC-SHA1";
$oauth_consumer_key="dfddfgdgdfgddf6qgygmyvw7e3";
$oauth_access_token="fdgdfgfdgdfg357gimpdnuejvcbtk51ni";
$oauth_method="GET";
$oauth_timestamp=time();
$algo="sha1";
$key="sb88hfdihyg25ipt1by559yzbj2m3861&s7uhaheu8nrx961oxg6uc3os4zgyc2tm"; //consumer secret & token secret //Both are used in generate signature
$data="oauth_consumer_key=".$oauth_consumer_key."&oauth_nonce=".$nonce."&oauth_signature_method=".$oauth_signature_method."&oauth_timestamp=".$oauth_timestamp."&oauth_token=".$oauth_access_token."&oauth_version=".$oauth_version;
$send_data=$oauth_method."&".$realm."&".urlencode($data);
$sign=hash_hmac($algo,$send_data,$key,1); // consumer key and token secrat used here
$fin_sign=base64_encode($sign);
echo $fin_sign;
From your question I understand that you use a random value for the signature and the nonce.
The latter would be fine, but a random signature would lead the receiver not to trust you as a legitimate client.
So, actually, you get the response you requested (;-)). But that does not solve your problem.
You have to generate a valid signature for the magento system.
I am trying to access a REST web service using HTTP GET request.
For a example following URI provides Rest web service that return all the available parts for the given category.
http://localhost:8080/mycompany/parts/category
I want to authenticate/authorize users who are accessing above REST request in each time and I want to pass User authentication details (User Name and Token) with the HTTP Get Request.
Is there a possibility to cater to the above requirement in REST HTTP GET request (using HTTP header or query parameters)?
or
Is it better to use HTTP POST instead of HTTP GET?
Since you are getting information, you should use "Get". Here's the code that I use (it is Restlet based) for adding the oauth_token to the request...
import org.restlet.data.Reference;
import org.restlet.ext.oauth.OAuthUser;
import org.restlet.representation.Representation;
import org.restlet.resource.ClientResource;
Reference commitsRef = new Reference(Consts.RESOURCE_BASE + "commitments/");
OAuthUser u = (OAuthUser) request.getClientInfo().getUser();
String token = u.getAccessToken();
ref.addQueryParameter("oauth_token", token);
ClientResource commitsResource = new ClientResource(getContext(), commitsRef);
Representation commitsRep = commitsResource.get();
As mentioned, this is Restlet based, but there is probably something similar in the framework you are using. (And if you are not using a framework, Restlet can make this easier).
if you are using restlet than good because restlet have rich api for rest framework
but without this if you want to authenticate than
you can do same thing with GET or POST
but send your credential data trough cookie
and read same cookie using #CookieParam from server side
in this way you can easily authenticate user.
I am getting response from facebook API for accesstoken but can't able to parse that because no ? symbol getting in URL
Example:
http://YOUR_URL#access_token=166942940015970%7C2.sa0&expires_in=64090
I want to get the access_token value in CGI variable.
You will not get access_token this way on server-side (which is probably case for CGI) because of # (hash sign).
Everything after # called fragment identifier and will not be passed to server. It will exist only on client-side, so you probably need to parse it's on client side or pass it to server side in other ways than regular request to this URL...
I am getting response in this URL so i need the access_token value..can't able to get from client side..