We are planning use below rest request for SAP-Successfactor, which send bulk request at a time in Body
Please find Example below :
OData API POST Request : https://<>/odata/v2/$batch
Body Start :
--batch_36522ad7-fc75-4b56-8c71-56071383e77b
Content-Type: application/http
Content-Transfer-Encoding: binary
GET getUsersByDynamicGroup?groupId=6119L&$format=json HTTP/1.1
Content-Type: application/json;charset=UTF-8
--batch_36522ad7-fc75-4b56-8c71-56071383e77b
Content-Type: application/http
Content-Transfer-Encoding: binary
GET getUsersByDynamicGroup?groupId=6000L&$format=json HTTP/1.1
Content-Type: application/json;charset=UTF-8
--batch_36522ad7-fc75-4b56-8c71-56071383e77b
Content-Type: application/http
Content-Transfer-Encoding: binary
GET getUsersByDynamicGroup?groupId=1588L&$format=json HTTP/1.1
Content-Type: application/json;charset=UTF-8
--batch_36522ad7-fc75-4b56-8c71-56071383e77b
Content-Type: application/http
Content-Transfer-Encoding: binary
GET getUsersByDynamicGroup?groupId=1234L&$format=json HTTP/1.1
Content-Type: application/json;charset=UTF-8
--batch_36522ad7-fc75-4b56-8c71-56071383e77b
Content-Type: application/http
Content-Transfer-Encoding: binary
GET getUsersByDynamicGroup?groupId=123L&$format=json HTTP/1.1
Content-Type: application/json;charset=UTF-8
--batch_36522ad7-fc75-4b56-8c71-56071383e77b--
Body End :
Response in Body :
--batch_c96b193b-b98c-4a4b-b479-696536f72239
Content-Type: application/http
Content-Transfer-Encoding: binary
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
DataServiceVersion: 1.0
Content-Length: 133
{
"d" : [
{
"firstName" : "Automation", "lastName" : "User9", "middleName" : "Test", "userId" : "103272", "userName" : "103272"
}
]
}
--batch_c96b193b-b98c-4a4b-b479-696536f72239
Content-Type: application/http
Content-Transfer-Encoding: binary
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
DataServiceVersion: 1.0
Content-Length: 127
{
"d" : [
{
"firstName" : "Ava", "lastName" : "Johnston", "middleName" : null, "userId" : "ajohnston", "userName" : "Ava"
}
]
}
When we send request in Post, I know its secure
but still I was just thinking is safe to do all this ?
Please ignore me I am asking some basic question .
Please enlighten me if you have something to share regarding this.
Related
https://fitness.googleapis.com/fitness/v1/users/{userId}/dataSources/{dataSourceId}/dataPointChanges
I could not find the data for the place holders in this link.
Could someone please point out where to find the dataSource and userId.
Thank you
I thought that that information would auto fill. But this is the response that I am receiving
HTTP/1.1 403 Forbidden
Content-length: 281
X-xss-protection: 0
X-content-type-options: nosniff
Transfer-encoding: chunked
Vary: Origin, X-Origin, Referer
Server: ESF
-content-encoding: gzip
Cache-control: private
Date: Thu, 16 Feb 2023 20:21:30 GMT
X-frame-options: SAMEORIGIN
Alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-type: application/json; charset=UTF-8
{
"error": {
"status": "PERMISSION_DENIED",
"message": "The caller does not have permission",
"code": 403,
"errors": [
{
"reason": "forbidden",
"message": "The caller does not have permission",
"domain": "global"
}
]
}
}
DELETE /blogger/v3/blogs/5513539034599838234/posts/4774307106656272015?key=AIzaSyC0W3U9uPnhVADKMhIb5Uj0EmunOsAh7oc&access_token= HTTP/1.1
Host: www.googleapis.com
Content-length: 0
Authorization: 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
HTTP/1.1 403 Forbidden
Content-length: 281
X-xss-protection: 0
X-content-type-options: nosniff
Transfer-encoding: chunked
Vary: Origin, X-Origin, Referer
Server: ESF
-content-encoding: gzip
Cache-control: private
Date: Wed, 15 Jun 2022 09:08:50 GMT
X-frame-options: SAMEORIGIN
Alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-type: application/json; charset=UTF-8
`{
"error": {
"status": "PERMISSION_DENIED",
"message": "The caller does not have permission",
"code": 403,
"errors": [
{
"reason": "forbidden",
"message": "The caller does not have permission",
"domain": "global"
}
]
}
}'
I am using Dredd to test one of my endpoints. I think the test is failling due to the headers, because I'm getting the following expected:
headers:
Content-Type: application/json
body:
[
{
"id": 15107,
"name": "Route Name",
"date": "2022-01-27T09:00:00",
"full_user_name": "Test Admin",
"url": "api/2/users/1/routes/15107"
}
]
statusCode: 200
And the following actual:
statusCode: 200
headers:
date: Wed, 02 Feb 2022 12:54:11 GMT
server: WSGIServer/0.2 CPython/3.6.9
content-type: application/json; charset=utf-8
vary: Accept, Cookie
allow: GET, POST, PATCH, HEAD, OPTIONS
access-control-allow-origin: None
access-control-allow-methods: POST,GET
access-control-allow-headers: Origin,Content-Type,Accept,Accept-Encoding
access-control-allow-credentials: true
x-frame-options: SAMEORIGIN
content-length: 136
bodyEncoding: utf-8
body:
[
{
"id": 15107,
"name": "Route Name",
"date": "2022-01-27T09:00:00",
"full_user_name": "Test Admin",
"url": "api/2/users/1/routes/15107"
}
]
The only difference I see is the headers. Is there any way to ignore those? Like, for instance, content-length header. Maybe I only need to include the auth header in the Open API file. Right now I have specified documentation as follows:
...
securitySchemes:
ApiKey:
type: apiKey
name: Authorization
in: header
description: Authentication token
security:
- ApiKey: []
And running dredd as follows with a python server:
dredd oas-routes.yaml http://127.0.0.1:8000/api/2/users/1/routes --header="Authorization: Token 6b232e1c00bbc8b12d0066a483bf401009fbdb21"
Any idea how to do this correctly? I'm quite new to testing with dredd to be honest.
I'm attempting to POST Authenticate using REST Client in vscode, but it isn't accepting my form-data. This is the http code from postman which appears to match specs on https://marketplace.visualstudio.com/items?itemName=humao.rest-client but I don't understand why it doesn't like my credentials when submitting from vscode. Any help or pointers greatly appreciated.
Request:
POST /myservicestack/authenticate/credentials HTTP/1.1
Host: services.mydomain.com
Accept: application/json
cache-control: no-cache
Postman-Token: cdax7d61-8d8b-4f3q-b45v-74a240f33693
Content-Disposition: form-data; name="UserName"
myemail#address.com
Content-Disposition: form-data; name="Password"
My Password!
Content-Disposition: form-data; name="RememberMe"
true
------WebKitFormBoundary7MA4YWxkTrZu0gW--
Response:
{
"responseStatus": {
"errorCode": "ValidationException",
"message": "Validation failed: \r\n -- 'User Name' should not be empty.\r\n --
'Password' should not be empty.",
"errors": [
{
"errorCode": "NotEmpty",
"fieldName": "UserName",
"message": "'User Name' should not be empty.",
"meta": {
"PropertyName": "User Name"
}
},
{
"errorCode": "NotEmpty",
"fieldName": "Password",
"message": "'Password' should not be empty.",
"meta": {
"PropertyName": "Password"
}
}
]
}
}
The tool here is a red-herring and you should be checking what data format the server endpoint is expecting its data in. Typically REST services are expecting requests as JSON, but that is not universally true.
So for example (including both header and body):
POST https://example.com/comments HTTP/1.1
content-type: application/json
{
"UserName": "myemail#address.com",
"Password": "My Password!",
"RememberMe": true
}
If you want to see what the server may be receiving, then you can check against a service such as https://requestbin.com/ - just don't include any sensitive data.
I have a file container hosting my images. I did create some additional properties for that container using slc loopback:property and put in a string types such as: title, description, date(date). I am able to upload my image via api/containers/{container}/upload
Using Advanced REST Client, I add an HTTP Header: application/x-www-form-urlencoded
I then input data into my forms. I add my image and send, here is my response:
```
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
X-Xss-Protection: 1; mode=block
X-Frame-Options: DENY
X-Download-Options: noopen
X-Content-Type-Options: nosniff
Content-Type: application/json; charset=utf-8
Content-Length: 205
Etag: W/"cd-dUHU2bNp6fDC61813wVPRw"
Date: Fri, 24 Jun 2016 20:52:13 GMT
Connection: keep-alive
```
```
{
"result": {
"files": {
"fileUpload2": [
{
"container": "images",
"name": "pnw.png",
"type": "image/png",
"size": 269360
}
]
},
"fields": {
"created": [
"04/20/2016"
],
"title": [
"title"
],
"description": [
"this is a description"
]
}
}
}
```
I am curious, is the fields object stored somewhere? (I do have mongo connector good to go) or is this in memory? I can't seem to find it anywhere and not sure how to do a GET req. My ultimate goal is to do one image post with additional parameters/properties and retrieve the same in one instance. Thanks!
I will go another route as I do not think I am understanding content-disposition correctly.