Unable to retrieve ANY data when I try to fetch simple content from Archer via REST API calls through Postman or Mule.
1. Is URL below correct? What am I missing?
2. How to get Reports via Archer REST API i.e what API resource to use.
Have seen the Archer REST documentation but do not find it clear enough.
Have tried GET & POST, with Authorization configured, through Postman:
https://hostname/platformapi/core/security/login https://hostname/platformapi/core/content/123
https://hostname/RsaArcher/platformapi/core/content/123
I get 'Unauthorized: Access is denied due to invalid credentials.' error although I am told to have access.
Please suggest proper API call/path to be used and if any specific settings is to be made to retrieve data?
Archer version: 6.5
Note: Through POSTMAN and Mule, I have successfully consumed REST API from other secured applications. Struggling with Archer.
Thank you.
The documentation for Archer REST API was mentioned in a previous answer and seems to require a login into their site: https://stackoverflow.com/a/38511131/721855
This KB article shows examples on how to use the API from Powershell: https://community.rsa.com/docs/DOC-45643. It should be easy to adapt to Postman, Mule or whatever other language/tools.
I recently had the same issue. The company had anonymous authentication disabled on the api directory. The user account running postman must have access to the api directory. If you are still getting a 401, see if you anonymous access can be enabled to rule out other non-access related issues. If you are able to generate a security token when calling core/security/login when anonymous authentication is enabled, then you know the issue is that your account did not have access to the api directory. If you are not able to make the request successfully with anonymous authentication enabled, then you know the issue is likely with the way you've structured your REST call. Hope this helps!
Authentication to any Archer API is two step process. First you have to call an authentication resource or method. That will return a session token. You must then add that token to the request headers for subsequent requests. Your header would look something like this:
Authorization: Archer session-id=439C730FF83F68EFDC017ED705D9908E
Without this header, you'll get a 401 for any request other than an authentication request.
Related
Im trying to make an .NET 5 Web Api works with Jwt Bearer token. I want some operations to be secured by using a token that comes from another issuer. The token would be generated by MS Azure AD. The application will read the token from the request header, validate it and extract the user's roles for more validations. The app shoudn't be the issuer of the token.
Is this possible? I tried so many ways to make this works without success. I setup Swagger to use OpenId Connect with Microsoft Azure and then the bearer is used to call the secured operations but always got errors. Now I don't understand how Dotnet Core Authencation and Authorization works.
Thanks in advance!
That will definitely work OK but requires an understanding of the science:
AZURE AD TOKENS
I would first look at the JWT in an online viewer. There is a known issue with the default setup where you get JWT access tokens that cannot be validated. See Step 3 of my blog post for details.
UNDERSTAND PRINCIPLES
Validating a JWT involves the general steps in this blog post. Once you understand this it will hopefully unblock you.
C# JWT ACCESS TOKEN VALIDATION IN APIs
The Microsoft framework often hides the required logic, which doesn't always help, and the option I prefer is to validate JWTs via a library.
Aim to understand how to use the JwtSecurityTokenHandler class to validate a JWT manually, eg in a console app. Maybe borrow some ideas from this C# code of mine.
C# AUTHORIZATION
Once JWT validation works, the next step is to use the details in the ClaimsPrincipal to determine whether to allow access to data. I would get on top of the JWT validation first though.
I am playing around with IBM Cloud Functions (OpenWhisk) and trying to setup authentication through OAuth with Facebook as the provider. I have setup an app with Facebook, I am able to successfully connect with this and fetch my token and I am able to verify this by fetching basic profile information (name and userID).
My problems starts when I enable OAuth in the IBM Cloud Functions API. I get a HTTP code 500 back from the call with very little information about what actually went wrong.
{"code":500, "message":"Oops. Something went wrong. Check your URI and try again."}
The only thing that is stated in the dashboard is:
You can control access to your API through the OAuth 2.0 standard. First require an end user to log in via IBM Cloud App ID, Facebook, GitHub, or Google. Then include the corresponding OAuth token in the Authorization header of each API request. The authenticity of the token will be validated with the specified token provider. If the token is invalid, the request will be rejected and response code 401 will be returned.
With this information I got that I need pass the token with the Authorization header. My best guess is that the call fails somewhere when the token is being validated.
I am using Vue and Vue-axios to perform the API call. My current call looks like this:
this.$http.get(API_URL+"?user_id="+localStorage.user_id,{headers :{'authorization':localStorage.token}}).then((response) => {
console.log(response);
});
I have tried adding bearer/Bearer or token/Token in front of the token (some posts I read indicated that you should do this), but this had no impact on the response.
If I disable the OAuth authentication from the Cloud Functions side, the code above works and correctly retrieves the data (with or without the header option).
From the Chrome Dev tools it looks to me like the token is added correctly to the request, since the request headers have the Authorization header with the token.
I am not that familiar with OAuth or IBM Cloud Functions, so the problem might have a very easy fix. However, I am unable to find documentation which clearly shows me how I am supposed set this up. I am also unable to find any logs or more information about what actually fails here. Am I missing something obvious here?
Kjetil
Hi We have a rest end point and if it is expecting user principle in its request object how to send the same from your postman tool explicitly
I hope what you implies by 'user principle' is the user authentication. Then you are referring on how we can send REST commands with including authentication information (token, etc.)
Currently postman supports Basic Auth, Digest Auth, OAuth 1.0a, OAuth 2, Hawk and AWS authentication.
If what you are handling in the server is one of them, then please refer this link to see how we can prepare the authentication details in the Postman request.
If its a custom method, then please examine the 'Header', 'Cookies' and other relevant titles in this page and prepare the postman request according to what you are expecting from the server-side manually.
I'm attempting to use the OneNote REST API. In order to test the features, I'm tyring to use Postman REST Client.
I am using Postman's built in OAuth 2.0 flow with the following parameters:
Authorization URL: https://login.live.com/oauth20_authorize.srf
Access Token URL: https://login.live.com/oauth20_token.srf
Client ID: CLIENT_ID
Client Secret: CLIENT_SECRET
Scope (Optional): wl.signin%20wl.basic
Below you can see the setup I am using for the MS App Dashboard.
I am able to get the token, but when I attempt to call a REST API endpoint, the API returns "401 unauthorized".
Is there something I'm missing here? I think the scope is right, and the space character is properly escaped. Thanks in advance.
I did some more research into the scopes and found this
Looks like I needed to use wl.signin%20office.onenote%20office.onenote_create to get sign in, basic features, and write features.
I'll leave this post up here so anyone else trying to figure this out can save a few hours!
This looks correct, thanks for posting this. The scopes are important and must be correct so the user knows what they are allowing the app to access.
I'm trying to make a call to the new Office 365 File REST APIs. (As explained here).
I'm using Postman rest client to send the request.
I have registered my application in Azure AD and given it full permissions to 'Office 365 SharePoint Online'.
I can successfully get an authorization token using the clientId generated in Azure AD.
However when I attempt to list files, using the access token I get an error.
------------------
RESOURCE HTTP GET:
------------------
URL: https://<OUR_DOMAIN>-my.sharepoint.com/personal/<user_domain>/_api/Files
HEADER: Authorization: Bearer <access token>
Response:
3001000;reason="There has been an error authenticating the request.";category="invalid_client"
What can cause this issue?
Not sure what steps you've tried to use to resolve this, so it's hard to help you out here. I've just finished writing up more detailed instructions on the steps to register an app to call OneDrive for Business. It's long and complicated right now, but we're working to make things better in the future.
You can check out the details of how to do auth here: https://dev.onedrive.com/auth/aad_oauth.htm
Make sure you aren't asking for too many permissions, since that will require your app to be authenticated by an admin instead of the end user. For most apps, you can just use the "My files" permission scopes which can be accepted by the user of your app directly.
If you post more information about what calls you're making, responses, and app configuration in AAD I might be able to help more.
You may have been using different resources.
Check whether the resource which you have used for getting access token is same as which you are requesting for getting files.
for example :
If the resource which you have mentioned while requesting access token be :: "https://tenant-my.sharepoint.com/"
Then you need to make request on the same resource for accessing files :: "https://tenant-my.sharepoint.com/_api/v2.0/drive/root/children"
The above request give list of root children.
tenant --> domain name which was registered to your organisation.
Follow this documentation for further accessing the api