I am unable to capture Rest API's in soapui with proxy - rest

I am using soapui(version 5.3.0) open source for API testing .
I want to fetch all Rest API's with proxy . But proxy is not working .
Can anyone help to solve out this problem with steps.
I tried the following steps.
1. In preference section step 2 (proxy setting )added host and port
2. same proxy setting is made on Firefox browsers
3. and launched HTTP monitor.
Unable to capture any API's with proxy.
But we can capture API's in postman etc with proxy.
Need to confirm the following things
If soapui does not support capturing rest API's till now for open source.
If yes how can i capture the rest API's.

Related

Trace HTTPS Web API calls from iPhone App

I am working with an iPhone application which interacts with a Web API. Since the endpoints are HTTPS, the data which communicates in-between the device and the Web API are suppose to be encrypted.
I am in need of finding every End-Points and the Data which communicates (Headers, Body Content) for each business scenario & for negative testing-flows.
Since the data which transmits are encrypted, I was unable to trace from the Fiddler which I tried while referring so several on-line tutorials.
(The reason why I am in need is because of I have got assigned to make a API Automation tool to simulate all the testing scenarios (happy-path, negative test-cases, etc))
Is there any better approach I can take to trace these API calls?
OR, is there a tool which I can try to trace these Web API calls which sends and receives from the iPhone?
TIA
Managed to get the Certificates for the HTTPS endpoints and added to the Certificate Manager (in a windows pc). Afterwards configured the proxy ports with fiddler echo service from the mobile device and was able to trace the HTTPs calls.
With the help of installing the certificates the HTTPS, intercepting the HTTPS is possible.

Parse-Server Rest API HTTP Authentication

I can not get the Rest API to work with Basic Authentication like in the guide i.e. https://myAppID:javascript-key=myJavaScriptKey#api.parse.com/1/classes/GameScore/Ed1nuqPvcm.
I can make it work if I use curl and pass the keys via HTTP Headers, however I'm trying to use a WebHook from another service and I don't have the ability to send HTTP headers.
2 issues when trying locally:
http(s) does not work even locally.
http gives me error:unauthorized.
I'm using parse-server installed via npm globally but don't see a place to add cert.
Please help!
I was able to use http local and remote using the format http://myAppId:myMasterKey#mydomain.com:1337/parse/classes/myClass and it worked fine. If you use Postman you have to turn on Basic Auth in the header section.

Circumventing web security limitations between two sites on the same server

I'm using Eclipse to develop an app that consists of an Angular 2 front end and a Java REST back end.
For the front end, I'm using the Angular CLI plugin, which starts the app by issuing an ng serve command to the CLI. This command sets up an http server on port 4200.
For the back end, I'm using an in-company framework that launches in Jetty within Eclipse in port 8088.
While both these ports are configurable, by nature of the frameworks and plugins in use, they'll always be distinct.
Authentication works via an OAuth2 service that is also deployed to port 8088, as part of the framework. This service sets a cookie which certifies the browser session as authenticated. I have verified that this service works correctly by testing it against a Swagger instance of the REST API (also running in 8088 as part of the same framework).
The problem is that when the browser is aimed at the Angular 2 app on :4200, its internal REST API requests to :8088 aren't carrying the authentication cookie. Presumably, this is because of cross-site protection.
Is there any way for the app or the framework to tell the browser that these two "sites" are actually part of the same system?
Alternatively, if I have to configure the dev browser (Chrome) to work, I can live with that too. However, I've tried the --disable-web-security --user-data-dir recommendation, but the cookie still doesn't show up on the requests.
Lastly, I have Apache installed on the dev machine. If I can set up appropriate vhosts and use it as a proxy so that the browser thinks it's all the same, that would probably work too. It would just be a matter of intercepting all /swagger and /api requests and sending them to :8088, and all forwarding all other requests to :4200. However, I've been banging my head against mod_rewrite and mod_proxy and haven't been able to come up with anything that works.
I think what you're looking for is
withCredentials = true
https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials

Confugaration/steps needed when consuming external Restful service from Fiori front end server

I have deployed a custom UI5 app ( using external REST ful services--> service hosted in another Java stack system) in the front end server.
I used Ajax to call the service directly with the URL as shown below.
This app has run successfully when i use "proxy" in local host(eclipse).
-->Ajax Call code Snippet
So i replaced proxy with target url while deploying in front end. (http ://xxx.xxx:port)
When running from front end server i got cross origin error as shown below.
Error1:<http://xxx:port/xxx/ngservices/rest/query/ZQUE_WEBSERV_APPHISTORY/executeGet. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://xxx:port' is therefore not allowed access. The response had HTTP status code 401>
After enabling CORS plugin in chrome i got unauthorised error as shown below.
Error2:<http://xxx:port/xxx/ngservices/rest/query/ZQUE_WEBSERV_APPHISTORY/executeGet. Response for preflight has invalid HTTP status code 401>
I got the above errors initally while running from localhost.After that i used proxy and it got solved.
I just deployed the app in frontend server and ran it directly. I haven't done any other configurations.
Do i need to do any extra configurations for consuming these external services or kindly suggest any other suggestions.
Important info:
*Able to call external service from localhost(eclipse--> used proxy here) but not able to call service from frontend server.
*Front end architecture: Central hub deployement and connected to SRM,HR and CRM backends currently.
Regards
Phani Poorna
Both of these errors can be solved by creating and configuring a destination on your platform.
A destination is essentially a proxy: when you create it, you specify the backend URL, the authentication mechanism (Principal propagation/basic authentication etc). From your client, you just need to then connect to your destination to query the backend.
What do you mean by Fiori front end server? Are you referring to the Portal service hosted on HANA Cloud Platform?
If so, then you can create a destination by going to Connectivity - Destinations from your HCP account. From your Fiori application, you then need to connect your destination using the following URL pattern:
/destinations/<destination name>/<whatever you want to add to the URL the destination points to>
If you are using a different PaaS, I'm sure it will have some similar way of creating a proxy between your client and your backend. (Edit: I just saw you're using the Central hub deployment - I am not familiar with this system but it must have a very similar way of creating destinations).
Hope this helps, let me know if you have any questions.

Bing Ads API behind a web proxy

My java client is running on Linux machine and working behind a web proxy (using squid web proxy)
My proxy was configured to be open to the “Service Endpoints” in the Page https://msdn.microsoft.com/en-us/library/bing-ads-overview-web-service-addresses.aspx
And to the redirect url: https://login.live.com/oauth20_desktop.srf
I’m getting the attached error:
com.microsoft.bingads.InternalException: Internal BingAds SDK exception has occured
at com.microsoft.bingads.internal.LiveComOAuthService.getAccessTokens(LiveComOAuthService.java:101) ~[microsoft.bingads-10.4.2.jar:na]
at com.microsoft.bingads.internal.OAuthWithAuthorizationCode.requestAccessAndRefreshTokens(OAuthWithAuthorizationCode.java:110) ~[microsoft.bingads-10.4.2.jar:na]
at com.microsoft.bingads.internal.OAuthWithAuthorizationCode.refreshTokensIfNeeded(OAuthWithAuthorizationCode.java:142) ~[microsoft.bingads-10.4.2.jar:na]
I'm using Bing Ads API SDK 1.4.2
My question is how what do i need to add to my proxy to make my call success
Are you still observing this issue? For troubleshooting it might help to capture the web traffic using a tool such as Fiddler. You can set the proxy as follows:
System.setProperty("https.proxyHost", "127.0.0.1");
System.setProperty("https.proxyPort", "8888");
For more information, please see the troubleshooting guide, or feel free to contact support anytime.