I would appreciate if anybody could tell me a suitable App/tool to execute Sabre SOAP Requests without WSDL.
I understand we need to pass WSDL as an URL in order to execute sample SOAP requests in tools like "Boomerang", "SoapUI" etc.
However my clients have shared their user credentials which is not having any WSDL information, am pretty naive in order to access their CERT endpoints.
NOTE: am having CERT endpoint (URL), EPR, iPCC details.
please go to Sabre Developer and register for an account there, you can send a mail to sabre support for activating your account with your credentials, so that you have access to Resource pages, where you get all the wsdl links.
and you can use the tool Boomerang, i use this tool, as this has very user friendly UI, and much better than SoapUI.
Session Create:
URL, here you can find all links related to session create.
Thanks.
Related
Unable to retrieve ANY data when I try to fetch simple content from Archer via REST API calls through Postman or Mule.
1. Is URL below correct? What am I missing?
2. How to get Reports via Archer REST API i.e what API resource to use.
Have seen the Archer REST documentation but do not find it clear enough.
Have tried GET & POST, with Authorization configured, through Postman:
https://hostname/platformapi/core/security/login https://hostname/platformapi/core/content/123
https://hostname/RsaArcher/platformapi/core/content/123
I get 'Unauthorized: Access is denied due to invalid credentials.' error although I am told to have access.
Please suggest proper API call/path to be used and if any specific settings is to be made to retrieve data?
Archer version: 6.5
Note: Through POSTMAN and Mule, I have successfully consumed REST API from other secured applications. Struggling with Archer.
Thank you.
The documentation for Archer REST API was mentioned in a previous answer and seems to require a login into their site: https://stackoverflow.com/a/38511131/721855
This KB article shows examples on how to use the API from Powershell: https://community.rsa.com/docs/DOC-45643. It should be easy to adapt to Postman, Mule or whatever other language/tools.
I recently had the same issue. The company had anonymous authentication disabled on the api directory. The user account running postman must have access to the api directory. If you are still getting a 401, see if you anonymous access can be enabled to rule out other non-access related issues. If you are able to generate a security token when calling core/security/login when anonymous authentication is enabled, then you know the issue is that your account did not have access to the api directory. If you are not able to make the request successfully with anonymous authentication enabled, then you know the issue is likely with the way you've structured your REST call. Hope this helps!
Authentication to any Archer API is two step process. First you have to call an authentication resource or method. That will return a session token. You must then add that token to the request headers for subsequent requests. Your header would look something like this:
Authorization: Archer session-id=439C730FF83F68EFDC017ED705D9908E
Without this header, you'll get a 401 for any request other than an authentication request.
My sectoken is authorized but I don't know how to formulate a URL so that I can bypass the WSO2 IS sign-in page (login.do).
I read online it can be passed through a link in this format:
localhost:9443/samlsso?SAMLRequest=[SAMLRequest]§oken=[SECTOKEN]
I'm just not sure what to put in for [SAMLRequest].
As for the answer, you may try to use OneLogin PHP module to generate a SAML Request.
Here is an example SAML Authn Request however you may need to change the issuer, destination, AssertionConsumerURL, and issue timestamp.
Please note there's difference when sending SAML Request as GET and POST. GET (Redirect-Binding) uses deflate and encode, signature is a separate request parameter, POST (POST-Binding) uses signed XML and only encoded XML, not deflated.
SAML is great protocol (very well designed and secure when implemented properly), but it may look difficult for people who hasn't use it before, it may require using external libraries to properly create requests and validate responses. That's why you may be as well looking for option which would may make your life simpler, such as using WSO2IS for SSO (single-sign-on) e.g. using simpleSAMLphp or direct OAuth authorization request.
I'm building a web application that features a RESTful API, but I have some doubts.
Yes, I have a SSL certificate for my domain, would that be enough for sending POST (login, with username and password as a plain text, for example, as parameters) requests to my web application?
Another question: should I save a session-id on the client (localStorage) to make a sort of auto-login if the session is still available?
Should I save something else?
How do I "auto-login" with the session-id only?
Note: Every request (except /login) would be authenticated with the session-id.
Thank you in advance for replying.
you can use basic authentication or oauth2.0 with an Authorization header containing a token for each request.
https://oauth.net/2/
https://aaronparecki.com/oauth-2-simplified/
I am trying to create a Rest Api using a token based Authentication.
Is there any best practice in passing credentials from client to server for generating the token. As a HTTP Header or as a JSON String in post body?
I have been searching around but was not able to find any concrete answers.
Don't try to reinvent the wheel. For a good starting point look here:
best-practices-for-securing-a-rest-api-web-service
For my API implementation and my needs, I choose a simple BasicAuth (send credentials with the header) and any other tokens, and security related data I added to the JSON payload with each request.
Dont forget to set SSL as mandatory.
I would recommend using the Open ID Connect authentication protocol, and more specifically using a third party service or solid library that implements this protocol. Open ID Connect builds on OAuth 2 and is now widely used with support for various development languages and frameworks: http://openid.net/developers/libraries/
A successful authentication step results in an "access token" that can then be passed to your REST API where it is validated for authenticity. In Open ID Connect this token is passed as an HTTP header vs. the POST body.
If you roll your own protocol, or even develop your own Open ID Connect implementation, be aware of the details as it is very easy to overlook something small and thus create an insecure API. See the OAuth 2.0 Threat Model and Security Considerations for examples of what I am referring to. Due to this concern I always recommend use of an existing, well-vetted implementation.
I need to develop a REST Web Service using ZEND Framework. I am new to this area. I would like to know how can I authenticate user's requests to my web service. Assume I am giving a token to all the people who use my web service. I can ask them to pass the token on every request. But Please suggest me if there and standard / better way to implement authentication for REST web service.
Thank you.
Prasad
I usually include the token in the http header with each request then on the server parse the header and validate the token.
X-Authorization-Token: <some hash value>
It's also completely acceptable to do as you are suggesting and require the user to send the token as part of the GET/POST/PUT/DELETE request as you would with a standard page. I have seen others put the value in a COOKIE as well.