Is it possible to call a RESTful web service that uses basic authentication using COBOL to make a call to DB2? The username/password are not passed in the URL, but are captured in the HTTP session to provide authentication.
Using something like
> http://username:password#myhost
does not work. I've created clients in Java and modded the proxy to pass the username/password in the HTTP session, but not sure if this can be done via DB2 called from COBOL batch.
EXEC SQL
SELECT RETURNCODE, RETURNMSG
INTO :SIMR-RETURNCODE, :SIMR-RETURNMSG
FROM XMLTABLE(
'$d/*:Envelope/*:Body/*:myWebServiceResponse/*:messageResponse'
PASSING XMLPARSE(DOCUMENT
DB2XML.SOAPHTTPNV(VARCHAR (:WS-URL),
VARCHAR (:BEACTION),
VARCHAR (:BEXML))
) AS "d"
COLUMNS
"RETURNCODE" VARCHAR(4) PATH '*:returnCode',
"RETURNMSG" VARCHAR(156) PATH '*:returnMessage'
) AS T
END-EXEC
:WS-URL = http://username:password#host/webservice
Is there a way to set the username/password that will be made in the HTTP session call? The webservice I'm calling uses basic auth to validate against AD/LDAP.
Related
I am trying to run queries in our ERP system to collect large sums of data. I can access our Epicor queries via REST API V2. I'm troubleshooting in Postman with the goal of having Python automate the data collection.
My header in Postman contains my basic HTTPS authentication and API key. I'm using the suffix /Data to show the data from this specific query.
API call in postman using basic HTTPs authentication (username/pass) and API key in the header.
However, in python I can't figure out how to extract the same data. I've tried the API HTTPS address with /?api-key=" "/Data?, but it only returns the metadata of the query. I believe this is a syntax issue within python that I'm missing because it clearly works in postman.
How to I correctly call this API in python to extract the full data and not just the metadata? Image of metadata returned by Python (removed "/Data?" from query)
Note that no combination of suffix (i.e. /Data?, &metadata#data) works in Python. It only returns the metadata, and nothing else.
In PowerApps, custom connector, I need to define the entire structure of the call when I create the custom connector. I know I can mark certain fields (query params) as parameters that can be filled during run time.
What I try to do is to set the value of one of my security http headers at run time.
My connector, with an API key, makes a call to the /extra/auth end point
/extra/auth returns another key value.
I need to use this new key value in any consecutive calls to my APIs in the HEADER of the request.
I can use two separate connectors for the auth and for the application logic (which seems logic to me).
How would you go to set an http header value at run time for a custom connector - REST api?
What is the best way to set up HTTP GET and POST methods with a kdb database?
I'd like to be able to extract the column names from a kdb table to create a simple form with fillable fields in the browser, allow users to input text into the fields, and then upsert and save that text to my table.
For example if I had the following table...
t:([employeeID:`$()]fName:`$(); mName:`$(); lName:`$())
So far I know how to open a port \p 9999 and then view that table in browser by connecting to the local host http://localhost:9999 and I know how to get only the column names:cols t.
Though I'm unsure how to build a useful REST API from this table that achieves the above objective, mainly updating the table with the inputted data. I'm aware of .Q.hg and .Q.hp from this blog post and the Kx reference. But there is little information and I'm still unsure how to get it to work for my particular purpose.
Depending upon your front-end(client) technology, you can either use HTTP request or WebSockets. Using HTTP request will require extra work to customize the output of the request as by default it returns HTML data.
If your client supports Websockets like Javascript then it would be easy to use it.
Basically, you need to do 2 things to setup WebSockets:
1) Start your KDB server and setup handler function for WebSocket request. Function for that is .z.ws. For eample simple function would be something like below:
q) .z.ws:{neg[.z.w].Q.s #[value;x;{`$ "'",x}]}
2) Setup message handler function on the client side, open websocket connection from the client and send a request to KDB server.
Details: https://code.kx.com/v2/wp/websockets/
Example: https://code.kx.com/v2/wp/websockets/#a-simpledemohtml
Our current implementation of the REST API uses apiKey inside queryString for all type of request(PUT, POST, GET). I feel it's wrong but can't explain why(maybe the apiKey can be cashed somewhere between server and client). Something like:
POST /objects?apiKey=supersecret {name: 'some'}
So, is it a security problem? Please describe both HTTP and HTTPS connection case
HTTP
Your supersecret values can be seen and intercepted by thirdparties whenever you send it from the client to the server or vice versa irrespective of whether you use PUT,POST, etc. This is even true when you use cookies for storing those values instead of query string.
HTTPS:
When the data is in transit between your client and server it cannot be intercepted since its protected by https, even if it is in query string. But most people consider sending data in query string as bad, since many system logs the query strings. For eg most servers are configured to print the access logs with the path & query parameters. Also if its from a browser it can be stored in your browser history.
I'm developing an Azure application using this stack:
(Client) Angular/Breeze
(Server) Web API/Breeze Server/Entity Framework/SQL Server
With every request I want to ensure that the user actually has the authorization to execute that action using server-side code. My question is how to best implement this within the Breeze/Web API context.
Is the best strategy to:
Modify the Web API Controller and try to analyze the contents of the
Breeze request before passing it further down the chain?
Modify the EFContextProvider and add an authorization test to
every method exposed?
Move the security all into the database layer and make sure that a User GUID and Tenant GUID are required parameters for every query and only return relevant data?
Some other solution, or some combination of the above?
If you are using Sql Azure then one option is to use Azure Federation to do exactly that.
In a very simplistic term if you have TenantId in your table which stores data from multiple tenants then before you execute a query like SELECT Col1 FROM Table1, you execute USE FEDERATION... statement to restrict the query results to a particular TenantId only, and you don't need to add WHERE TenantId=#TenantId to your query,
USE FEDERATION example: http://msdn.microsoft.com/en-us/library/windowsazure/hh597471.aspx
Note that use of Sql Azure Federation comes with lots of strings attached when it comes to Building a DB schema one of the best blog I have found about it is http://blogs.msdn.com/b/cbiyikoglu/archive/2011/04/16/schema-constraints-to-consider-with-federations-in-sql-azure.aspx.