I am using RESTClient for firefox addon to test REST API, i set some headers that's working fine if i set request body and method to GET , i couldn't access data via my PHP application, but headers available
**Request headers**
Content-Type : application/json
**Request Body**
[
{
"data1" : "value1",
"data2" : "value2",
"data3" : 1
}
]
How do i set Request body correctly?
Set a body to GET requests is a "nonsense" because GET means retrieve some information and the body of a request is used to send data.
It is precisely from this point of view that web servers, most of the time, ignore the body of a GET request, which could explain why you can't get your data from your PHP script.
If the purpose of your request is to create or update a resource you should consider using a POST or PUT to be REST.
There is already a topic opened with almost the same question here : HTTP GET with request body
Related
I want to run unit tests in my program whenever the api receives a request. the api returns a response once when it has received a valid request, but then later it will send once it's done with the unit tests. The first response is shown in Postman, but not the second repsonse. I can see that it getting send using wireshark though.
These are two separate responses and since this api is what it is, I don't have the power to change it. How can i use Postman to receive the second response as well?
Edit additional information is requested so:
I have in my collection a POST request and when I trigger it I get a response back with a body with:
{
"messageType" : "Response"
"options" : "async"
}
Then the code can see that another response is incoming later, because of the async token.
A bit later another response is received:
{
"messageType" : "Response"
"Tests" : "11 ok tests"
}
But in postman I can't seem to receive the second response, as the transaction is finished after the first one. How can I make postman also receive the second response?
Note - I am very much new to all this. Apologies if anything is unclear.
My overriding aim is to pull out MOT history data for a large batch of vehicles from the DVLA API. I understand that this can be done using Postman, which I am using (on a 64-bit Windows laptop if at all relevant).
The DVLA provide the following instructions
====================================================
Getting started
All API interfaces are implemented as restful APIs and accessed over https.
To access API you will need an API key that uniquely identifies the source of the request. DVSA will give you an API key if it approves your application.
You should keep your API key secure, as DVSA manages throttling and quotas at an API key level.
Each request must have the following mandatory fields in the header:
Accept: application/json+v6
x-api-key:
Content-type field confirms that the response type is in JSON format, and the x-api-key field serves your API key to identify the source of the request.
Technical resources
Access the API at https://beta.check-mot.service.gov.uk/
This root URL will change when the service moves from beta to live.
These 4 endpoints equate to the 4 methods of using the API:
/trade/vehicles/mot-tests?registration={registration}
‘Registration’ is the vehicle registration number.
===================================================
In order to test that this is possible, I am entering the following single request into the bar in Postman, selecting "POST" and hitting "SEND"
https://beta.check-mot.service.gov.uk/trade/vehicles/mot-tests?Content-type=application/json&x-api-key=ABCDEFGH®istration=MYREG
n.b. no inverted commas or other punctuation surrounds the actual values for ABCDEFH or MYREG
Expected result: Some sort of JSON with MOT history for this vehicle
Actual result: {"message": "Missing Authentication Token"}{"message": "Missing Authentication Token"}
I am unclear on:
- whether I should be using POST
what the +v6 after the application is necessary (other documentation leaves it out)
Why "Accept" and "Content-type" appear to be used interchangeably in the documentation
Whether the ordering of the parameters matters
Whether this can be equally tested by simply pasting the url into a browser
Thanks for any help
Reading through the Documentation found here:
https://dvsa.github.io/mot-history-api-documentation/
It mentions that those fields should be added as Headers:
Each request must have the following mandatory fields in
the header:
- Accept: application/json+v6
- x-api-key: <your api key>
There are example cURL requests on the site to help you with creating the request.
If you use Postman's Import feature within the app (found in the top right), you can add this cURL request in the Paste Raw Text tab.
curl -H "Accept: application/json+v6" -H "x-api-key: <your_api_key>" https://beta.check-mot.service.gov.uk/trade/vehicles/mot-tests\?registration=ZZ99ABC
This will give you an example request of what it should look like. From here, you will be able to add in your own API Token and send the request.
If you are using Postman, you can use the Authorization tab right under the request to give the required mandatory header fields. Select Header from Add to drop down. You can also add additional headers information using the next tab named Headers. (for example, the accept-headers).
Edit:
Authorization:
Headers Tab
Normally, you should be getting the authorization token when you register to the site in question(x-api-key here).You need to figure out the value of that token from the initial call's response headers. According to the document which Danny shared, you will be getting x-api-key from them once they approve your request.
Edit:
Alternatively, you can use import feature as Danny suggested in his answer. At the end of the day, you need to add the values as headers instead of query parameters.
For anyone using Python with the MOT history api and getting the same error message, try GET:
import requests
url = f'https://beta.check-mot.service.gov.uk/trade/vehicles/mot-tests?registration={plate_number}'
payload = {}
headers = {
'Accept': 'application/json+v6',
'x-api-key': 'your-api-key'}
response = requests.get(url, headers=headers, data=payload)
data = response.json()
model = data[0]['model'] # get the vehicle model for example
print(model)
I'm using OWASP ZAP to test our API. We have a couple of POST endpoints which use an API Token and a shared secret for authentication and validating the request.
Some parameters of the request body are concatenated and hashed using the shared secret. This value is inserted into the request header.
How can I programatically generate this signature using OWASP ZAP?
Request Header
Content-Type: "application/json"
Accept: "application/json"
API-Key: {API_KEY}
Signature: {hash(field_one + field_two + field_three + SHARED_SECRET)}
Request Body
{
"field_one": "abc",
"field_two": "123",
"field_three": "xyz"
}
The SHARED_SECRET is the password that is stored locally by the client and used to hash the three fields from the request.
It is stored on the server along with the API-Key so that requests can be identified and validated.
Use an HTTP Sender Script. Create it in the ZAP UI so that you can test it as you're writing it. First make sure you are just detecting the requests you want to change, then extract the field values you need and finally generate the hash. Keep testing at each stage to make sure its doing what you need. And if you need specific help theres always the zaproxy-scripts group.
I am working with mountebank to create mocks for an External REST API
which is a POST request with content-type : application/x-www-form-urlencoded.
The API is of format
https://<url>/dpay/MPmt
and data payload is passed in format msg=01223~20170607114321~ABC~12345~NA~NA
I have to search on the basis of ~ABC~12345~ which would remain constant.
I have used contains, matches and equals predicates but was not able to run them while passing the payload in request body.
However, I was able to get it running when passing payload as a query parameter
https://url/dpay/MPmt?msg=01223~20170607114321~ABC~12345~NA~NA
but can't find a way to get it done when passed in request body.
Any pointers would be really appreciated.
Use the predicate "contains" and pass your matching string only. What I suspect is that you are using
"contains" :
{ "body" : {
"msg": "~ABC~12345~"
}
}
this will look for an msg variable in the request body, instead, use
"contains" : {"body": "~ABC~12345~"}
and it will match it directly in your request body.
I faced the same issue, Hope it works for you.
I'm new to REST API**(is that really my REST problem?)**
I want to get all node from neo4js by using
Cypher
START n = node(*)
return n;
how do i use if i use jquery ajax POST or GET method
in doc it recommend
POST http://localhost:7474/db/data/cypher
Accept: application/json
Content-Type: application/json
In my code i write
$.ajax({
type:"POST",
url: "http://localhost:7474/db/data/cypher",
accepts: "application/json",
dataType:"json",
contentType:"application/json",
data:{
"query" : "start n = node(*) return n",
"params" : {}
},
success: function(data, textStatus, jqXHR){
alert(textStatus);
},
error:function(jqXHR, textStatus, errorThrown){
alert(textStatus);
}
});//end of placelist ajax
What's my problem?
The error alert is below
You dont say what kind of error you get, but running exactly the same code as you, I get the following error:
XMLHttpRequest cannot load http://127.0.0.1:7474/db/data/cypher.
Origin http://127.0.0.1:3000 is not allowed by Access-Control-Allow-Origin.
So I am assuming that this is the error you are experiencing.
When performing a cross-domain Ajax call, there are two options:
JSONP, which Neo4J does not support.
Cross-Origin Resource Sharing (CORS). "The basic idea behind CORS is to use custom HTTP headers to allow both the browser and the server to know enough about each other to determine if the request or response should succeed or fail".
The OPTIONS request sent before the POST (preflight request), returns the following headers from the Neo4J REST server:
Access-Control-Allow-Origin:*
Allow:OPTIONS,POST
Server:Jetty(6.1.25)
A cruical header is missing here, namely the Content-Type header. This means that the POST request will fail when this header is sent with the POST request, which is exactly what is happening in your $.ajax() call.
The POST will succeed if you remove the following line
contentType:"application/json",
from your $.ajax() call.
This will prevent jQuery from sending the Content-Type header.