REST Client add-on for testing

Options
HFCDev
HFCDev
in AppWorks #1

I read in the CS REST API development guide that it's possible to use a REST client add-on with your browser. I've been trying out REST Easy for Firefox with little success. What are others in the OT Development community using when they want to test out an API without building a full-on Javascript client?

At this point, using the REST Easy API, I successfully authenticated, and added OTCSTICKET as a header with the payload from the response from the auth POST. At first, I wasn't seeing OTCSTICKET in the headers within builder, but in builder they show up as HTTP_OTCSTICKET, i.e.
HTTP_OTCSTICKET = 'JjFrL24sKa1\/ORLOoFKmOVwDlYBu+AU4M+qB5yVgCLo='
It shows up with the correct name in fiddler though. The error I'm getting back is
LibOTSecBuiltins: Decryption failed - data_len: 8 crypt_len: 0
Check HTTP Referer has been disabled for the RestAPI since it does not make sense.
Dispatcher error: Authentication Required
Since this is happening in a built-in, I doubt I can debug what is coming back. Here is the string I'm trying to decode from the API. It looks like a base64-encoded string and I've used this before in sample applications. Also, I don't see an HTTP Referer in Fiddler. Any suggestions?
-Hugh

Tagged:

Comments

  • Marcin Pacyga
    Marcin Pacyga
    #2
    Options

    hi Hugh,

    What are others in the OT Development community using when they want to test out an API without building a full-on Javascript client?

    Many people use Postman for Google Chrome.

  • Ferdinand Prantl
    Ferdinand Prantl E mod
    #3
    Options

    Everyone I know develops with Chrome and uses its extensions to quickly try the REST API requests. Chrome extensions like Advanced REST Client, Postman and REST Console are superior to Firefox extensions REST Easy, RESTClient and Poster. I'd recommend Chrome + Advanced REST Client.

    REST Easy can show you only raw JSON responses, which means you need one more tool to display them parsed. Posting forms in RESTClient is inconvenient, because you have to set the content type and type the encoded payload. Posting with Poster is better, but it can show only raw responses. Trying occasionally a request is acceptable with them, but not a routine work.

    If you get an error "Authentication Required" and you sent a ticket, the ticket was expired or invalid. Use the OTCSTicket pasted from a REST client tool or the Fiddler. Don't paste it from the Builder - it's more work to get it anyway and I'm not familiar how OScript character escaping works. "\/" in your sample feels weird. Backslash cannot stand alone and slash needn't be escaped.

    You can try BASE64-decoding the ticket, but in the REST API scenario it is of no use. It is not guaranteed that it will be a BASE64 encoded content either. You should take it as an opaque string to use as-is just in the header.

    Referer is sent by the browser when you requesting a URL from an aleady opened page. If you try requests by a REST client, there's no page and thus no referer. Referer doesn't make sense in the REST API scenarios.

  • HFCDev
    HFCDev
    #4
    Options

    I will try Google Chrome on my VM. The ticket string I copied from builder is actually the same as the ticket I saw in the response I originally got from the response to my call to AUTH. It is possible that REST Easy isn't assembling the headers correctly although oddly the header looked right in fiddler. I also tried to do a Str.FromBase64() on the ticket and it came back undefined. Perhaps some characters got lopped off. One more thing: what is the typical expiry for a ticket generated by the AUTH method? When I performed the steps outlined here, I used a ticket that was less than 1 minute old.
    -Hugh

  • HFCDev
    HFCDev
    #5
    Options

    I've retried with the Advanced REST client for Google Chrome and it works. I'm just wondering if anyone has had any experience scripting it so that you can send the AUTH request and use whatever ticket in a subsequent call that you're testing. I'm going through this process because I want to eventually start extending the REST API.
    -Hugh

  • Ferdinand Prantl
    Ferdinand Prantl E mod
    #6
    Options

    OTCSTicket currently shares its value with the LLCookie including all its settings, including expiration time. I think that it is different in different CS versions; on my CS 10.5 it defaults to 30 minutes. Constantly communicating tools should refresh its value from successful responses - they all contain the OTCSTicket header for this purpose.

    It may be possible to script the Advanced REST client, but I didn't look for such possibility, because I don't use the OTCSTicket, which changes. When I test the CS REST API, I use Basic Authentication. Providing I know a user credentials, it allows me to send a constant authentication header, which is remembered by the Advanced REST client and doesn't need to be changed.

Categories

image
OpenText CE Products
AppWorks
Gateway & Platform