REST API Authentication Header
Hello,
I am trying to use the ticket returned by the authenticate REST API call to my subsequent POST call for creating a node (folder) . What should be the token/parameter name to send this ticket along in my second call? I am using Postman client for now against a CS 20.3 CE version. I see references to this parameter being different in other examples including "OTCSTicket", "otcsticket", "OTCSTICKET" etc. but none of these seem to work and I always get back a 401 unauthorized response. Any pointers would be helpful.
Thank you.
Comments
-
Quick question in Postman you are putting otcsticket would you just turn it into the code section and check if it looks like this under the HTTP section
Try with a GET changing it to a valid node
http://myserver/otcs/cs.exe/api/v1/nodes/22232
GET /otcs/cs.exe/api/v1/nodes/22232 HTTP/1.1
Host: myserver
otcsticket: 4b+hB0/14O1oXcd0xpNv7nxtLAKlCVsgXZStJabb0au33YlLF7PqxV1zoYCCe7LI+NP2GyvKjL0bsJ7w2u/uLEr3vMRm6RQq
that was a GET if you see a form or anything just remove everything as postman sometimes adds stuff you do not want
you could also get wrong if the API doesn't reveal the user from the ticket like when you got the auth you got a ticket from say one of 3 servers that is a reverse proxy/LB setup so your auth token actually came from Server1, but your folder create is actually going to Server3.In one of my earlier post where I showed you https://forums.opentext.com/forums/developer/discussion/302784/adding-classification-to-a-document-using-rest-api#latest
I seemed to have mentioned I use OTDSticket , it has more information than the otcsticket has so it aids in negotiating redirects etc....
(BTW: My theory as I found that in my many debugging cases)
If you are on the Livelink server and if you issue
http://localhost/otcs/cs.exe/api/v1/auth and turn around and then use that ticket into an FQDN like http://myserver/otcs/cs.exe/api/v1/nodes/22232
you will get 401. These are basically LLCookie and it does issues based on the server :).There are a bunch of rules in Livelink that say how should a LLCookie be generated and so on.
0 -
One other aspect is for debugging easily OT allows Basic Authentication so if you hardcode username/password in REST API calls you won't need the ticket. If that works and if tickets don't work then that tells you your ID is not revealed in the ticket. Note OT provides that only to help in developing not a standard for production-worthy code https://forums.opentext.com/forums/developer/discussion/comment/932936#Comment_932936
In a java client that will go as a Base64 encoded string :)
0 -
Hello Ramesh,
You mentioned header in the title but I wanted to make sure you were using the header tab in postman and not a body or parameters section. That could explain your issue. Also check to see what your authorization tab is set to. For my use I have authorization set to "no auth" and added a key=OTCSTicket in the headers tab with a value of the token.
0 -
Hello Matthew, Appu,
Thank you for responding. I am in fact using the header tab with "OTCSTicket" as the key name. I finally got this working. What I found out was that when the ticket returned by the "auth" call contains a forward slash ("/") as part of the value, the ARC client escapes it with a back slash ("\") automatically in the response. Once I unescape this and cleaned up the ticket value, I am able to use it in my subsequent call. The Postman client does not seem to do this and shows the value as is.
So I am assuming OTCSTicket is the correct key name to use then? Or does the API calls support other combinations of this key as well (like "otcsticket", "OTCSTICKET" etc.)?
0 -
HTTP header names are case-insensitive. You can write OTCSTicket as you wish.
Mind that using OTDSTicket will cost you one hop CS->OTDS to get it validated. OTDSTicket is usualy used only for the very first REST call to CS. The response of every REST call contains OTCSTicket, which the application usually remembers and uses for the next call and repeats this pattern so that the ticket does not expire, as long as the communication continues.
0
Categories
- All Categories
- 122 Developer Announcements
- 53 Articles
- 149 General Questions
- 148 Thrust Services
- 56 OpenText Hackathon
- 37 Developer Tools
- 20.6K Analytics
- 4.2K AppWorks
- 9K Extended ECM
- 917 Cloud Fax and Notifications
- 84 Digital Asset Management
- 9.4K Documentum
- 31 eDOCS
- 181 Exstream
- 39.8K TeamSite
- 1.7K Web Experience Management
- 8 XM Fax
- Follow Categories