Skip to main content
  • EN

Hello all,


Working for Dutch local governmental organisations, I more and more encounter webservices which require a certificate to be send as part of the authentication / authorization process. My guts feeling is, that this is especially the case with API's providing 'personal information', and that it is a hobby of Java developers...


Searching the Safe forums, I found this post most prominent, which suggests to use the python requests library (also the most FME compatible solution The Internet provides).


I can't see how to implement this in a connection-services-template...

So, please Safe Software, make this possible...


Martin

Very much needed! Please implement this feature.

This would also be useful for an ongoing project with our organization.

DTAG also requires this...

 

Edit: For anyone who also needs to use the DTAG Telekom MB2B REST API, here's my Python Code to get the contract list:

 

Startup-Python-Script

global cert
global key
 
cert = FME_MacroValues['FME_SHAREDRESOURCE_DATA'] + "certs/Telekom/cert.crt"
key = FME_MacroValues['FME_SHAREDRESOURCE_DATA'] + "certs/Telekom/private.key"

PythonCaller:

import fme
import fmeobjects
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.retry import Retry
 
class FeatureProcessor(object):
    def __init__(self):
        pass
        
    def input(self, feature):
        headers = {
            "Authorization": "Bearer " + feature.getAttribute('token'),
            "Customer-Number": feature.getAttribute('RELATEDPARTY')
        }
        
        url = \
        FME_MacroValues['URL'] + \
        "productInventoryManagement/" + \
        FME_MacroValues['VERSION'] + \
        "/product?agreement.id=" + \
        FME_MacroValues['FRAMECONTRACT'] + \
        "&relatedParty.id=" + \
        feature.getAttribute('RELATEDPARTY') + \
        "&productOrder.externalId=00000&filter.product.type=tariffList&limit=0"
        
        
        retry_strategy = Retry(
            total=3,
            status_forcelist=[400, 429, 500, 502, 503, 504],
            allowed_methods=["HEAD", "GET", "OPTIONS"]
        )
        adapter = HTTPAdapter(max_retries=retry_strategy)
        http = requests.Session()
        http.mount("https://", adapter)
        http.mount("http://", adapter)
 
        response = http.get(url, headers=headers, cert=(cert, key))      
                
        feature.setAttribute("contracts_list",response.text)
        self.pyoutput(feature)
        
    def close(self):
        pass

 

This is recurring request for us as well.

Hope the issue is realized soon!

I suggested the same thing back in 2020, but sofar nothing :-(

This is increasingly important, as more and more APIs are getting stricter access control. We are seeing a marked uptick in the number of private API endpoints that now require using a client certificate, which unfortunately can only be done using non-trivial Python code. 

Suggestion: implementing an option in the HTTPCaller to specify a PKCS#12 (.p12) certificate archive and associated password would help a very long way. This would be the equivalent in cURL:

$ curl --cert-type P12 --cert <cert-file.p12>:<password> https://api.example/endpoint

@richardatsafe​ @steveatsafe​ Any chance of getting this into 2024?

pushing for it... (but I won't pretend I have any weight on the decision to move on this).

It's getting harder to not support this.

OpenReleased
OpenReleased
OpenReleased

Community Stats

31,830
Posts
120,884
Replies
39,464
Members

Latest FME

Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.