Skip to main content
Released

HTTPCaller to specify client certificates

Related products:Transformers
  • April 20, 2022
  • 11 replies
  • 301 views
martinkoch
Supporter
Forum|alt.badge.img+22

Hello all,


Working for Dutch local governmental organisations, I more and more encounter webservices which require a certificate to be send as part of the authentication / authorization process. My guts feeling is, that this is especially the case with API's providing 'personal information', and that it is a hobby of Java developers...


Searching the Safe forums, I found this post most prominent, which suggests to use the python requests library (also the most FME compatible solution The Internet provides).


I can't see how to implement this in a connection-services-template...

So, please Safe Software, make this possible...


Martin

This post is closed to further activity.
It may be an old question, an answered question, an implemented idea, or a notification-only post.
Please check post dates before relying on any information in a question or answer.
For follow-up or related questions, please post a new question or idea.
If there is a genuine update to be made, please contact us and request that the post is reopened.

11 replies

L
  • lucit
  • June 2, 2022

Very much needed! Please implement this feature.

phoeffler
Contributor
Forum|alt.badge.img+7
  • phoefflerContributor
  • Contributor
  • August 12, 2022

This would also be useful for an ongoing project with our organization.

_fabian_
Contributor
Forum|alt.badge.img+5
  • _fabian_Contributor
  • Contributor
  • September 22, 2022

DTAG also requires this...

 

Edit: For anyone who also needs to use the DTAG Telekom MB2B REST API, here's my Python Code to get the contract list:

 

Startup-Python-Script

global cert
global key
 
cert = FME_MacroValues['FME_SHAREDRESOURCE_DATA'] + "certs/Telekom/cert.crt"
key = FME_MacroValues['FME_SHAREDRESOURCE_DATA'] + "certs/Telekom/private.key"

PythonCaller:

import fme
import fmeobjects
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.retry import Retry
 
class FeatureProcessor(object):
    def __init__(self):
        pass
        
    def input(self, feature):
        headers = {
            "Authorization": "Bearer " + feature.getAttribute('token'),
            "Customer-Number": feature.getAttribute('RELATEDPARTY')
        }
        
        url = \
        FME_MacroValues['URL'] + \
        "productInventoryManagement/" + \
        FME_MacroValues['VERSION'] + \
        "/product?agreement.id=" + \
        FME_MacroValues['FRAMECONTRACT'] + \
        "&relatedParty.id=" + \
        feature.getAttribute('RELATEDPARTY') + \
        "&productOrder.externalId=00000&filter.product.type=tariffList&limit=0"
        
        
        retry_strategy = Retry(
            total=3,
            status_forcelist=[400, 429, 500, 502, 503, 504],
            allowed_methods=["HEAD", "GET", "OPTIONS"]
        )
        adapter = HTTPAdapter(max_retries=retry_strategy)
        http = requests.Session()
        http.mount("https://", adapter)
        http.mount("http://", adapter)
 
        response = http.get(url, headers=headers, cert=(cert, key))      
                
        feature.setAttribute("contracts_list",response.text)
        self.pyoutput(feature)
        
    def close(self):
        pass

 

david_r
Celebrity
  • david_rCelebrity
  • February 9, 2023

This is recurring request for us as well.

perry
Forum|alt.badge.img+2
  • perry
  • June 21, 2023

Hope the issue is realized soon!

lifalin2016
Supporter
Forum|alt.badge.img+40
  • lifalin2016Supporter
  • Supporter
  • August 18, 2023

I suggested the same thing back in 2020, but sofar nothing :-(

-- Cheers, Lars I.
david_r
Celebrity
  • david_rCelebrity
  • October 31, 2023

This is increasingly important, as more and more APIs are getting stricter access control. We are seeing a marked uptick in the number of private API endpoints that now require using a client certificate, which unfortunately can only be done using non-trivial Python code. 

Suggestion: implementing an option in the HTTPCaller to specify a PKCS#12 (.p12) certificate archive and associated password would help a very long way. This would be the equivalent in cURL:

$ curl --cert-type P12 --cert <cert-file.p12>:<password> https://api.example/endpoint

@richardatsafe​ @steveatsafe​ Any chance of getting this into 2024?

steveatsafe
Safer
Forum|alt.badge.img+13
  • steveatsafeSafer
  • Safer
  • November 1, 2023

pushing for it... (but I won't pretend I have any weight on the decision to move on this).

It's getting harder to not support this.

SteveatSafe
martinkoch
LizAtSafe
Safer
Forum|alt.badge.img+18
  • LizAtSafeSafer
  • Safer
  • September 26, 2024
OpenReleased
LizAtSafe
Safer
Forum|alt.badge.img+18
  • LizAtSafeSafer
  • Safer
  • September 26, 2024
OpenReleased
LizAtSafe
Safer
Forum|alt.badge.img+18
  • LizAtSafeSafer
  • Safer
  • September 26, 2024
OpenReleased

Community Stats

32,205
Posts
122,290
Replies
39,887
Members

Latest FME

Terms & ConditionsCookie settingsAccessibility statement
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.