Skip to main content
  • EN

Hi All,

Fairly new to FME, and brand spanking new to Rest APIs.

i have an API integration that i worked out in Postman, but, i’m struggling to translate that to FME workbench for use in an FME Server Automation.

In postman, i have to use a GET to generate an antiforgery token, then use a POST to log in, a second GET to update the antiforgery token and then a second POST to send the actual content i want to .. uh.. send.

now, in Postman, my request looks like:
GET {{DeskAlertsURL}}api/xsrf/get


with the following auto generated headers:
Cookie:

Host:

User-Agent:

Accept:

Accept-Encoding:

Connection:

and the actual request headers look like (i {{shortened}} some of them for readability):
GET https://URL/DeskAlerts11/api/xsrf/get
Request Headers
User-Agent: PostmanRuntime/7.36.0
Accept: */*
Postman-Token: acbb9ca8-9dc2-44b1-888e-63468a39523f
Host: deskalerts.ipf.msu.edu
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: .AspNetCore.Antiforgery.awpUR7lE5Fk={{Shortened}}; XSRF-TOKEN={{X-XSRF-TOKEN Body}}; __Secure-refresh={{Shortened}}; __Secure-token={{Shortened}}; incap_ses_6520_3027157={{Shortened}}; incap_ses_8215_3027157=1{{Shortened}}; visid_incap_3027157={{Shortened}}

My response has no body, and the following headers (again, some shortened for readability):

Cache-Control: no-cache, no-store
Pragma: no-cache
Transfer-Encoding: chunked
Set-Cookie: XSRF-TOKEN={{Shortened}}; path=/DeskAlerts11; secure; samesite=strict
X-XSS-Protection: 0
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
X-Robots-Tag: noindex
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Embedder-Policy: credentialless
X-Permitted-Cross-Domain-Policies: none
Permissions-Policy:{{Shortened}}
Content-Security-Policy: default-src 'self'; base-uri 'self'; script-src 'self'; script-src-elem 'self' '{{Shortened}}' '{{Shortened}}' '{{Shortened}}'; script-src-attr 'self'; style-src 'self' 'unsafe-inline'; img-src * 'self' data: blob:; font-src 'self'; connect-src https: wss:; media-src * 'self' data: blob:; object-src 'none'; child-src 'none'; frame-src *; worker-src 'self'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests;  block-all-mixed-content; manifest-src 'self'; report-uri https://dadebug.report-uri.com/r/d/csp/enforce
Strict-Transport-Security: max-age=7776000
X-POWERED-BY: nonsense
X-ASPNET-VERSION: nonsense
Date: Tue, 05 Mar 2024 16:16:24 GMT
X-CDN: Imperva
X-Iinfo: {{Shortened}}

 

What i’m unsure of is, how to configure the http caller to receive the appropriate headers so i can get the token i need to pass on for the various POST actions.

 

 

To clarify a little on this - the GET doesn’t have a response body, just the headers, which is i think why i’m facing a challenge mapping to an attribute, since the body is empty. 

So i guess how do i/can I see the response headers in FME workbench?

i’ve made some headway on this - i found a reference online that showed how to select headers from the responses, the header i’m looking for happens to be the second header in the group:
 

i’m then parsing out a match for everything between the first “=” and “;” character to isolate the X-XSRF-TOKEN.
i am then taking that and passing it on to a second HTTP Caller for the POST:
 

i’m using the generic body:
 

{
"body": "Alert body text",
"title": "Broadcast API test",
"templateId": 6,
"skinId": 1,
"isEveryone": true,
"recipients": b]
}

which works in postman, with only 2 headers: 
 

i’m getting an invalid header error:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Header</h2>
<hr><p>HTTP Error 400. The request has an invalid header name.</p>
</BODY></HTML>


which i’m kind of assuming is because of the headers that Postman is autogenerating that i don’t have. i’ll keep plugging away at adding headers until (hopefully) this works.
 

To sum this up for anyone who might be looking for it in the future - the initial question was “How to i get response headers” and the method is outlined here:
FME Documentation

you can use list exploder (if you want all of them) or attribute exposer (to be selective) to get the header names and values from response_headers{}.name and response_headers{}.value

Reply


Community Stats

30,405
Posts
115,523
Replies
38,210
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.