Skip to main content

Hi,

 

 

I have made a workflow that connects to a web API using the HTTP caller. I authenticated with Oauth2 and everything worked fine with my own account on the API service. I then went on to make separate web connections for the accounts of my colleagues. But now I got "access denied".

 

 

It turns out when retrieving the user info with the HTTP caller it logs on to my account no matter what web connection I set in the HTTP caller. I even removed the web connection with my own credentials completely but still I get a json response with my account details.

 

 

How is this even possible and is it a bug in the HTTP caller or the API I'm logging on to?

 

 

 

Thanks!

 

Hi @j2, thanks for your question!

 

May I ask what service you are connecting to? Would you be able to share your workspace or HTTPCaller parameters, and possibly your web connection parameters (a screenshot perhaps)?

 

Thanks,

 

Nathan

Hi NathanAtSafe,

 

 

Absolutely! I'm connecting to something called Projectplace https://service.projectplace.com/apidocs/

 

It's a project management system.

 

 

When I authenticate I get a pop-up window where I let the "app" get access to my account.

 

The information is correct and I can see the name of the app and account correspond.

 

However if I use a HTTP caller to get https://api.projectplace.com/1/user/me/profile

 

It returns the info for my own account even though I removed it.

 

The client id and secret is of course updated to correspond to the other account but it doesn't change anything.

 

 

 


Hi NathanAtSafe,

 

 

Absolutely! I'm connecting to something called Projectplace https://service.projectplace.com/apidocs/

 

It's a project management system.

 

 

When I authenticate I get a pop-up window where I let the "app" get access to my account.

 

The information is correct and I can see the name of the app and account correspond.

 

However if I use a HTTP caller to get https://api.projectplace.com/1/user/me/profile

 

It returns the info for my own account even though I removed it.

 

The client id and secret is of course updated to correspond to the other account but it doesn't change anything.

 

 

 

Thanks for following up @j2,

 

After taking a look at the API and your settings, it does look OK to me. I checked with one of our developers and we've used Google connections in this way without issue, so I am hesitant to point to a problem with the HTTPCaller or Web Connection framework. If there was a bug I'd expect more reports of the issue.

 

 

If you'd like to troubleshoot this more in-depth, I'd suggest opening a support ticket: www.safe.com/support/. Unfortunately it's difficult to investigate these issues as it may be impossible to reproduce without your app and account credentials.

 

 

Best,

 

Nathan
Thanks for following up @j2,

 

After taking a look at the API and your settings, it does look OK to me. I checked with one of our developers and we've used Google connections in this way without issue, so I am hesitant to point to a problem with the HTTPCaller or Web Connection framework. If there was a bug I'd expect more reports of the issue.

 

 

If you'd like to troubleshoot this more in-depth, I'd suggest opening a support ticket: www.safe.com/support/. Unfortunately it's difficult to investigate these issues as it may be impossible to reproduce without your app and account credentials.

 

 

Best,

 

Nathan
Hi NathanAtSafe,

 

I tested with a third PC where I hadn't previously set this up and it turned out it's simply a cache issue when you authenticate FME access to your API. There's a "remember credentials" option on the API popup which apparently saves your initial credentials even though you want to use a different account. So now I at least know how to avoid the issue.

 

 

Thanks for looking into it!

 


Hi NathanAtSafe,

 

I tested with a third PC where I hadn't previously set this up and it turned out it's simply a cache issue when you authenticate FME access to your API. There's a "remember credentials" option on the API popup which apparently saves your initial credentials even though you want to use a different account. So now I at least know how to avoid the issue.

 

 

Thanks for looking into it!

 

Ah interesting! Thanks for sharing your findings.

 

 

Happy FME-ing.

 

Nathan

 

 


Ah interesting! Thanks for sharing your findings.

 

 

Happy FME-ing.

 

Nathan

 

 

Hi again NathanAtSafe

 

It isn't as simple as I thought and I have absolutely no clue to how I clear the cache. I've tried clearing webcache in all browsers since I get this authentication window up when testing the web connection but no luck. I also contacted the developers of the API.

 

 

 


I solved it by deleting the cookies file in AppData\\Local\\FME Workbench\\QtWebEngine\\Default

 

 

For this particular API it is impossible to add multiple connections without deleting the cookie each time you've authenticated. Maybe other API's have similar issues.

 

 


Reply