Skip to main content

Hi all,

I want to read out an Rest API. I examined the contents of the api using Swagger. I first have to authorize myself to use the api. After that I have to login on the API. With Swagger this works all well.

How can I do this in Workbench? I started with a creator. Connected to that I use a HTTPCaller to authorize myself. That's working well. Than I use a HTTPCaller again to read out some data with the credentials of the login window. Than I get an error of accessing the url.

 

What is the best way to work with this kind of "double" authentications?

Hi,

 

You are using the correct method of using 1 HTTPCaller to get some form of credentials and then passing these credentials through to the next HTTPCaller which will actually get the data you want. The problem is that every REST API is unique and wants something else.

 

Case in point, I often connect to the ArcGIS REST API to get a token and then use this token in either the request URL for a GET statement or in the body for a POST statement. ArcGIS REST uses the parameter called 'token' for the token authorization. However I also connect to an FME Server through rest and if I want to send a POST request FME server expects me to use the Authorization header which is filled with something like the following value: 'fmetoken token=aaaaaaaaaaaaaaaaaa'


swaggerHi birgit,

thank you for your answer. I hope to clarify myself by the image. The first dialog is from Swagger when I'm signed in as an user. The second is my first httpcaller (which is working) and the second is the next httpcaller set up to retrieve data. Both has a different url. With the second httpcaller I get "HTTP/1.1 400 Bad Request".

 

You say that I should get some credentials from the first httpcaller. I only get "htpp 200" which is the code for succes. I don't see any credentials. I also can't "match that" against my token url in the second httpcaller.

 

Can you explain somthing more? Any ideas?


swaggerHi birgit,

thank you for your answer. I hope to clarify myself by the image. The first dialog is from Swagger when I'm signed in as an user. The second is my first httpcaller (which is working) and the second is the next httpcaller set up to retrieve data. Both has a different url. With the second httpcaller I get "HTTP/1.1 400 Bad Request".

 

You say that I should get some credentials from the first httpcaller. I only get "htpp 200" which is the code for succes. I don't see any credentials. I also can't "match that" against my token url in the second httpcaller.

 

Can you explain somthing more? Any ideas?

I never use the authorization part of the HTTPCaller. I don't think you should use it in at least your second HTTPCaller that attempts to get the token. Untick the "use authorization" box and send the username and the password in the query string parameters, also are you sure that this is a GET request? Usually it is a POST Request with which you send the username and password in the request body.

 

Another thing I see is that you are trying to use Oauth? I don't think you generally need that with a REST API though I don't have a lot of knowledge on this subject.


swaggerHi birgit,

thank you for your answer. I hope to clarify myself by the image. The first dialog is from Swagger when I'm signed in as an user. The second is my first httpcaller (which is working) and the second is the next httpcaller set up to retrieve data. Both has a different url. With the second httpcaller I get "HTTP/1.1 400 Bad Request".

 

You say that I should get some credentials from the first httpcaller. I only get "htpp 200" which is the code for succes. I don't see any credentials. I also can't "match that" against my token url in the second httpcaller.

 

Can you explain somthing more? Any ideas?

Here is example from the ArcGIS REST API:ArcGIS REST API Get Token with HTTP CallerI don't know if the above settings still work but maybe you can use it as some sort of guide.


I never use the authorization part of the HTTPCaller. I don't think you should use it in at least your second HTTPCaller that attempts to get the token. Untick the "use authorization" box and send the username and the password in the query string parameters, also are you sure that this is a GET request? Usually it is a POST Request with which you send the username and password in the request body.

 

Another thing I see is that you are trying to use Oauth? I don't think you generally need that with a REST API though I don't have a lot of knowledge on this subject.

Indeed, OAuth and Basic Authentication are two very different concepts, and not interchangeable.


The API is using OAUTH2 as @david_r​ mentioned, Basic and OAUTH2 are very different.

You'll need to create a new OAUTH2 Web Service and then use that in your HTTP Caller and the authentication method

image


Reply