Solved

Arc HTTPGet Operation - How to pass Authentication: Bearer header


Userlevel 4
Badge +1

I’m just trying to authenticate with an API Endpoint which expects a fixed token to be passed as the Authorization HTTP header.

Does this look like it should work? I need to pull the token/API key from the Vault.

<arc:set attr="http.URL" value="https://api.XXXX.com/carrier/api/shipment-listing/[data.shipmentNumber]" />
  
<arc:set attr="http.header:Authorization" value="Bearer [Vault(My.API.Token)]"/> 
<arc:set attr="http.contenttype" value="application/json"/> 

  
<arc:call op="httpGet" in="http">
  <arc:set attr="output.data" value="[http:content]" />
</arc:call>

I’m getting a 401

 

thanks

icon

Best answer by James B 26 May 2023, 18:25

View original

10 replies

Userlevel 5
Badge +1

Hi @russell-jerseypost 

Just out of curiosity, are you trying to pull the Bearer Token from Arc Vault?

Userlevel 4
Badge +1

Yes, It’s a fixed token with a long expiry (2 years for example)

Userlevel 5
Badge +1

Hey @russell-jerseypost 

I just tested this out and looks like the script is correct and it should work as it is. Since you are getting 401 Unauthorized on the URL, there can be two possible reasons:

  1. The API Token is expired or not valid. Causing the Authentication to fail and server to return a 401. Can you test the API token in the Arc Vault directly with REST connector with bearer token authentication to check if it works?
  2. The API Token is correct but sent incorrectly to the server due to a malformed syntax or malformed request.

In general, enabling the logs should give you more information on the exact issue. You can also use the _log.info item to log either the vault value or the value of http.header:authorization to the application log. This is helpful when debugging a script, to see what the value of certain attrs are at various steps in the script.

Userlevel 5
Badge +1

Just to add, if you can’t figure out, you can always reach out to Arc support for assistance at arcsupport@cdata.com

Userlevel 4
Badge +1

Thanks.

Userlevel 4
Badge +1

Sorry, I’m struggling to get

<arc:set attr="_log.info" value="LOGGING! APIKey = [Vault(carrier.XXXX.com)]"/>  

to work

 

I have also tried

<arc:set attr="_log.info" />
LOGGING! APIKey = [Vault(carrier.XXXX.com)]
</arc:set>

 

I assume I should be looking in the message log. Not logs.rst#application

Userlevel 4
Badge +1

Don’t worry I have found the logs in logs.rst#application

Userlevel 4
Badge +1

OKay, I can’t see any evidence that it is passing the Authroization header

 

2023-05-23T13:02:26.147+01:00	4	SSLServerCert File: Cannot find specified certificate.
2023-05-23T13:02:26.147+01:00 4 SSLServerCert Encoded: Cannot find specified certificate.
2023-05-23T13:02:26.241+01:00 2 [Request: 186] GET https://api.XXXX.com/carrier/api/shipment-listing/e0faca8c-XXXX-4a9c-ae6d-be886cf1bacb
2023-05-23T13:02:26.241+01:00 5 [Request: 186]
[HTTP Headers]
HTTP Auth Scheme: 0
User:
Password:
GET /carrier/api/shipment-listing/e0faca8c-879d-XXXX-ae6d-be886cf1bacb HTTP/1.1
Host: api.XXXX.com
Accept-Encoding: gzip, deflate
User-Agent: CData Data Provider Engine - www.cdata.com - Accepts: gzip

2023-05-23T13:02:26.897+01:00 5 [Response: 186]
[HTTP Headers]
HTTP/1.1 401 Unauthorized
Date: Tue, 23 May 2023 12:02:26 GMT
Content-Type: application/json

Although

<arc:set attr="_log.info">
Auth = [http.header:authorization]
URL = [http.URL]
</arc:set>

is logging the expected Bearer token okay

Userlevel 4
Badge +1

I’m testing this with 

<arc:set attr="http.header:X-Custom" value="test"/> 

 

and 

 

<arc:set attr="_log.info">

Auth = [http.header:*]

</arc:set>
 

 

is reporting the headers that I set as expected.in Logs > Application

However when I use 

<arc:set attr="http.verbosity" value="5"/> 
<arc:set attr="http.logfile" value="D:\cData\logs\mylog.log"/> 
 

I don’t see these headers going out

2023-05-23T13:59:13.160+01:00    2    [Request: 187] GET https://api.XXXX.com/carrier/api/shipment-listing/e0faca8c-XXXX-4a9c-ae6d-be886cf1bacb

2023-05-23T13:59:13.160+01:00    5    [Request: 187]

[HTTP Headers]

HTTP Auth Scheme: 0

User: 

Password: 

GET /carrier/api/shipment-listing/e0faca8c-XXXX-4a9c-ae6d-be886cf1bacb HTTP/1.1

Host: api.XXXX.com

Accept-Encoding: gzip, deflate

User-Agent: CData Data Provider Engine - www.cdata.com - Accepts: gzip

2023-05-23T13:59:13.847+01:00    5    [Response: 187]

 

 

Userlevel 5
Badge

Hi Russel, 

 

I believe that the problem here is that the arguments to the httpGet operation are different that what  you are providing:

 

https://cdn.cdata.com/help/AZH/mft/op_HTTPGet.html

 

Instead of specifying the header with name as an argument to httpGet, you would provide both the name and values in a single array argument:


header:name#: The name for each custom header to pass with the request.
header:value#: The value for each custom header to pass with the request.

 

So this code: 

<arc:set attr="http.header:X-Custom" value="test"/> 

Actually needs to be:

<arc:set attr="http.header:name#" value="X-Custom" />
<arc:set attr="http.header:value#" value="test"/> 
<!-- Other headers are appended to the array -->
<arc:set attr="http.header:name#" value="X-Custom-2" />
<arc:set attr="http.header:value#" value="test2"/> 

 

Reply