I know this question may be so simple but still posting here.
I have a WebService/Restful API written in RAILS which gives response in JSON format. According to the RAILS developer, it works fine under his development but not in my case.
My problem is,
Now, I want to test that Request/Response in Browser Rest Client (like
mozilla, chrome). However, when I hit the API there it gives me 401.
So I have 2 questions,
1] How to test it in Rest Client? if I make any mistake while passing header parameter in wrong way.
2] Is there anything other approach to do this?
API Details are,
URL : http://rails4.xxxxx.com/xx/xxxxx/{id}.json
//{id} can be any integer value
header
X-xxxxxx-Client:
487txxxxhu34hfixxxxxu3hfcfxxxxx4f3f3f
For more details, please refer below snaps.
Thanks is advance.
There are a lot of ways to test rest api:
cURL (CLI)
RestConsole (for Chrome)
RestAssured (java test framework)
Frisby (javascript test framework)
Problem was due to wrong credentials.
Related
In my current application under test using Karate framework, I came across TWO APIs - Token and Extended, which provides the APIGEE token value to access backend services.
API-1: Token API
Input payload (form-data) -
grant-type: authorization_code
code: *8-digit-characters*
redirect_uri: https://../oauth-code-callback
code-verifier:*28-digit-characters*
client_id: *Unique-Client-Key*
Response -
{"access-token":"..."}
API-2: Extended API
Input payload (JSON) -
{"access-token":"..."}
Response -
"APIGEE_Token"
Looking at the input payload in API-1, code and code-verifier are SHA-256 encrypted values generated using typescript. Now, in order to generate the final APIGEE token, I need to generate code and code-verifier values using the same typescript libraries in Karate. Is there any possibility as such? Else, please suggest if there is any alternative approach for my requirement. Thanks in advance!
First, I suggest you check if the tokens can be generated using some standard algorithm, in that case you can re-write them in Java or JS. Examples here: https://stackoverflow.com/search?q=%5Bkarate%5D+jwt
Else here are 2 extra creative solutions:
Karate uses the Graal JS engine, so if you can get the pure-JS equivalent of the routine you need, it may be possible to load it into Karate by reading the .js file. For example read() (or karate.read()) can return a JS function, which you can then invoke within your test flow.
If you have node / npm installed, you can write a command-line program that takes command-line args and returns the data you need. Note that you can even return JSON and use karate.fromString() to parse it. Karate happens to have very good support for OS command-line execution, refer: https://stackoverflow.com/a/62911366/143475 and a similar idea is described here: https://stackoverflow.com/a/51150286/143475
Finally, it may well be worth it to ask your dev-team to stand-up a small REST service that returns these tokens for you in your pre-prod environment. And the moment you have a REST option, guess what Karate is really good at :) The REST is up to you.
In Postman, I am able to successfully request a new token using the GUI. I'm wondering how to do this programatically. Or at least see the HTTP request that Postman is making. I've tried viewing it by monitoring the network traffic in Chrome, and with Wireshark, but without success. Thank you
well, OAuth2 is quite a big subject and you are not really providing a lot of details.
Postman is just a client, it creates requests based on the data you gave it so you don't need to monitor anything, you should know how you set it up and then simply mirror that in whatever language you want. Look at headers and post data specifically.
All I can do is point you to an extensive article I wrote on OAuth2, it shows a complete implementation, how to use Postman to create the correct requests and then how to write code which makes it all work.
If you don't use dot net, you can still understand all the concepts and it should be trivial to do the same thing using a different language.
https://eidand.com/2015/03/28/authorization-system-with-owin-web-api-json-web-tokens/
We have two jira installations at our company. One that we use for our projects and a second one for testing purposes.
I'm working in a project that needs to use the JIRA REST API. For this purpose I'm connecting to our testing instance.
The problem is that while trying out the REST API, I keep getting 400 errors without a single explanation of what went wrong. I just get an HTML with
Your browser sent a request that this server could not understand
I was a bit desperate and decided to try it into our real JIRA. To my surpirse the same request gave me a different response:
{"errorMessages":[],"errors":{"project":"project is required"}}
In this case, I do get a meaningful error!
I replicated this easily. I would never get a meaningful error from the test instance, but the real one will always give me one.
I cannot keep trying out stuff in our productive JIRA, but I cannot easily continue working without getting meaningful errors. So, what could be wrong in the testing instance? I could not find any configuration about the 'verbosity' of the API responses.
I believe that this error is returned not by JIRA but rather by proxy web server that is part of you production configuration.
I suggest you to compare HTTP headers that are sent with working requests from your browser with headers you pass via curl. Googling for the "Your browser sent a request that this server could not understand" helps too
I am developing a web application with Dart using redstone and polymer
Because Dart allows for server and client side development, I wonder what a good pattern for a web application is (specifically to Dart)
Option 1:
Have a server, say, /bin/server.dart
1.1. get a request there and respond with json
#app.Route("/user/:id", methods: const [app.GET])
getUser(int id) { ... }
have a client, i.e. web/user.html and web/user.dart
2.1 in user.dart make a request to server
2.2 receive json and form a proper user.html
Option 2:
Have a server /bin/server
1.1 get a request there and respond with an html page, similar to
#app.Route("/")
helloWorld() => "Hello, World!";
If in the first case I more or less know (and understand) how to make things work, while i find it really frustrating that I do not take advantage of Dart's server-client code-sharing: I need to encode to and decode back json to get the same data. Is there a way to avoid it?
The second option is much less clear for me: how would I serve a web page in this way? How would I make Polymer do its work?
Answers on the questions in the text and a general explanation of a darty way to develop web apps are very much appreciated.
You can see a Redstone + Polymer application example here: https://github.com/luizmineo/io_2014_contacts_demo
Basically, it works as Option 1: The client and server communicates through a service API, and the data is encoded as JSON. Although, Redstone uses the shelf_static package to serve the client code to the browser as well.
If you prefer, it's also possible to use a server side template engine, such as mustache, to build html pages in the server, although, I think it would be really difficult to integrate that with Polymer.
And finally, you always have to encode the data someway when transferring data between client and server, but this doesn't means they can't share code. They can use the same domain classes, for example. Check out the sample application linked above for more details.
I don't think the option 2 is possible. Polymer depends on dart:html which is not allowed on server side.
I am trying to understand how Google authentication works with OAuth 2.0. They give some examples at this link.
I am having trouble with one of the first steps. I can execute this http request in a browser:
https://accounts.google.com/o/oauth2/auth?scope=https://www.google.com/m8/feeds&client_id=21302922996.apps.googleusercontent.com&redirect_uri=https://www.example.com/back&response_type=token
and that works fine.
When I try to convert it to a curl GET operation,
curl https://accounts.google.com/o/oauth2/auth?scope=https://www.google.com/m8/feeds&client_id=21302922996.apps.googleusercontent.com&redirect_uri=https://www.example.com/back&response_type=token
I get a response that tells me there is an OAuth 2.0 error: invalid_request.
Converting it to a POST, I can't get this operation to work.
curl http://accounts.google.com/o/oauth2/auth -d “scope=https://www.google.com/m8/feeds&client_id=21302922996.apps.googleusercontent.com&redirect_uri=https://www.example.com/back&response_type=token”
The response is that the document has moved.
If I try this, I get similar results.
curl http://accounts.google.com/o/oauth2/auth -data-urlencode “scope=https://www.google.com/m8/feeds&client_id=21302922996.apps.googleusercontent.com&redirect_uri=https://www.example.com/back&response_type=token”
I have never used curl or OAuth in my code before, so I want to understand some of these basics. Can someone tell me what is wrong with my GET and POST ?
I don't have a sure answer for you, but I was working on something similar for Instagram and one thing that stumped me for a while was that my redirect URL looked to be the same as Instagram expected, but I kept getting errors.
Like you, when I 'hand coded' the redirect URL, I got the result I expected, but my automated calls to the authentication URL failed. It turned out my ampersands were a url encoded which Instagram compared to the redirect URL and saw they were not identical. I'm not sure if that will get you closer to an answer, but I thought I'd share my experience since your question reminds me of the situation I was in. Good luck.