The API I am using requires me to send a signature string in the header of all my requests, in order to identify my session.
I get this signature from a header I read in the API's responses. The first call I make doesn't need the signature, but all subsequent requests do. The signature can change at any time, so I need to update my default header if I'm sent a new signature string.
Some of the calls I make use [RKObjectManager sharedManager], in some others I use AFNetworking directly using [RKObjectManager sharedManager].HTTPClient
What I would like to do is find a way to configure my underlying AFNetworking client so for every response that comes in I read the signature from the header and update my default header accordingly.
Any idea how to do this?
Related
I am using AFNetworking for my client and server communication. I want to make a wrapper on top of AFNetworking so that I can set common header and extra information for all the HTTP requests. Basically all my HTTP request will go through one layer to AFNetworking. It will make my client server communication easier and I will be able to include any kind of data with all the http request at any point of time. What will be the best way to do it?
As example I want to send token, network status, user info etc.
More specifically:
I want to include some common info with all the request like network info, user info, token. Now its really difficult to change in each and every request. So I want to design in such a way that all the http call will go through one path and I can send anything with AFNetworking HTTP Request without touching all the file.
You should create one separate class that manage all the network related calls. You should subclass NSObject and make a class with different required methods that you need. Import your AFNetwotking in this class and use this class in whole project when needed to make network call!
I have a HTTP Basic server where i sometimes need a user to make a selection before logging in. I thought i'd do this by sending a HTTP response 401 with json contents in the HTTP body to provide the data the client needs to show to the user.
However, i cannot for the world understand how i get the response body content in the willSendRequestForAuthenticationChallenge method. Since i use Basic Auth and provide the usr/pwd directly as a http "Authorization" header, this method gets called whenever the user cannot login, or when he/she needs to make the selection i am talking about.
So... i have the NSURLAuthenticationChallenge, but i cannot see any way of reading the body from that object.
If anybody could help out i'd really appreciate it!
You cannot get the body data at that point in the request process, because the URL request potentially asks you to make a decision about whether to cancel and retry with authentication before it even downloads the body data. It's a timing issue.
What you can do is:
Allow the request to complete without a credential. This will cause the URL connection to download the response body (error message). Your support code can then recognize the 401 response, parse the body, and provide credentials in a retry.
Optionally wrap the above logic in a custom NSURLProtocol class so that it becomes transparent to the rest of your app
Alternatively:
Provide the additional data in a custom HTTP header. I think you can probably get an NSURLResponse object from the protection spaces's failureResponse method, and get the headers from there.
I'm not 100% certain that it is possible to get the header fields at that point, though. For sure, you can do it with an NSURLProtocol or with custom wrapper code as described earlier.
We have 2 rails applications which talk to each other via API's. We decided we wanted to secure the calls using OpenSSL with public and private keys. So before sending a request, we create a signature of a document using the private key. On the other app we verify the signature with the public key and the received document.
This works well for our PUTs and POSTs because we can simply add the document and the signature in the Body.
However we also want to do it for GETs, and I do not want to add a body to a get, apparently this is a no-no. Would it be appropriate to send the signature and the document as http headers in the GET request? The document is very small - just a few arguments in a JSON string.
The other option I have is to use POSTs or PUTs instead of GETs
I am currently building and API that will be consumed by an iOS client using RestKit. For the POST (create) operation, I am returning a standard 202 Accepted status with no content. The objectID is set in the location header as the creation on the API is async.
The issue is that the iOS dev has indicated that RestKit does not allow you to access the header information on the response object. Is it possible to access the response object without using the mapping feature in RestKit?
RestKit returns to you the operation which processed the request / response and from there you can navigate through to get the HTTP processing operation and the response object (which contains the headers).
I'm using AFNetworking, making API calls that respond with proper cache-control headers.
Everything works fine with requests honoring the cache except for one glitch.
The API I'm using requires a signature to be created with a lifetime of 5 minutes. It's generated from the current time, API key, and API secret. So when I pass this in as a sig parameter, the cache is going to continually miss.
Example:
request1: http://foo.com?p=hello&apikey=12345&sig=ABCDEF
request2: http://foo.com?p=hello&apikey=12345&sig=ZYXWVU
So request 2 is a cache miss.
Question: How could I modify the request in such a way as to strip out the signature parameter for caching only?