I’ve been experimenting with HTTPApi in Delphi and have a basic handle on it.
However I’m trying and failing to understand authentication.
I’ve found the sample application but I can’t understand how it works.
I’ve tried calling the login/login endpoint from Postman with a blank Access-Token header but the TROHttpApiSession.Create(’’, EmptyGUID) call fails.
Could you let me know where I’m going wrong or is there any documentation on HTTPApi authentication in general?
later you should provide received guid in request header for accessing to protected service’s methods.
Note: You should use TROHttpApiSimpleAuthenticationManager otherwise Access-Token in headers won’t be work as expected.
see HttpApi Authentication sample for more details.
Sorry but I’m an old-school Win32 developer and am a bit of a noob when it comes to this REST stuff. I’ve just been asked to investigate providing an API to some server functions.
I’ve tried the sample app and imported the swagger API from http://localhost:8099/api into Postman and then using that to test.
When I call the login/login function/endpoint, I seem to get five headers back in the response but none of them are Access-Token or contain a GUID.
I’m clearly doing something wrong here I just can’t work out exactly what
Mark bundle as not supporting multiuse
< HTTP/1.1 500 OK
< Connection: close
< Content-Type: text/html; charset=utf-8
< Content-Length: 34
< Date: Tue, 01 Feb 2022 12:51:35 GMT
< Accept-Encoding: gzip, identity
<
Invalid Path* Closing connection 0
Which looks like the example in that thread except Access-Token is missing for some reason.
I’m going to compare with the example app in that other thread I think as I obviously managed to get that to work back in 2020 and I’ve just forgotten it all since then.
UPDATE: Yep the httpapi_security.zip from the other thread does the same thing. It actually throws an exception when I call the login endpoint:
‘This stream is incompatible with JSON format. Position: 6’
It looks like I got this working before so not sure if I’m doing something different.
Ok the exception was because I hadn’t properly escaped the double-quotation marks in the body text.
Doing so now works correctly via curl at the command line with both examples so I’m getting somewhere.
Now I just need to figure out why Postman isn’t returning the Access-Token header correctly but that looks like it might be a Postman-specific issue.
Slightly separate question but I’ll keep it in here.
I’m trying to get SSL working on the server and I always have problems with SSL.
Currently I’m using the TROHttpServer. I can set OpenSSL.SSLEnabled to True without a problem and then access it at https://localhost:8099/api but have to bypass the security warnings.
I want to use a local self-signed certificate so I don’t get the warnings and can test clients properly but can’t figure out how.
What files/properties do I need to add my own cert to the TROHttpServer.
I don’t actually care which server I use so if it’s easier with the Indy server instead I could use that.