Clovertech

Auth details not passed when GET API provides a paramter

Clovertech Forums Cloverleaf Auth details not passed when GET API provides a paramter

  • Creator
    Topic
  • September 16, 2022 at 7:24 am #119933
    Ken Smith
    Participant

      I have a java/ws-rawclient thread configured to issue a GET via a url that includes a parameter, e.g.:

      http://10.24.74.4:5481/api/Interface/GetCheese?Type=COMTE*

      On the header tab, under HTTP authentication a valid user and pwd has been specified.

      In the logging, I can see that authentication is missing from the HEADERS. The call to the GET API fails due to invalid credentials.

      If I remover the parameter and send:

      http://10.24.74.4:5481/api/Interface/GetCheese

      Authentication now appears in the HEADERs in the logging, and the call succeeds, data is retrieved.

      It seems that when adding the parameter to the GET, the auth details are lost or overlooked. Has anyone experienced this behaviour? The behaviour seems wrong to me, the parameter shouldn’t make a difference in whether the auth details get passed into the call to the API.

    • Creator
      Topic
    Viewing 1 reply thread
    • Author
      Replies
      • September 20, 2022 at 4:53 am #119935
        Robert Kersemakers
        Participant

          It looks like you can either send headers as part of the URL (as in ‘?Type=COMTE*) or (this is an exclusive or) send headers that are defined in the ‘Request Header Overrides’ (as in Header Name = ‘Type’ and Header Value = ‘COMTE*’).

          I would only put the real URL (without headers) in the URL and define all the headers separately in the Request Header Overrides box.

          Zuyderland Medisch Centrum; Heerlen/Sittard; The Netherlands

        • September 20, 2022 at 8:49 am #119936
          Ken Smith
          Participant

            I take your point and it seems generally like a better approach. But in this case, the full URL with parameter worked if there was no authentication, and the authentication failed if it was provided. It seems to me that the full url wasn’t an issue until basic authentication was applied. So the question I’m wondering about is why does the authentication fail with the full URL?

        • Author
          Replies
        Viewing 1 reply thread
        • You must be logged in to reply to this topic.