Auth details not passed when GET API provides a paramter

[Ken Smith]

I have a java/ws-rawclient thread configured to issue a GET via a url that includes a parameter, e.g.:

http://10.24.74.4:5481/api/Interface/GetCheese?Type=COMTE*

On the header tab, under HTTP authentication a valid user and pwd has been specified.

In the logging, I can see that authentication is missing from the HEADERS. The call to the GET API fails due to invalid credentials.

If I remover the parameter and send:

http://10.24.74.4:5481/api/Interface/GetCheese

Authentication now appears in the HEADERs in the logging, and the call succeeds, data is retrieved.

It seems that when adding the parameter to the GET, the auth details are lost or overlooked. Has anyone experienced this behaviour? The behaviour seems wrong to me, the parameter shouldn’t make a difference in whether the auth details get passed into the call to the API.

Topic

[Robert Kersemakers]

It looks like you can either send headers as part of the URL (as in ‘?Type=COMTE*) or (this is an exclusive or) send headers that are defined in the ‘Request Header Overrides’ (as in Header Name = ‘Type’ and Header Value = ‘COMTE*’).

I would only put the real URL (without headers) in the URL and define all the headers separately in the Request Header Overrides box.

Zuyderland Medisch Centrum; Heerlen/Sittard; The Netherlands

[Ken Smith]

I take your point and it seems generally like a better approach. But in this case, the full URL with parameter worked if there was no authentication, and the authentication failed if it was provided. It seems to me that the full url wasn’t an issue until basic authentication was applied. So the question I’m wondering about is why does the authentication fail with the full URL?

[Author]

Replies