REST API Issue

Started by gmundt, September 25, 2024, 01:57:33 PM

Previous topic - Next topic

gmundt

I am attempting to make an API call, but keep getting the message Disallowed Key Characters.

url$="https://ccp.mobileappsuite.com/api/public/gift_cards"

postdata$

{
  "gift_card_number":"123456789",
  "gift_card_cvv":"123",
  "Host":"ccp.mobileappsuite.com",
  "Accept":"vnd.appsuite.pa.v6+json",
  "Content-Type":"application/json",
  "Authorization":"Basic ????????????"
}


The ???????? is a base-64 encoded key.  I pulled the postdata based on the code snippet from postman.

Can't seem to identify the issue with the submission.

James Zukowski

Is the auth code supposed to be Base64, or should it be plain text?
Is this a 'constant' or is it returned from a prior call (OAuth2, etc.)?
James Zukowski
Sr. Developer - J&E

BRAND>SAFWAY
Brand Industrial Services

gmundt

Auth code is base 64 and using the same auth code provided in the postman snippet.

It is constant.  Using in POS Application to get gift card balance.

James Zukowski

Seems to me that it's something the host service doesn't like. I'd suggest checking with the provider and their documentation to see what they have to say.

Unless someone else has a better idea...
James Zukowski
Sr. Developer - J&E

BRAND>SAFWAY
Brand Industrial Services

gmundt

Thanks, I have scheduled a call with them to get more information.

Looking at the documentation I'm trying to figure out how to use GET, PUT, and POST.  Is that what the method$ string is supposed to be for?

James Zukowski

Taking a closer look, it seems like you're mixing header and detail information in the package contents.

I've been using the PxPlus Web Request process (see https://manual.pvxplus.com/PXPLUS/Web%20Services/Overview.htm[color=var(--body-txt-color)]) for these types of things:[/color]

CALL "*plus/web/request",SiteURL$,RequestData$,Resp$,RespHdr$,MimeType$,"",ExtraHdr$
where: SiteURL$ would be your URL$, RequestData$ would probably just be the Gift_Card_Number and CVV, ExtraHdr$ would contain the Accept and Authorization (without quotes), and MimeType$ would be the Content_Type (application/json). You may also want to include "Accept: application/json" in the ExtraHdr$ to identify the return format. I let PxPlus determine the method.

After the call, the returned package would be in Resp$, and any header info would be in RespHdr$.

Good luck!
James Zukowski
Sr. Developer - J&E

BRAND>SAFWAY
Brand Industrial Services

gmundt

That makes sense.  I made some changes and it's now getting through, but doesn't appear to be pulling the header information.

siteURL$=https://ccp.mobileappsuite.com/api/public/gift_cards/123456789?cvv=123
RequestData$=""
MimeType$=application/json
ExtraHdr$=
Accept: vnd.appsuite.pa.v6+json
Authorization: Basic VHlqRlpUV1V0WFg2VnllZjpPRXVmeDlhb2FLVHlmVmFB

Resp$="Access Denied"

RespHdr$=
HTTP/1.1 401 Unauthorized
Date: Thu, 26 Sep 2024 17:30:12 GMT
Content-Type: application/json
Content-Length: 15
Connection: close
Set-Cookie: PHPSESSID=h8c9ba2ist2mjgk025jv9vqous; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Set-Cookie: _cfuvid=8CMTrC9RJI4zcnK3IH8E2DVUq_k02ScUebtChuCSuN4-1727371812131-0.
0.1.1-604800000; path=/; domain=.mobileappsuite.com; HttpOnly; Secure; SameSite=
None
Server: cloudflare
CF-RAY: 8c94faff9fc7a94b-DTW

So, I am guessing there is something missing in the ExtraHdr$ variable as the vendor is indicating they are not seeing the Authorization line of the header.

This is a sandbox to test some integration, but still should be working.

Loren Doornek

The Base64 string for the authorization should have an equals sign (=) on the end.  Try adding that and see if it works.

Authorization: Basic VHlqRlpUV1V0WFg2VnllZjpPRXVmeDlhb2FLVHlmVmFB=

James Zukowski

Also check if there is supposed to be a space between "Basic" and the rest of it.
James Zukowski
Sr. Developer - J&E

BRAND>SAFWAY
Brand Industrial Services

gmundt

I have pushed some logs to the vendor.  I switched the header to have Authorization as the first line and Accept as the second.  It then accesses, but fails on their side with a SQL error.

I appreciate your help and will let you know what I find.

gmundt

The issue was a difference between using 'lf' and $0d0a$ as a line separator.  The vendor was unable to parse the 'lf'.  I am now able to submit.  Thank you for all of the assistance.