on 2018 Jul 31 4:47 PM
Hi Team,
we had created API proxy and generated application.
we want to test the API with 'validate API Key' policy. So I had added policy to my API proxy.
while try to test from developer portal, I had given APIKey as header and Authorization as 'None'. So when I click on send it shows status code as 200 and response time. but it is not trigger the API.
but when I add basic authentication, I am able to trigger proxy endpoint and get response.
please let me know how to test/trigger with APIKey alone at header. So that if we provide the APIKey to source application, they can able to call my target system through API proxy.
Regarrds,QY
Hi QY,
You can manually add authorization headers in Base64 format in your policy.
Though I'm wondering, when you don't specify authorization, how you can get HTTP 200 response while target is not triggered.
You can debug the API anyways.
Best regards,
Tom
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tom,
Thanks for response.
APIkey was generated at application and in API provider I had given catalog provider and basic authentication.
while testing
1. API key has been provided in header without basic Authentication - result is status 200 ok but no response.
2. APIKey+basic authentication (as Headers parameters) - works fine and getting the response.
so I would like to check the possible option to get response by providing APIKey alone (with Authentication as None). can we add basic authorization policy after the verify APIKey policy? and hard code authorization values in policy itself instead of passing at header level?
Could you please ping me code to add authorization headers in Base64 format in policy (basic Authentication?)
Best Regards,QY
Hi QY,
Sorry for the late reply. The Basic Authentication policy can be used to pass hard coded backend authentication. It is usually not a very wise decision from a security standpoint, but is useful in cases of testing to make life a little easier.
Basic Auth typically encodes credentials which are passed to it via variables in some way. The simplest way you can do that is with 2 policies strung together
1) AssignMessage - you define username and password variables that contain the values you want to encode
2) Basic Authentication - you take the variables and encode them to be passed to your BE
You can use the following code to set the username and password to variables
<!-- This policy can be used to create or modify the standard HTTP request and response messages -->
<AssignMessage async="false" continueOnError="false" enabled="true" xmlns='http://www.sap.com/apimgmt'>
<AssignVariable>
<Name>sapapim.user</Name>
<Value>** Enter Technical Username **</Value>
</AssignVariable>
<AssignVariable>
<Name>sapapim.pass</Name>
<Value>** Enter Technical User Password **</Value>
</AssignVariable>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<AssignTo createNew="false" type="request">request</AssignTo>
</AssignMessage>
You can use the following code to pass Basic Auth credentials within an API Proxy from previous variables
<BasicAuthentication async='true' continueOnError='false' enabled='true' xmlns='http://www.sap.com/apimgmt'>
<!-- Operation can be Encode or Decode -->
<Operation>Encode</Operation>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<User ref='sapapim.user'></User>
<Password ref='sapapim.pass'></Password>
<Source>request.header.Authorization</Source>
<AssignTo createNew="false">request.header.Authorization</AssignTo>
</BasicAuthentication>
You can read more about the Basic Authentication policy here: https://help.sap.com/viewer/66d066d903c2473f81ec33acfe2ccdb4/Cloud/en-US/693c0d1720644d57918ed77acc6...
Regards,
Elijah
User | Count |
---|---|
81 | |
11 | |
10 | |
10 | |
10 | |
8 | |
7 | |
7 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.