question

Upvotes
Accepted
1 1 0 4

how to call pre request script via backend server ?

I'm using python at the backend and want to call the API via python code and don't want to use javascript at all.

world-checkworld-check-one
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
Accepted
4.2k 8 5 6

@tc

cusersu6068964documentspyworldsave-a-case-client.zip

Thank you for your response.

I just wrote a sample python script for saving a case API call. You can have a look at this and find out how to place the content in the dataToSign variable.

Kindly note the sample code provided is just to give you an example of how to send successful requests to WC1 API.

During implementation, we expect our client to use their own code which has tried and tested to get consistent results.


icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@Irfan.Khan: Thanks a lot for the code. It worked.
i am getting 401 on the first call for every request i make,
request after the first one are a success.
are you aware about this issue?

@tc

401 error code means that the request has failed an authorisation check. This can happen for a variety of reasons, such as an invalid or expired API key, an invalid HMAC signature or a request timing issue/problem with the Date header value. The API client should ensure a correctly synchronised clock is used to generate request timestamps.

Can you please provide me the request headers being sent and the response headers being received so that I can look into this?

Upvotes
4.2k 8 5 6

@tc

As I understand, you would like to call the APIs using your Python code and not using the Postman. Or would you like to call the APIs using Postman but want to write the pre request script in Python instead of JS?

If you are using your code in your server to call the API requests, then you do not have to use the pre request script, you can write the functions in python which would mimic what pre request script does like creating HMAC using your API key and dataToSign variable, creating date header value in GMT and sending authorization headers in a distinct format to the WC1 API.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

this is exactly what i am doing, but getting 401 in case while creating a case, as it requires body inside request as well as inside datatoSign string.

`var dataToSign = "(request-target): post " + environment["gateway-url"] + "cases\n" + "host: " + environment["gateway-host"] + "\n" + "date: " + date + "\n" + "content-type: " + environment["content"] +"\n" + "content-length: " + contentLength + "\n" + content; `

I am able to get the exact same authorization string which i get in postman (date and hmac is different ofcourse) but getting 401.

Upvotes
1 1 0 4

401 request and response headers:
`{'Authorization': 'Signature keyId="a4364e62-e58b-4b64-9c71-faead5417557",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="ddj05fvtrMzyOAnduFYe5ZIRb+qSUUUqAVVSxsfGMko="', 'Date': 'Thu, 01 Nov 2018 12:37:55 GMT', 'Content-Type': 'application/json', 'Content-Length': '159'}`

`{'X-Application-Context': 'application', 'Authorization': 'WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length', 'Transfer-Encoding': 'chunked', 'Date': 'Fri, 02 Nov 2018 05:24:18 GMT', 'Server': '""'}`

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@Irfan.Khan: this is happening for every request, the first request is 401 and next consecutive requests are the success, and after some time the same cycle repeats.

Upvotes
4.2k 8 5 6
@tc

I see that request header has the below date header value:

'Thu, 01 Nov 2018 12:37:55 GMT'

While the response headers has the below date header value:

'Fri, 02 Nov 2018 05:24:18 GMT'

Clearly the time stamp being sent in the request is invalid, hence you are getting a 401 error. May be when you send the first request it picks up the old date header value from the code and this why the first request fails with a 401.

If you are sending concurrent request and do not generate new time stamp for each request, then requests will start failing after 40 to 50 seconds as the time stamp will become outdated. The time difference allowed between the response date header and the request header value is 30 to 40 seconds, anything more than that and the API server will reject the request.

Hope this helps.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
4.2k 8 5 6

@tc

Following up to find out if you need further assistance on this.

Thanks.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Thanks a ton, @Irfan.Khan for the assistance.
Everything is working fine now.

@tc

Request you to accept the answer so that it can guide other users having queries of same nature.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.