Posted Thu, 04 Apr 2019 15:36:55 GMT by Callum McGlynn Technical Solutions Manager
Hi there, 

is it possible to send either login token or cookies in the payload/header of a Rest request?

If it is, would anybody be able to give an example of how this needs to look in the request please?
Posted Thu, 04 Apr 2019 16:11:39 GMT by Joe Kaufman Bell Laboratories Inc No longer there
Callum,

Are you specifically needing to authenticate via cookies and/or headers, or are you simply asking how to authenticate any REST call?

If you are using C#/.NET, then use the NuGet packages related to DocuWare access. That has authentication modeled in their published classes so that you don't need to worry about authentication at such a low level.

If you are using non-NET tools, here is a thread about accessing API calls from FoxPro:

https://support.docuware.com/en-US/forums/questions-about-usage-and-configuration/cd2c7857-8f41-e911-a967-000d3ab3fe8a#fd0bb980-a641-e911-a96c-000d3ab3f5d2

That provides an example of how to authenticate a request object (in this case ServerXMLHTTP). The gist of it is that you POST to the login URL and put username and password in the POST data.

Hope this helps!

Thanks,
Joe Kaufman
Posted Thu, 04 Apr 2019 16:33:23 GMT by Callum McGlynn Technical Solutions Manager
Hi Joe,

Cheers for the response and the link, I'm not a dev by any means so apologies if this subsequent response doesn't make a massive amount of sense.

Effectively what I am trying to do is make a GET call from a third party/web app but using either the login token or cookies in the request, using something like https://apitester.com/ format or the 'Get Data, from Web' in excel as an example.

The software we're trying to connect to can only make a single REST call to retrieve the data and I can get a request to work in python using a 'Session' with two calls but I cannot get it to work without the initial separate call to create the session with cookies.

Example of the code I can get to work is below. I'd love to be able to just use Section 2 of the call without the need for section 1.
 
SECTION 1 - 

import requests
import time
import json

url = "https://SERVER/DocuWare/Platform/Account/LogOn"
userlogininfo={'Username':'user', 'Password':'password', 'Organization':'org'}

# === First Request ===
session = requests.Session()
print(session.cookies.get_dict())
{}
response = session.post(url,userlogininfo)
print(session.cookies.get_dict())

SECTION 2

# === Subsequent request within session ===
updateurl = "https://server/DocuWare/Platform/FileCabinets/b1114fe7-7e73-4c19-8647-efe60d0be069/Documents"

payload = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n\r\n<?xml-stylesheet type=\"text/xsl\" href=\"/DocuWare/Platform/Content/standard.xslt\"?>\r\n\r\n<DocumentIndexFields xmlns:s=\"http://dev.docuware.com/schema/public/services\" xmlns=\"http://dev.docuware.com/schema/public/services/platform\">\r\n\r\n    <Field FieldName=\"DOCUMENT_TYPE\" FieldLabel=\"Document Type\">\r\n\r\n        <String>UPDATED</String>\r\n\r\n    </Field>\r\n\r\n</DocumentIndexFields>"
headers = {
    'cache-control': "no-cache",
    'Accept': "application/json"
    }

response = session.request("GET", updateurl)


 
Posted Thu, 04 Apr 2019 16:55:21 GMT by Joe Kaufman Bell Laboratories Inc No longer there
Callum,

I believe you can authenticate and call a redirect, all with one POST call.

My code does a second call (like yours) rather than grabbing data from the redirect, but if the redirect is just a GET you can do it all at once. The resource documentation on the Logon URL displays this:

/DocuWare/Platform/Account/LogOn?returnUrl={returnUrl}

So, the POST data logs you on and then the returnURL executes, and the response data is from that returnURL.

I am not sure how to do a second POST, though. For example, if you want to index a document, that requires a POST, and I am not sure how you would pass the second set of POST data along with the URL.

I know that at some point someone stated you could add authentication as a request header in any call, but for the life of me I cannot find the forum post about that (searching is SO SLOW!). Have you trued passing the same header straight to subsequent calls without authenticating the session first? I assume it returns that login page redirect when you try?

Does anyone else recall how to pass the username and password in the request header without needing to explicitly call the Logon URL and having a session keep authentication persistent?

I will post here again if I can find the thread I am thinking of...

Thanks,
Joe Kaufman

You must be signed in to post in this forum.