REST API - Logon Issue

Hi all,
To use the DW REST API I have to deal with Login Cookies in order to use them for all the REST API calls. IMHO DW must include a standard method to access the API since a REST API consumer can't work a a web browser.

Are you going to include any improvement to access the REST API like Basic Auth, JWT,etc.?. Maybe there is another way to access the API but i don´t know it and not documentation at all for the API exists. There is a Get Token Example in the Postman Collection but I don't know how to use it. More documentation is neeeded.

The main problem when I use REST API and I logon and logut several times I get an 401 Unauthorized Exception that makes the API completely unusable.

Thanks for your support.

Kind regards

Adriano.

I am not sure what you have all tried, but it is very possible to login to DocuWare with basic authentication. Check out this post:

https://support.docuware.com/de-DE/forums/questions-about-usage-and-configuration/cd2c7857-8f41-e911-a967-000d3ab3fe8a

There are details on how I use Foxpro to access DocuWare (on-premise, version 6.11). 

Long story short, via Postman, if you do a POST with the URL:

http://<server>/DocuWare/Platform/Account/Logon?Organization=<org name>&Username=<username>&Password=<password>

you should see XML representing various DocuWare links -- it means you are authenticated. If you do this POST with some sort of persistent connection/request object (such as MSXML2.ServerXMLHTTP or MSXML2.XMLHTTP on Windows), you can then do additional GETs to access the various API functions.

Hope this helps!

Thanks,
Joe Kaufman

 

Hi Joe, that's the question.  As you describe in your answer, a login method that returns a list of links is not very intuitive, even worse when the login error leads you to an html form as if the one making the call was a browser. Ignoring this a REST API should be designed to be stateless and the connection should not be persistent.

The API must be consumer agnostic and in this case it is not. Regarding the login, a token should return and in the rest of the calls this token should be sent by the consumer or, in the worst case, by sending the username and password with each request. There are clients who want to access the API from different programming languages such as PHP or Javascript frameworks and have problems because they have to handle cookies, if they are re-authenticated the user remains inactive producing 401 errors, etc.

In addiction to this there's not any documentation at all, only the postman examples collection. This makes the API very difficult to deal with.

 

Hello Adriano,

> The main problem when I use REST API and I logon and logut several times I get an 401 Unauthorized Exception that makes the API completely unusable.

Are You sure You are logging out correctly? 
I mainly use powershell to do my REST API stuff, always resending the cookie I have created on login, like You said, but as long as I log out when my work is done, I can rerun my scripts as often and as fast as I like without getting a 401.

Logging on several times without logging out will eventually return a 401.

@Fabian Can you provide an example of the Invoke-RestMethod you use to login?  I keep getting the HTML response (indicating a login issue) rather than the XML links that I'm getting in Postman.

Hello @Robby Osting,

Here are my funtions for Logging in and Logging out, that I like to use in my powershell scripts:

$cookie = New-Object Microsoft.PowerShell.Commands.WebRequestSession

function Login{
  Invoke-WebRequest `
  "$($dwurl)/Account/Logon" `
  -Method Post `
  -Headers @{ `
      'Content-Type' = 'application/x-www-form-urlencoded'; `
      'Accept' = 'application/json'; } `
  -Body @{ `
      'UserName' = $($username); `
      'Password' = $($password); `
      'Organization' = $($org_name); `
      'RedirectToMyselfInCaseOfError' = 'false'; `
      'RememberMe' = 'false'; `
      'HostID' = '7b5ed19b-bfd6-46e9-8a3b-efd2a4499666'; `
      'LicenseType' = 'PlatformService'; } `
  -WebSession $cookie
}

function Logout{
  Invoke-WebRequest "$($dwurl)/Account/Logoff" `
  -Method Get `
  -WebSession $cookie
}

They use a few variables for the url, username, password, etc.

Please note the variable "$cookie". 
In between logging in and logging out, I send this with every Invoke-WebRequest that I make to do the actual work I want to do.

What does the html response aou are receiving contain?
I suspect there is an issue with licensing?