1

It's probably me being a doofus, but I'm struggling to find a way to add an Authorization header to my request using IBM API Connect Test and Monitor.

In cURL I would use something like this: -

-H 'Authorization: Bearer '"${ACCESS_TOKEN}"

and APICTM does allow me to set Headers, but not quite like that :-(

What am I doing wrong ?

Also, again it's probably just me but is there a way to see a "code" view of the entire request, including Headers ?

Dave Hay
  • 31
  • 3
  • 1
    when you say "not quite like that", is it because you want to use a variable placeholder instead of a hardcoded token? If not why are you not able to just add a header with name `Authorization` and value of Bearer token? – mavili May 21 '19 at 09:48
  • The test composer screen has its own `Add Authentication` button but the HTTP client does not. You can also add authentication variables to the vault feature, which is designed to keep credentials securely. I'll put some screenshots together to illustrate this and make an answer below. – jambox May 21 '19 at 15:26
  • Hey @mavili , thanks for the feedback - I did try simply adding a header with the _key_ of *Authorization* and the _value_ of the actual Bearer token, but I still get HTTP403 Unauthorized. If I access the same via cURL, I'd add an HTTP header like this: - ``` -H 'Authorization: Bearer '"${ACCESS_TOKEN}" ``` where *ACCESS_TOKEN* contains the actual Bearer token. In other words, APIC T&M supports the key/value pair, but doesn't seem to "know" what to do with the phrase _Authorization: Bearer_ ..... Or is it just me ? – Dave Hay May 25 '19 at 12:14
  • Hey @jambox thanks for your comment, I've also tried the native macOS client, which *does* offer an Authentication tab, *but* that only supports _HTTP Basic Auth_ i.e. user/password. Better still, it also throws: - `Failed to fetch your request; most likely due to network error or invalid hostname.` when I try the same API endpoint that works with cURL, and fails with HTTP403 using the HTTP client. Which is nice :-) I'll investigate the credential vault .... #thanks – Dave Hay May 25 '19 at 12:21
  • Good news @jambox as I suspected, I *was* holding it wrong. Once I dived into the Composer screen, I had way more control, including the ability to tinker with the headers AND see the detail behind the HTTP403. Will fiddle further, but it's looking good so far ! – Dave Hay May 25 '19 at 12:32
  • And the same *IS* true within the HTTP Client, the mistake that I was making was failing to grok the fact that I *need* to add an HTTP Header with the key _Authorization_ and the value of _Bearer XXXXXXXXXXX_ where _XXXXXXXXXXX_ is the actual token. In other words, I need to type _Bearer XXXX_ as the value of the HTTP Header NVP. Can you say "Doofus" ? I bet you can !! Thanks to you both, you rock ! – Dave Hay May 25 '19 at 12:35

0 Answers0