Hello Netcall
I have been asked to look into building an application that will need to call APIs that use CSRF token and JSESSIONID for authentication.
In the documentation it states
"Authenticate your account by performing a handshake to obtain a CSRF token and JSESSIONID, these are used in the login request. All API calls should then contain the header information obtained from the handshake and authentication and must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.
“The authentication will expire after approximately 10 minutes and the process will then need to be repeated.”
The link below provides more details on authentication
I can’t see a way that Liberty Create API object can handle the handshake part of the authentication.
Any guidance would be much appreciated.
Thanks
Michael
There is no specific feature for a handshake process (as it will differ from one provider to the next), but assuming it is also just a regular API request then no reason you can’t implment that yourself just as two separate API Calls, storing the relevant returned info which you then need in the later API Call(s).
This approach has definitely been done successfully in the past, using one initial API Call to get a temporary token, storing it, and then using that stored token in subsequent API Calls. You just need to deal with where to store the token(s), and how long they are valid for before you request it again etc.
Where to store that info will depend on the scope, it could be in Variable(s) if it’s global info, or against the original record if it is record specific, for example.
Thanks for your help Bob, I thought it we would have to do something like that i.e. a couple of API calls. Good to know that this has been done in other applications.