[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ftpapi] OAuth authentication



Thanks for that info Kevin, and the quick response!  I will check that out.

Braden Lincoln

On Fri, Feb 5, 2021 at 1:49 PM Kevin Bucknum <Kevin@xxxxxxxxxxxxxxxxxxx> wrote:
If you search the archives for OAUTH you will see several conversations about implementing this workflow with HTTPAPI.  After a recent discussion I did a little test implementation, but I didn't keep the code, and depending on your api's it may different so probably wouldn't have helped much.  http://scottklement.com/archives/ftpapi/

Basic workflow is:
Make an HTTPAPI call to a web service. You usually pass user name and password to this one. It returns a long encoded string that is only good for a certain amount of time.

If you are calling from one program, clear your headers. If you are storing the token somewhere and using it in different programs you should be good.
Make an HTTPAPI call to another web service - for this one, instead of user name and password, you pass the token as an auth type of Bearer

Keys are keeping track of if the token is good or not, and making sure you pass the correct headers to each api.

On Fri, 2021-02-05 at 13:28 -0800, Braden Lincoln wrote:
Greetings,

I need to build a set of applications to download data in JSON format from a business partner.  They are using the following authentication method (I hope you can blow this up enough to read, please let me know).  Is this possible within the HTTPAPI services?  I don't see any clues in the examples or the source code for HTTPAPI.

image.png




  Kevin  Bucknum
                   Senior Programmer Analyst
                   MEDDATA / MEDTRON
                   120 Innwood Drive
                   Covington LA 70433
                   Local: 985-893-2550
                   Toll Free: 877-893-2550
                 https://www.medtronsoftware.com



CONFIDENTIALITY NOTICE

This document and any accompanying this email transmission contain confidential information, belonging to the sender that is legally privileged.  This information is intended only for the use of the individual or entity named above.  The authorized recipient of this information is prohibited from disclosing this information to any other party and is required to destroy the information after its stated need has been fulfilled.  If you are not the intended recipient, or the employee of agent responsible to deliver it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or action taken in reliance on the contents of these documents is STRICTLY PROHIBITED.  If you have received this email in error, please notify the sender immediately to arrange for return or destruction of these documents.

--
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi
-- 
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi