Forum Discussion

Natkinson's avatar
Natkinson
Genius
4 months ago

Can someone walk me through authenticating and using Postman with Aurora?

I'm a bit of a newbie when it comes to GraphQL and Postman and I'm struggling to work through the dev docs when it comes to authenticating and setting up the basics in Postman for testing in API calls in Aurora. We're looking ahead to migration and want to start getting familiar with basic API calls. Has anyone successfully got Postman and Aurora working? Is anyone willing to walk me through the bare minimum basics of getting this set up to authenticate into our Aurora instance and run a basic GraphQL call? I'm finding the dev docs pretty lacking currently so I'm turning to the expertise of the developer community here hoping someone has already figured this out.

Or, if Khoros is reading this, can we have another Developer Webinar where we can walk through this? Or is this something you can offer through training or update the docs with more details? We've reached out to our CSM to see if we can get some 1:1 training but so far it doesn't look like that's an option right now.

  • You have 4 authentication options when using Postman to authenticate with the API

    1. Session Key (local account username and password)
    2. Bearer token using SDK Key
    3. Access Token using pre-shared key (Dev Tools API apps)
    4. OAuth Grant Flow (Community SSO)

     

    Option #1 is the easiest/best option, and what I use most commonly. This means you would login with an account created locally on the community (not using SSO). In the latest version of Aurora (24.08), you can create such as user through Admin > Users > Manage Users.

    Setting up Postman

    1. Create a new collection
    2. Create a new Environment to use with this collection (to hold variables).
      • sessionKey (secret) - leave blank
      • hostname (default) - set to your communities hostname (URL without https://)
      • username (default) - set to user created in community admin (or your username if local user)
      • password (secret) - the users community password
      • tapestry (default) - set to t5 (except for some special circumstances)
      • sessionStartTime (default) - leave blank
      • sessionLastUsed (default) - leave blank
      • ht_username (default) - set if you need to login to the community with basic auth credentials (the browser login popup)
      • ht_password (secret) - set if you need to login to the community with basic auth credentials (the browser login popup)
    3. In the collection pre-request script, add the pre-request script (included below)
    4. Create a new request in your collection
      1. Set the path to be POST https://{{hostname}}/{{tapestry}}/s/api/2.1/graphql
      2. Update headers:
        Key: li-api-session-key
        Value: {{sessionKey}}
    5. In the request body, add your GraphQL
    6. Execute Query
    7. Save your Query (and collection)

     

    Collection Pre-Request Script

    var sessionKey = pm.environment.get("sessionKey");
    var hostname = pm.environment.get("hostname");
    var tapesty = pm.environment.get("tapestry");
    var ht_username = pm.environment.get("ht_username");
    var ht_password = pm.environment.get("ht_password")
    var username = pm.environment.get("username");
    var password = pm.environment.get("password");
    var sessionStartTime = pm.environment.get("sessionStartTime","");
    var sessionLastUsed = pm.environment.get("sessionLastUsed","");
    
    const thirtyMinsAgo = Date.now() - (1000 * 60 * 30);
    const twoHoursAgo = Date.now() - (1000 * 60 * 60 * 2);
    
    if (sessionLastUsed == "" || sessionStartTime == "" || sessionLastUsed < thirtyMinsAgo || sessionStartTime < twoHoursAgo || sessionKey == "") {
        console.log("authenticating");
        authenticate();
    } else {
        pm.environment.set("sessionLastUsed", Date.now());
    }
    
    function authenticate(){
        
        const request = {
            url: `https://${hostname}/${tapesty}/s/restapi/vc/authentication/sessions/login?user.login=${username}&user.password=${password}&restapi.response_format=json`,
            method: 'POST',
            header: {
                'Authorization': 'Basic '+btoa(`${ht_username}:${ht_password}`)
            },
        };
        pm.sendRequest(request, function (err, response) {
            if (err) {
                console.error(err);
                pm.execution.skipRequest();
                return;
            }
            const data = response.json();
            if (typeof (data.response.error) !== 'undefined' && typeof (data.response.error.message) !== 'undefined') {
                console.error(data.response.error.message);
                pm.execution.skipRequest();
                throw new Error("Authentication failed (see console)");
            } else {
                console.log("key", data.response.value.$)
                pm.environment.set("sessionKey", data.response.value.$);
                pm.environment.set("sessionStartTime", Date.now());
                pm.environment.set("sessionLastUsed", Date.now());
            }
        });
    }

    Optional Post-Response script

    if (pm.response.code == 401){
        console.warn("Got unauthenticated response. Clearing variables.");
        pm.environment.set("sessionKey","");
        pm.environment.set("sessionLastUsed","");
        pm.environment.set("sessionStartTime","");
    }

     

4 Replies

  • MattV's avatar
    MattV
    Khoros Staff
    4 months ago

    You have 4 authentication options when using Postman to authenticate with the API

    1. Session Key (local account username and password)
    2. Bearer token using SDK Key
    3. Access Token using pre-shared key (Dev Tools API apps)
    4. OAuth Grant Flow (Community SSO)

     

    Option #1 is the easiest/best option, and what I use most commonly. This means you would login with an account created locally on the community (not using SSO). In the latest version of Aurora (24.08), you can create such as user through Admin > Users > Manage Users.

    Setting up Postman

    1. Create a new collection
    2. Create a new Environment to use with this collection (to hold variables).
      • sessionKey (secret) - leave blank
      • hostname (default) - set to your communities hostname (URL without https://)
      • username (default) - set to user created in community admin (or your username if local user)
      • password (secret) - the users community password
      • tapestry (default) - set to t5 (except for some special circumstances)
      • sessionStartTime (default) - leave blank
      • sessionLastUsed (default) - leave blank
      • ht_username (default) - set if you need to login to the community with basic auth credentials (the browser login popup)
      • ht_password (secret) - set if you need to login to the community with basic auth credentials (the browser login popup)
    3. In the collection pre-request script, add the pre-request script (included below)
    4. Create a new request in your collection
      1. Set the path to be POST https://{{hostname}}/{{tapestry}}/s/api/2.1/graphql
      2. Update headers:
        Key: li-api-session-key
        Value: {{sessionKey}}
    5. In the request body, add your GraphQL
    6. Execute Query
    7. Save your Query (and collection)

     

    Collection Pre-Request Script

    var sessionKey = pm.environment.get("sessionKey");
    var hostname = pm.environment.get("hostname");
    var tapesty = pm.environment.get("tapestry");
    var ht_username = pm.environment.get("ht_username");
    var ht_password = pm.environment.get("ht_password")
    var username = pm.environment.get("username");
    var password = pm.environment.get("password");
    var sessionStartTime = pm.environment.get("sessionStartTime","");
    var sessionLastUsed = pm.environment.get("sessionLastUsed","");
    
    const thirtyMinsAgo = Date.now() - (1000 * 60 * 30);
    const twoHoursAgo = Date.now() - (1000 * 60 * 60 * 2);
    
    if (sessionLastUsed == "" || sessionStartTime == "" || sessionLastUsed < thirtyMinsAgo || sessionStartTime < twoHoursAgo || sessionKey == "") {
        console.log("authenticating");
        authenticate();
    } else {
        pm.environment.set("sessionLastUsed", Date.now());
    }
    
    function authenticate(){
        
        const request = {
            url: `https://${hostname}/${tapesty}/s/restapi/vc/authentication/sessions/login?user.login=${username}&user.password=${password}&restapi.response_format=json`,
            method: 'POST',
            header: {
                'Authorization': 'Basic '+btoa(`${ht_username}:${ht_password}`)
            },
        };
        pm.sendRequest(request, function (err, response) {
            if (err) {
                console.error(err);
                pm.execution.skipRequest();
                return;
            }
            const data = response.json();
            if (typeof (data.response.error) !== 'undefined' && typeof (data.response.error.message) !== 'undefined') {
                console.error(data.response.error.message);
                pm.execution.skipRequest();
                throw new Error("Authentication failed (see console)");
            } else {
                console.log("key", data.response.value.$)
                pm.environment.set("sessionKey", data.response.value.$);
                pm.environment.set("sessionStartTime", Date.now());
                pm.environment.set("sessionLastUsed", Date.now());
            }
        });
    }

    Optional Post-Response script

    if (pm.response.code == 401){
        console.warn("Got unauthenticated response. Clearing variables.");
        pm.environment.set("sessionKey","");
        pm.environment.set("sessionLastUsed","");
        pm.environment.set("sessionStartTime","");
    }

     

  • Thanks MattV but there seems to be one issue with the authentication that I can't quite sort out. On line 28 for 'Authorization' it's using the htaccess variable but you never specified what that should be in the environment variables. 

  • MattV's avatar
    MattV
    Khoros Staff
    4 months ago

    Whoops! I had modified this from another use case, so it had a couple bugs. I've updated the script so it should be working now.

    I also added a post-response script that will clear variables in case you get a 401. Then you just have to re-try your gql so the pre-request authenticates again, which may resolve the error.

  • Natkinson's avatar
    Natkinson
    Genius
    4 months ago

    Perfect! I had another unrelated issue in Postman that was also causing me some issues, but I finally got it working this morning! Thanks so much. Whoever updates your developer docs may want to include this info in those docs for Aurora.

    Thanks again, MattV !