Forum Discussion

Natkinson's avatar
Natkinson
Genius
2 years ago
Solved

Can someone walk me through authenticating and using Postman with Aurora?

I'm a bit of a newbie when it comes to GraphQL and Postman and I'm struggling to work through the dev docs when it comes to authenticating and setting up the basics in Postman for testing in API calls in Aurora. We're looking ahead to migration and want to start getting familiar with basic API calls. Has anyone successfully got Postman and Aurora working? Is anyone willing to walk me through the bare minimum basics of getting this set up to authenticate into our Aurora instance and run a basic GraphQL call? I'm finding the dev docs pretty lacking currently so I'm turning to the expertise of the developer community here hoping someone has already figured this out.

Or, if Khoros is reading this, can we have another Developer Webinar where we can walk through this? Or is this something you can offer through training or update the docs with more details? We've reached out to our CSM to see if we can get some 1:1 training but so far it doesn't look like that's an option right now.

API
Community API
  • MattV's avatar
    MattV
    2 years ago

    You have 4 authentication options when using Postman to authenticate with the API

    1. Session Key (local account username and password)
    2. Bearer token using SDK Key
    3. Access Token using pre-shared key (Dev Tools API apps)
    4. OAuth Grant Flow (Community SSO)

     

    Option #1 is the easiest/best option, and what I use most commonly. This means you would login with an account created locally on the community (not using SSO). In the latest version of Aurora (24.08), you can create such as user through Admin > Users > Manage Users.

    Setting up Postman

    1. Create a new collection
    2. Create a new Environment to use with this collection (to hold variables).
      • sessionKey (secret) - leave blank
      • hostname (default) - set to your communities hostname (URL without https://)
      • username (default) - set to user created in community admin (or your username if local user)
      • password (secret) - the users community password
      • tapestry (default) - set to t5 (except for some special circumstances)
      • sessionStartTime (default) - leave blank
      • sessionLastUsed (default) - leave blank
      • ht_username (default) - set if you need to login to the community with basic auth credentials (the browser login popup)
      • ht_password (secret) - set if you need to login to the community with basic auth credentials (the browser login popup)
    3. In the collection pre-request script, add the pre-request script (included below)
    4. Create a new request in your collection
      1. Set the path to be POST https://{{hostname}}/{{tapestry}}/s/api/2.1/graphql
      2. Update headers:
        Key: li-api-session-key
        Value: {{sessionKey}}
    5. In the request body, add your GraphQL
    6. Execute Query
    7. Save your Query (and collection)

     

    Collection Pre-Request Script

    var sessionKey = pm.environment.get("sessionKey");
var hostname = pm.environment.get("hostname");
var tapesty = pm.environment.get("tapestry");
var ht_username = pm.environment.get("ht_username");
var ht_password = pm.environment.get("ht_password")
var username = pm.environment.get("username");
var password = pm.environment.get("password");
var sessionStartTime = pm.environment.get("sessionStartTime","");
var sessionLastUsed = pm.environment.get("sessionLastUsed","");

const thirtyMinsAgo = Date.now() - (1000 * 60 * 30);
const twoHoursAgo = Date.now() - (1000 * 60 * 60 * 2);

if (sessionLastUsed == "" || sessionStartTime == "" || sessionLastUsed < thirtyMinsAgo || sessionStartTime < twoHoursAgo || sessionKey == "") {
    console.log("authenticating");
    authenticate();
} else {
    pm.environment.set("sessionLastUsed", Date.now());
}

function authenticate(){
    
    const request = {
        url: `https://${hostname}/${tapesty}/s/restapi/vc/authentication/sessions/login?user.login=${username}&user.password=${password}&restapi.response_format=json`,
        method: 'POST',
        header: {
            'Authorization': 'Basic '+btoa(`${ht_username}:${ht_password}`)
        },
    };
    pm.sendRequest(request, function (err, response) {
        if (err) {
            console.error(err);
            pm.execution.skipRequest();
            return;
        }
        const data = response.json();
        if (typeof (data.response.error) !== 'undefined' && typeof (data.response.error.message) !== 'undefined') {
            console.error(data.response.error.message);
            pm.execution.skipRequest();
            throw new Error("Authentication failed (see console)");
        } else {
            console.log("key", data.response.value.$)
            pm.environment.set("sessionKey", data.response.value.$);
            pm.environment.set("sessionStartTime", Date.now());
            pm.environment.set("sessionLastUsed", Date.now());
        }
    });
}

    Optional Post-Response script

    if (pm.response.code == 401){
    console.warn("Got unauthenticated response. Clearing variables.");
    pm.environment.set("sessionKey","");
    pm.environment.set("sessionLastUsed","");
    pm.environment.set("sessionStartTime","");
}

     

13 Replies

Show More
  • SydneyL's avatar
    SydneyL
    Advisor
    6 months ago

    MattV​ Sorry to semi-necro this post since it's a little older, but I got stuck on this today and this thread helped a lot!!! Thank you so much!

  • wkennis's avatar
    wkennis
    Guide
    5 months ago

    I was trying to set up postman with this solution. I do get the message that btoa is deprecated, i tried changing this to base64 but can't get this code to work. Anybody else having this problem or knows the answer?

  • Lief's avatar
    Lief
    Boss
    3 months ago

    MattV​ - this thread is the closest we've gotten.(and by we I mean citizenelah​ and alfozaav​) :D

    We are trying to migrate to GraphQL API's because everything I hear is that it is the only supported tech; for 4 different use-cases, we just got our domain added to the OAuth-allowed domain list for Authorization Grant Flow (by Support) but, maybe you can offer some clarity on what approach we should take, then how to take it step by step - we've been all over the docs here and can't find anything cohesive or instructional that works.

    Questions:

    1.  What auth types are available to us for GraphQL?
    2. We'd like to avoid oauth if possible - because it prevents the need for the redirect stuff.
    3. If we have to use oauth, a working sample from auth to first graphql query, with detailed preliminary steps required that should work on every basic community would be great; preferrably in python but we can translate from other lang if necessary.