I'm unsure how to add the Session Request to the API call as per the Food Hygiene Instructions. I've copied the relevant code and hope I am close, but unsure where to put this one part.
Reference: https://api.ratings.food.gov.uk/help
Need to add into the API call: Session.Request.Headers.Add("x-api-version", 2);
Partial Code:
readonly string Baseurl = "https://api.ratings.food.gov.uk";
public async Task<ActionResult> Index()
{
List<Authorities> AuthInfo = new List<Authorities>();
using var client = new HttpClient
{
//Passing service base url
BaseAddress = new Uri(Baseurl)
};
client.DefaultRequestHeaders.Clear();
//Define request data format
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
***//Session.Request.Headers.Add("x-api-version", 2);***
//Sending request to find web api REST service resource GETRegions using HttpClient
HttpResponseMessage Res = await client.GetAsync("Authorities/basic");
The documentation you're referring to is misleading/incorrect. When you talk about Session (at least in the .NET world) you talk about the server-side. You're obviously a client of the API, rather than a developer of it, so they asking you to put stuff in the Session is incorrect.
You're a client, passing headers in your requests, so it's just:
client.DefaultRequestHeaders.Add("x-api-version", "2");
Side note, you may want to reuse that HttpClient instance if you are going to make that call often.
Side note 2: you may want to ask them to fix the docs :)
Related
I'm making an http request post to an external api. I am constructing a json object to add to the request body. How can I check if the added body/content is correct before it is sent.
public async void TestAuthentication()
{
var client = new HttpClient();
var request = new HttpRequestMessage()
{
RequestUri = new Uri("http://test"),
Method = HttpMethod.Post
};
var jsonObj = new
{
data = "eneAZDnJP/5B6r/X6RyAlP3J",
};
request.Content = new StringContent(JsonConvert.SerializeObject(jsonObj), Encoding.UTF8, "application/json");
var response = await client.SendAsync(request);
}
If you are not sure whether the serialization works as intended, you could give it a shot in LINQpad or dotnetfiddle.net. See my example that returns the JSON on the console. These tools are great for quick prototyping a method or a snippet, if you are not sure if a piece of code works as intended.
You could also check in Wireshark, but that could be a bit of an overkill and works best if your connection if not encrypted (no HTTPS).
I personally tend to test code that calls some API the following way:
Make the called URL parameterizable (via the classes constructor)
If there is any variable data this data should be passed as the methods parameter(s)
For your test start an HTTP server from your test fixture (read on testing with xUnit or NUnit if you don't know what this means)
I use PeanutButter.SimpleHTTPServer for that
Pass the local IP to the class that accesses the API
Check whether the HTTP server received the expected data
Whether or not this kind of code shall be tested (this way) may be debatable, but I found this way to work kind of good. I used to abstract the HttpClient class away, but IMHO I would not recommend this anymore, because if the class accesses the API (and does not do anything else, which is important), the HTTP access is the crucial part that shall be tested and not mocked.
how can you send both the access_token and id_token to your api using System.Net.Http? when i was testing my api with postman it seemed to send both tokens and returned the individual user information I needed (a list of products the user is selling). I am unsure how I can do this in my Xamarin app and have being stuck on this for quite some time. I am able to send the access_token as shown below but anything I have tried when sending both tokens has returned a 404 not found. (unauthorized is corrected to a 401 so the access_token is still working)
public async Task<string> GetResponseJsonString(string url)
{
string responseJsonString = null;
var access_token = CrossSecureStorage.Current.GetValue("access_token");
using (var httpClient = new HttpClient())
{
httpClient.DefaultRequestHeaders.Clear();
httpClient.DefaultRequestHeaders.Add("Authorization", "Bearer " + access_token);
HttpResponseMessage response = httpClient.GetAsync(url).Result;
responseJsonString = await response.Content.ReadAsStringAsync();
}
return responseJsonString;
}
Note: I am aware the id_token should contain the user information and it should be decoded rather than sending requests for user information. I looked at this and have been unable to find a library that works in a xamarin PCL. I looked at JosePCL.Jwt but was unable to get it to work. I figure since any time I need user information it is returning information from my database that it made sense to send both tokens with the request and let my api get the user information.
This is entirely dependent on the API you're calling. I've never seen an API that needs something more than the access_token it's provided back to you. It's possible you have the nomenclature incorrect here.
Do you mean "access key & secret"? Or are you certain you have an access_token?
In the former case, normally API's will expect things as followed:
Append the key & secret together separated by a ":"
Base64 Encode
Set the Authorization Bearer|Basic header with the result
It's also worth asking if you've tried passing in the id_token as the Authorization header?
It's also also worth asking if you can provide us with a screen capture of the successful response from postman (make sure you obfuscate the sensitive data).
It's also also also worth pointing out an optimization tweak for your code. Since you're using async, it seems you probably are somewhat concerned about performance. Have a look at this article, discussing the disposability of HttpClient. As a better alternative, use HttpRequestMessage as follows:
public async Task<string> GetResponseJsonString(string url)
{
string responseJsonString = null;
var req = new HttpRequestMessage(HttpMethod.Get, "/your/api/url");
req.Headers.Authorization = new AuthenticationHeaderValue("Bearer", access_token);
using (var resp = await client.SendAsync(req))
using (var s = await resp.Content.ReadAsStreamAsync())
using (var sr = new StreamReader(s))
{
if (resp.IsSuccessStatusCode)
{
responseJsonString = await sr.ReadToEndAsync();
}
else
{
string errorMessage = await sr.ReadToEndAsync();
int statusCode = (int)resp.StatusCode;
//log your error
}
}
return responseJsonString;
}
Where client is a reference to a statically shared instance of HttpClient. My preferred way to do all this, is to wrap my API calls, usually one-file-per-service. I inject this service as a singleton, which will broker it's own static instance of HttpClient. This setup is even more straightforward if you're using .NET Core.
I have a web api that is working great in test using an access token / bearer authentication. I authenticate and make requests using HttpClient. Easy.
Here is the basic web client setup. The base address is a constant that I change when moving to production.
public static HttpClient GetClient()
{
HttpClient Client = new HttpClient();
Client.BaseAddress = new Uri(Ics2Constants.ICS2APIBaseAddress);
Client.DefaultRequestHeaders.Accept.Clear();
Client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
return Client;
}
I build the token request login info like so:
var values = new Dictionary<string, string>();
values.Add("grant_type", "password");
values.Add("username", "niceUser");
values.Add("password", "NiCePaSsWord");
var loginContent = new FormUrlEncodedContent(values);
And then I make the request for the access token:
var loginResponse = await client.PostAsync("/Token", loginContent);
In test mode, perfect. I can get my access token, pass it back on subsequent requests. All is good.
When I move to production. I get a bad request 400 on the request for access token. I do have the base address right because if I take off the authorize attribute I can get data back.
Something is different about the request for access token in production, but I have no clue what to change.
Well, the answer ended up being two part:
1) Issue with the web host. They had a corruption on their end.
2) After they fixed their issue I still received a 404 (not found)... so I had to take out the "/" in my PostAsync. So the new line looks like so:
var loginResponse = await client.PostAsync("Token", loginContent);
It worked in debug on the local side with the "/", but the production side was not happy.
I'm up and working now. :)
I'm currently using the System.Net.Http.HttpClient for cross platform support.
I read that it is not a good practice to instantiate a HttpClient object for each request and that you should reuse it whenever possible.
Now I have a problem while writing a client library for a service. Some API calls need to have a specific header, some MUST not include this specific header.
It seems that I can only manipulate the "DefaultRequestHeaders" which will be send with each request.
Is there an option when actually making the request with e.g. "client.PostAsync()" to modify the headers only for the specific request?
(Info: Requests can be multi threaded).
Thanks in advance!
Yes, you can create a new HttpRequestMessage, set all the properties you need to, and then pass it to SendAsync.
var request = new HttpRequestMessage() {
RequestUri = new Uri("http://example.org"),
Method = HttpMethod.Post,
Content = new StringContent("Here is my content")
}
request.Headers.Accept.Add(...); // Set whatever headers you need to
var response = await client.SendAsync(request);
Use HttpContent.Headers. Simply create HttpContent instance with required headers and pass it to PostAsync method.
I have an Asp.net Web API project which has several CRUD methods.
On top of these methods, i want to add an Authorization service that reads the Authorization header and prevent users of accessing the resources (if they are not authorized).
// Method on internal IP Project
public class InternalController : ApiController
{
public void Create(CreateRequest request)
{
// implement the method
}
}
// Method on public IP Project
public class ExternalController : ApiController
{
public async Task Create(CreateRequest request)
{
// validate Authorization header and throw exception if not valid
using (HttpClient client = new HttpClient())
{
string parameters = string.Format("param1={0}¶m2={1}", request.Param1, request.Param2);
client.BaseAddress = new Uri("http://192.168.1.1/");
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage response = await client.GetAsync("api/internal/create?" + parameters);
response.EnsureSuccessStatusCode();
}
}
}
Is there any way of "Redirecting" the request from the External API to the Internal API more easily?
Right now, i have to manually re-create all the parameters that i receive in ExternalAPI and send them in the InternalAPI, even if they are the same.
Can i make HttpClient automatically send the HttpRequestMessage (Request) object that i have in ExternalAPI method?
When speaking about ASP.NET Web API. HttpClient will not automatically redirect you. When you have become response from internal service you can pass it to external. Or you can redirect your action like here
To make it correct redirection for client from REST point of view use HTTP Redirect Headers and repsonse codes. For example HTTP response code 302. And then client should be able to react on such response code and get redirect address from Location header. But it's about redirect for client.
When speaking about call of some internal services from your API from architecture. You have following alternatives:
Call your internal service as class method
Make service to service call
Setup message queue or bus and your API will communicate with it through service bus.
Call your internal service as class method
Very easy. No impact and delays for service call. But you should reference assembly and it's not always possible. Or such way could be not possible due to requirements
Make service to service call
Has disadvantages: your services are tightly coupled, you have delay and should wait for response from internal service. It's considered as bad practice. But could be a good temporarily solution as first step to service bus.
Setup message queue or bus and your API will communicate with it through service bus.
Your services are decoupled and independent. You shouldn't wait for response. But it's technically harder to set up and make your architecture and infrastructure more complex/
As summary
There is no best way from the box for your architecture and you should select from alternatives based on your requirements.
Here is the sample code to Post the data to web api:-
var handler = new HttpClientHandler {UseDefaultCredentials = true};
using (var client = new HttpClient(handler))
{
client.BaseAddress = new Uri("https://IE url.com");
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var postDataObject = new
{
SCName = properties.Site.PortalName,
TotalSites = properties.Web.Webs.Count
};
var jsonPostData = new JavaScriptSerializer().Serialize(postDataObject);
HttpContent content = new StringContent(jsonPostData, System.Text.Encoding.UTF8, "application/json");
HttpResponseMessage response = client.PostAsync("/controllerclassname/InsertUpdateDataOperation", content).Result;
if (response.IsSuccessStatusCode)
{
//Check the response here
// var webApiResponse = response.Content.ReadAsStringAsync().Result;
}