How to get/set cookies for REST API

simonezini · ‎01-21-2021

Hi all,

I'm trying to call a REST API and it needs two different step: the first one to get an access token, the second one to do the REST call.

I'm able to do the first one, in fact I'm getting the access token correctly.

The problems come with the second one, because I need to get cookies and token from the first call and pass them to the 2nd.

I'm able to pass the access token in header with setRequestHeader(string Name, string Value), but I can't reach to correctly set cookies in the 2nd REST call. Here the code used for the 2nd call:

//"token" contains token from the first call

var r = new sn_ws.RESTMessageV2('Create user', 'POST');
var body = '';
r.setRequestHeader('X-CSRF-Token', token.toString());

/***** BODY START *****/
body += '{\n';
body += '......';
body += '}\n';
/***** BODY END *****/

r.setRequestBody(body);
var response = r.execute();
var responseBody = response.getBody();
var httpStatus = response.getStatusCode();

However I don't know how to use setCookies() or a similar function to correctly pass the cookies when doing POST REST call.

Could please anyone help me?

Thanks!

Simone

simonezini · ‎05-18-2021

Hi all,

in the end we manage to remove the access token from the third-party application and chanage auth type for the 2nd call (without an access token).

Thanks for your replies

View solution in original post

howardaustin · ‎02-17-2021

Hey simonezini,

I am facing a similar challenge. Maybe if we pool our experience, we can find the solution. Based on your notes, it sounds like you are familiar with response.getCookies(); to pull out the cookies from the first call. You can also use response.getHeader('Set-Cookie'); which gives the cookies in a slightly different format.

For the second call, I have used:

 r.setRequestHeader('Cookie',cookie);

This mimics my Postman layout, but does not appear to be received by the Endpoint. At the end of the day, a cookie is simply a custom Header to pass across. I believe the Host isn't aligned for the cookie to validate, or I have entered some value wrong.

Alternatively, you could add a variable and pass it in. Let me know if it works better for you:

r.setStringParameterNoEscape('cookie',cookie);

Edit: I figured it out!!!!!!!!!!!

// Original header
var r = new sn_ws.RESTMessageV2('Create user', 'POST');
var body = '';
r.setRequestHeader('X-CSRF-Token', token.toString());
// Adding in the cookies
var cookies = response.getCookies(); // This is the response from the GET token call.
var cookieResponse = processCookies(cookies);  // This is how you transform the cookie to the right format.
r.setRequestHeader("Cookie",cookieResponse); // This is how you add the cookies to the POST.

function processCookies(cookiesSource){
   // The response is neither an array or a string, so I bullied it into an array.
   var cookies = cookiesSource.toString();
   cookies = cookies.replace("[", "");
   cookies = cookies.replace("]","");
   var arrayCookie = cookies.split(',');
   
   var response = ""; 
   for (var i = 0; i<arrayCookie.length; i++){
      //for each cookie provided, you need to parse it down to "JSESSIONID=EB233D63974F.........3DE1ECD1F02;" and combine it
      var start = cookie.split(';');
      response += start[0] + ";";
   }
   gs.info("Response from arrayCookie: "+ response);
   return response;
}

Hope this helps!

Sowmya Chinnara · ‎05-18-2021

Hi,

I am not getting even the access token(token in your code).My requirement is the same of yours.Can i get your 1st code which is used to get the x-csrf token.if resolved can i get the second code.i tried a lot to figure it out but couldn't.

Thanks,

Sowmya

simonezini · ‎05-18-2021

Hi,

here's the code I've used to get the first access token (X-CSRF-TOKEN):

var token = '';
try{
	var r = new sn_ws.RESTMessageV2('TEST - Token', 'GET');
	
	var response = r.execute();
	var responseBody = response.getBody();
	var httpStatus = response.getStatusCode();
	gs.log("REST Call - StatusCode: " + httpStatus );
	gs.log("REST Call - ResponseBody : " + responseBody);
	
	if(httpStatus == 200 || httpStatus == 201){
		token = response.getHeader("X-CSRF-Token");
		gs.log("REST Call - Token : " + token);
	}
} catch(ex) {
	var message = ex.getMessage();
}

simonezini · ‎05-18-2021

Hi all,

in the end we manage to remove the access token from the third-party application and chanage auth type for the 2nd call (without an access token).

Thanks for your replies