kthomp24 Absent Member.
Absent Member.
563 views

APP API KEY in browser?

We are needing to pass an APP API KEY as part of a webpage call for security reasons.  In our current setup we simply have all parameters needed in the URL to handle this.  The vendor has decided that an APP API KEY must be passed as a html header and not part of the URL.  Has anyone had experience in using the browser and passing a key in this manner along with the URL?

 

Thanks as always for any help.

0 Likes
6 Replies
Micro Focus Expert
Micro Focus Expert

RE: APP API KEY in browser?

What do you mean by "a webpage call"?

HTML does not provide a mechanism for setting arbitrary HTTP headers in requests. That means you can't set a custom HTTP header using an HTML element such as A, IMG, or FORM. (FORM will set certain specific request headers, but not under your control.)

Requests made from web page scripts, using Javascript and XMLHttpRequest, can set headers. This is a large topic; scripts may use standard Javascript HTML DOM APIs such as XMLHttpRequest directly, or they may use any of the large number of Javascript frameworks. (IMO, most of those frameworks are poorly designed, but that's the general state of web development today.)

Without knowing more about your application it's impossible to say more. If you're currently invoking the service through pure HTML, it's almost certain you'll need either to change to invoking it via Javascript, or going through a proxy. If you go the Javascript route, you'll have to decide whether to use XHR directly or use a framework, and in the latter case you'll have to pick a framework. In any event you'll want a substantial reference - don't just rely on Google searches and the like. I recommend choosing an option that's covered by a book from a reputable publisher such as O'Reilly.
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

RE: APP API KEY in browser?

Google has some docs on this that may help ... cloud.google.com/.../when-why-api-key .. the key is part of the html (or in Google example a yaml document), the website processing that page then deals with the key
0 Likes
Micro Focus Expert
Micro Focus Expert

RE: APP API KEY in browser?

I'm curious -- what are you using to make the HTTP request ("web page call") -- something like RMNET? Is it a SOAP service you're calling?

EDIT: Whatever you're using to make the HTTP call should be able to let you add arbitrary HTTP request headers - you said HTML headers, but I assume you mean HTTP.

If you're using RMNET, look at the documentation for the HttpPost call, which describes extra-headers you can add.

0 Likes
kthomp24 Absent Member.
Absent Member.

RE: APP API KEY in browser?

To add a bit more information to this question...

1. We put a simple browser onto a screen in Acu-Bench with no values in the address.
2. We modify the browser address with some address...like: https://[server]/create-report-service/?parameter1=[blah]&parameter2=[blah] based on the information we are needing at the time.
3. When the window with the browser is displayed to the user we get the image/report that is created by the service that we are calling (PDF or jpg).

So we are not doing anything complicated...just a simple web URL that will kick off a service that uses the parameters passed. Since all this happens on the same network there is no external calls so security around it was not a concern. The vendor has decided they wanted to make their services externally callable but they are going to require the calling of the services to now include an API APP KEY header.

Hope that helps clear up some questions.
0 Likes
Micro Focus Expert
Micro Focus Expert

RE: APP API KEY in browser?

You will probably need to go from the simple request you are using to using RMNet rountines and HttpPost - there is an RMNetTutorial.pdf that should be installed with your ACUCOBOL-GT installation, in the AcuGT\Samples\RMNet subdirectory.
0 Likes
GMCfourX4 Absent Member.
Absent Member.

RE: APP API KEY in browser?

I didn't see what platform you're on, but if you're on Windows, you can use Microsoft XML 6. The first step is to use axdefgen.exe to create a copybook. On my machine, in the axdefgen.exe tool, it appears on the Libraries tab as "Microsoft XML, v6.0 (Ver 6.0)". Once you have this file, and you put in in the Special-Names, you can find many examples of how to use the HTTP capabilities on sites like StackOverflow. Here is a snippet of some code that we use (it's not complete, but it's close, and it sets an HTTP header):

 

       IDENTIFICATION DIVISION.
       PROGRAM-ID. TESTMSXML.

       ENVIRONMENT DIVISION.

       CONFIGURATION SECTION.

       SPECIAL-NAMES.
           copy "sn/msxml6.def".
           .

       INPUT-OUTPUT SECTION.

       FILE-CONTROL.

       I-O-CONTROL.

       DATA DIVISION.

       FILE SECTION.

       WORKING-STORAGE SECTION.

       77 NEW-OBJECT-ID              PIC  X(0050).
       77 NEW-OBJECT-ID-NUMERIC      REDEFINES NEW-OBJECT-ID
                                       PIC  9(0009).

       77 X                            PIC S9(0009).

       77 POST-STRING                  PIC  X(1024)
                                              VALUE "Some Posting Data".

       77 MS-XML-HTTP-OBJECT           USAGE HANDLE OF @XMLHTTP
                                                    VALUE 0.

       77 WS-URL                       PIC  X(0512) VALUE SPACES.
       77 WS-RESPONSE                  PIC X(64000) VALUE SPACES.
       77 WS-STATUS                    PIC  9(0006) VALUE 0.
       01 COM-OBJECT-ERROR-INFO                     VALUE SPACES.
          05 COM-OBJ-ERR-TYPE          PIC  X(0020).
          05 COM-OBJ-ERR-SOURCE        PIC  X(0050).
          05 COM-OBJ-ERR-DESCRIPTION   PIC  X(0200).

       LINKAGE SECTION.

       PROCEDURE DIVISION

       DECLARATIVES.
       COM-OBJECT-ERROR SECTION.
           USE AFTER EXCEPTION ON OBJECT.
       PROCESS-COM-OBJECT-ERROR.
           CALL "C$EXCEPINFO" USING ERROR-INFO, COM-OBJ-ERR-SOURCE,
               COM-OBJ-ERR-DESCRIPTION.
           SET SVR-LOG-ERROR TO TRUE.
           STRING
              "COM Exception: "
              ERROR-INFO
              ", "
              COM-OBJ-ERR-SOURCE
              ", "
              COM-OBJ-ERR-DESCRIPTION
              INTO SVR-LOG-MSG
           END-STRING.
           PERFORM SVR-LOG-ENTRY.

       END DECLARATIVES.

       PROGRAMMING SECTION.
           PERFORM VARYING X FROM 0 BY 1 UNTIL X > 5
              DESTROY MS-XML-HTTP-OBJECT
              CREATE @XMLHTTP HANDLE IN MS-XML-HTTP-OBJECT
*
              MOVE 0 TO ERROR-INFO-RESULT
              MOVE "www.somesite.com/.../createnew"
                 TO WS-URL
*
              MODIFY MS-XML-HTTP-OBJECT @OPEN("POST", WS-URL, 0)
              MODIFY MS-XML-HTTP-OBJECT
               @SETREQUESTHEADER ("Content-Type",
                "application/x-www-form-urlencoded")
              MODIFY MS-XML-HTTP-OBJECT @SEND(POST-STRING)
              INITIALIZE WS-STATUS
              INQUIRE MS-XML-HTTP-OBJECT @STATUS IN WS-STATUS
              IF WS-STATUS = 200
                 INQUIRE MS-XML-HTTP-OBJECT @RESPONSETEXT IN WS-RESPONSE
                 EXIT PERFORM
              END-IF
           END-PERFORM.
           DESTROY MS-XML-HTTP-OBJECT.
           MOVE WS-RESPONSE(1:18) TO NEW-OBJECT-ID-NUMERIC CONVERT.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.