Exercise | Authorisation and the REST API |
Data | None |
Overall Goal | To show how to properly authorise a call in the REST API |
Demonstrates | The info call |
This shows how to create an authorised call in the FME Server REST API. Authorisation is an essential component in the REST API. Most calls do require authorisation as a way to verify that the user may access information from the server. Authorisation in the FME Server REST API is handled with tokens. This will be demonstrated and further explained below.
1) Create the Call Below
GET | http://localhost/fmerest/v3/info |
---|
Copy and Paste this URL into the Toolbar in Postman and then click send!
This call will require a token. This next part of the demonstration will show you what happens when you make an unauthorised call to the server.
You should receive a message that says 401 Unauthorised. This is because we have not used a token to authorise the call. The next part of the guide will go over how to make a request on the server using a token.
2) Get A Token
Get the token created in the previous exercise.
3) Use the Token in a Call
Now that we have a token we may use it in the request. Next to "GET" paste the following URL into Postman. Replace "yourTOKEN" with the token you have received from the server.
GET | http://localhost/fmerest/v3/info?fmetoken=<yourTOKEN> |
---|
You should receive the 200 response code from FME Server. Please note, this is not the preferred method of authorisation. By putting the token into the URL it is visible and will be less secure.
4) Use the Token in a Call Using the Preferred Method
The preferred method is to use the Authorisation Header. To find where to place the Authorisation Header, look underneath to the URL find the Headers section. In here, under key write Authorisation. Then set the value to fmetoken token=<yourTOKEN>. The URL should be:
GET | http://localhost/fmerest/v3/info |
---|
KEY | VALUE |
Authorization | fmetoken token=<yourTOKEN> |
Now try running the call by clicking the Send button.
5) Review the Response
Once you click Send, you will see this response in Postman. This call returns the build and version.
In this section, we went through the basics of making an authorised call to FME Server. Now, we can add a Preset so that our authorisation header is saved within Postman and can be used in further calls.
6) Access the Presets section to add a preset
On the right-hand side of the screen, there is a section to create a Preset. Presets allow a user to save this authorisation information for the future.
7) Create a new preset
Click add to add the preset.
Fill in the values to create the new preset:
- Header Preset Name: Token
- Key: Authorization
- Value: fmetoken token=<yourTOKEN>
- Description: Token Expires<yourTokenExpiry>
To use this Header Preset in future calls simply type token in the key section and select the preset. Then your header will automatically fill with the preset.
Other Authorisation Option
You may also use the standard authorisation within Postman. However, this course will use the token in the header.
CONGRATULATIONS |
By completing this exercise you have learned how to:
|