Solved: how to insert query parameters while converting so...

Report Inappropriate Content · 02-26-2017 01:41 PM

I have like this in postman

http://dc01apimdv02:9002/ivr5//memeligibilityinquiry?memNo=12345&mediTypeVa=0&memDOB=**/**/****&stat...

Here I have String queryparameter in my URL. How can I insert query parameters (to be simple with the question mark I want the URL with all slash's)

jparagon

I see a couple of issues here, but it sounds to me like the most important of which is how to not send member details in clear text.

The first thing I would look into is what type of identity management / auth solution is being used. If this is coming from an app, login, or client how are the member details sent?

The second would be, what type of authentication can be possible here? Would you be able to send an OpenID or JWT token to help secure the member details? Possibly use a third party IDP service (like Okta) to help manage and retrieve identity information?

If there isn't any flexibilty in looking into an identity solution the third would be sending encrypted data in the body.

Also, highly recommend using https to help secure all data in the requests.

Here would be my preference in this case:

- This -> https://github.com/apigee/iloveapis2015-jwt-jwe-jws/tree/master/jwt_signed

- Setup Apigee for the callout and possibly a regex polity to validate the token looks like JWT

?mediTypeVa=3&memDOB=2017-02-26&stateName=TX

Pre-request

JWT

{
"typ": "JWT",

"alg": "HS256"

}

{

"iss": "thiscompany.com",

"exp": 130985030,

"mediatypeva": 3,

"dob": "2017-02-26,

"state": "TX"

}

Request

GET https://mycompany/api/member/{id}

"Authorization: JWT <your_token>"

Apigee
[callout]-> 200 - data stored in variables if needed

[target]-> http://dc01apimdv02:9002/ivr5/memeligibilityinquiry/{id}

Response

200

{

"egibility": true

}

View solution in original post

ssvaidyanathan

Hi @sai gurunath Boggavarapu - not sure the ask is clear ? Can you be more elaborate please?

Report Inappropriate Content

hey Sai thanks for quick response, the thing is I have an soap end point that I need to convert into rest. for that I used Soap to rest api proxy. while I was trying to hit rest url in postman I can able to see the member details.

My problem is I can able to insert parameters in header only.

http://dc01apimdv02:9002/ivr5//memeligibilityinquiry?memNo=*****&mediTypeVa=3&memDOB=**/**/***&state...

in the above url I dont want with string parameter (no question I need ) I need complete URl with slash's like below

http://dc01apimdv02:9002/ivr5//memeligibilityinquiry/memNo=*****&mediTypeVa=3&memDOB=**/**/***&state...

Pls help me

ssvaidyanathan

Hi @sai gurunath Boggavarapu

I don't think thats the correct URI format. Please refer to this spec. Your ask does not adhere to the RESTFul standards. The best way is to convert those to URIs in conjunction with query params

For example - the end point you posted is a query for eligibility - so going by the standards, I would change it to something like

http://dc01apimdv02:9002/ivr5/mem/eligibility/inquiries/1234?mediTypeVa=3&memDOB=2017-02-26&stateNam...

Please URL encode if you think there are special characters on any of these query parameters. For dates, follow ISO8601 format as an ideal approach which makes the URL readable. Please bear in mind - constructing these URIs are very important as it needs to be intuitive to any body whose trying to consume it. With the above URL - I know that I am getting the information of inquiries whose id is 1234 and the others are filters within.

Hope that helps.

PS: I have assumed its a simple inquiry service and made that up. Wanted to highlight the design aspect more than the solution.

Report Inappropriate Content

hi @Sai Saran Vaidyanathan I don't want to send the request using query parameters, rather I would like to send it in Json format. but I am not sure about the config.

jparagon

I see a couple of issues here, but it sounds to me like the most important of which is how to not send member details in clear text.

The first thing I would look into is what type of identity management / auth solution is being used. If this is coming from an app, login, or client how are the member details sent?

The second would be, what type of authentication can be possible here? Would you be able to send an OpenID or JWT token to help secure the member details? Possibly use a third party IDP service (like Okta) to help manage and retrieve identity information?

If there isn't any flexibilty in looking into an identity solution the third would be sending encrypted data in the body.

Also, highly recommend using https to help secure all data in the requests.

Here would be my preference in this case:

- This -> https://github.com/apigee/iloveapis2015-jwt-jwe-jws/tree/master/jwt_signed

- Setup Apigee for the callout and possibly a regex polity to validate the token looks like JWT

?mediTypeVa=3&memDOB=2017-02-26&stateName=TX

Pre-request

JWT

{
"typ": "JWT",

"alg": "HS256"

}

{

"iss": "thiscompany.com",

"exp": 130985030,

"mediatypeva": 3,

"dob": "2017-02-26,

"state": "TX"

}

Request

GET https://mycompany/api/member/{id}

"Authorization: JWT <your_token>"

Apigee
[callout]-> 200 - data stored in variables if needed

[target]-> http://dc01apimdv02:9002/ivr5/memeligibilityinquiry/{id}

Response

200

{

"egibility": true

}

how to insert query parameters while converting soap to rest.