This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Service CallOut for getting access token from external source

Posted on 09-14-2020 11:04 AM
praviningawale
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

How to use Service CallOut for getting access token from external source. I have to write Service Callout for getting this token.

I need to pass below details in header:

Content-Type : application/x-www-form-urlencoded

Authorization : Basic (BASE64ENCODED)

I need to pass below details in Body:

grant_type : refresh_token

refresh_token : {ajaskdkjskjdksj}

Below is my code:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ServiceCallout name="GetThirdPartyAccessToken">
    <Request variable="googleAuthRequest">
        <Payload contentType="application/x-www-form-urlencoded" variablePrefix="$" variableSuffix="%"><![CDATA[
grant_type=refresh_token&refresh_token=ajaskdkjskjdksj&client_id=CLIENT_ID&client_secret=VERY_SECRET&redirect_uri=myredirectURI
]]></Payload>
    </Request>
    <Response>calloutResponse</Response>
    <Timeout>30000</Timeout>
    <HTTPTargetConnection>
        <Properties/>
        <URL>https://wd2-impl-services1.workday.com/ccx/oauth2/mmc9/token</URL>
    </HTTPTargetConnection>
</ServiceCallout>
Solved Solved
0 4 1,016
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

your code should look similar to 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ServiceCallout async="false" continueOnError="false" enabled="true" name="Service-Callout-1">
    <DisplayName>Service Callout-1</DisplayName>
    <Properties/>
    <Request>
        <Set>
            <Headers>
                <Header name="Content-Type">application/x-www-form-urlencoded</Header>
                <Header name="Authorization">Basic xyz</Header>
            </Headers>
            <FormParams>
                <FormParam name="grant_type">refresh_token</FormParam>
                <FormParam name="refresh_token">{request.formparam.a}</FormParam>
            </FormParams>
        </Set>
    </Request>
    <Response>calloutResponse</Response>
    <HTTPTargetConnection>
        <Properties/>
        <URL>http://mocktarget.apigee.net/echo</URL>
    </HTTPTargetConnection>
</ServiceCallout>

View solution in original post

Jump to Solution
4 REPLIES 4

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

your code should look similar to 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ServiceCallout async="false" continueOnError="false" enabled="true" name="Service-Callout-1">
    <DisplayName>Service Callout-1</DisplayName>
    <Properties/>
    <Request>
        <Set>
            <Headers>
                <Header name="Content-Type">application/x-www-form-urlencoded</Header>
                <Header name="Authorization">Basic xyz</Header>
            </Headers>
            <FormParams>
                <FormParam name="grant_type">refresh_token</FormParam>
                <FormParam name="refresh_token">{request.formparam.a}</FormParam>
            </FormParams>
        </Set>
    </Request>
    <Response>calloutResponse</Response>
    <HTTPTargetConnection>
        <Properties/>
        <URL>http://mocktarget.apigee.net/echo</URL>
    </HTTPTargetConnection>
</ServiceCallout>
Jump to Solution

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
In response to
Reply posted on --/--/---- --:-- AM

Above looks correct with just few notes

  1. No need to set the content-type explicitly if you are using FormParams. Apigee sets it automatically. See docs here
  2. Try not to hardcode the Auth header in the policy. Use the Encrypted KVMs to fetch and then either use BasicAuth policy to encode them or else use the Message Template to encode them
  3. Use variables for request, something like
<Request clearPayload="true" variable="myRequest">

so that you have complete control on that request object

Jump to Solution

Posted on --/--/---- --:-- AM
praviningawale
Silver 1
Silver 1
In response to
Reply posted on --/--/---- --:-- AM

Hi,

I hardcoded the refresh_token in the service callout in place of {request.formparam.a} and then tested proxy via trace.

The overall proxy was in error with status 400.

However, I could see the access token generated in Service Callout Response.

But, when I try using POSTMAN by using POST method and URL as proxy end point I get invalid request error. However, if I use same proxy endpoint with all the details(Header, authorization, grant_type, refresh_token) in POSTMAN then I get access token.

Is this expected behaviour ?

Please note that API proxy only has ServiceCallout policy and nothing else.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to praviningawale
Reply posted on --/--/---- --:-- AM

Yes , it's expected.

Jump to Solution
0 Likes