This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

how to restrict bearer token length or how length of token varies?

Posted on 05-09-2021 10:52 PM
sethujaganathan
New Member
Reply posted on --/--/---- --:-- AM

I am working on Mainframe systems(Z/OS) call API to get data.

1. I am able to hit token URI and get the token(Bearer access_token).

2. And also I can pass the token to actual API call and get a response as data.

The Challenges here are:

The token generated with Mainframe API call has total length of 1084 bytes.

IBM provided tool kit supports - 999 bytes for any of header fields. Hence I am getting Unauthorized (401) error as response(because token is taken only up to 999 bytes, remaining part of token is truncated, while passing to header).

Question #1: Is there any way to restrict the generated token length by changing some Hashing Algorithm or something?

Please note: I can generate a token from Postman/SoapUI which generates token of length 919 bytes. By passing this in header I am able to fetch data via API call.

Question #2: Is that generated token length varies depends on calling tool? (or) On which basis token length varies for same request calling it from different tools?

0 5 434
Topic Labels
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Is this question related to Apigee? It seems not.

You seem to be asking about

  • an IBM-provided Mainframe API that generates a token with length 1084 bytes
  • An IBM-provided toolkit that allows you to send headers of up to 999 bytes

None of these things are Apigee things, are they?

Is that generated token length varies depends on calling tool? (or) On which basis token length varies for same request calling it from different tools?

This seems like a question you should be asking on an IBM developer forum. You're asking about the token that the Mainframe API returns, right?

0 Likes

Posted on --/--/---- --:-- AM
sethujaganathan
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Thanks for your Response! I am just curious to know how token is been generated based on some algorithms? It would be helpful, If someone provides that information.

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to sethujaganathan
Reply posted on --/--/---- --:-- AM

I am just curious to know how token is been generated based on some algorithms?

I think it's impossible for anyone here to answer that question. It sounds like the token is being generated by IBM toolkits or APIs. And we (I suppose) don't know anything about those implementations, nor about the algorithms used, and so on.

I think you will have a better chance at getting a helpful response\ by asking on an IBM developer forum.

0 Likes

Posted on --/--/---- --:-- AM
sethujaganathan
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

I have raised the same queries in IBM as well, yet to get response. By the way, Token is generated by called URI only it is NOT generated by mainframes Z/OS.

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to sethujaganathan
Reply posted on --/--/---- --:-- AM

Ahh, I see. In that case, whoever owns the called URI, can tell you how the token is generated.

0 Likes