OroCRM Forums

Covering OroCRM topics, including community updates and company announcements.

Forums Forums OroCRM API query

This topic contains 11 replies, has 5 voices, and was last updated by  diglin 10 years ago.

Starting from March 1, 2020 the forum has been switched to the read-only mode. Please head to StackOverflow for support.

  • Creator
    Topic
  • #30058

    arikurtz
    Participant

    Hi
    I’m having problem understanding exactly how are the API filter commands are to be executed. I see that the format is

    /api/rest/{version}/user/filter

    and for user command there is 2 filters of either email or username but I don’t understand exactly where to initiate these filter variables.

    All help will be greatly appreciated.

    Best Regards

    Ari Kurtz

Viewing 11 replies - 1 through 11 (of 11 total)
  • Author
    Replies
  • #30059

    Alexandr Smaga
    Participant

    Hi.

    Now only pagination supported in “list” requests. For user there is filter by email and username it should be called in following format

    #30060

    ZOTTIG
    Participant

    Hi
    Can you help me.
    How I can auth by WSSE in /api/rest with jquery?

    #30061

    Alexandr Smaga
    Participant

    Hello.

    Are you going to use REST inside the platform/crm application ?
    If so you do not need to pass WSSE because user already will have authorization cookie.

    JQuery code could be similar to following:
    $.ajax('http://crmdev.lxc/app_dev.php', {
    type: "GET",
    beforeSend: function(xhrObj){
    xhrObj.setRequestHeader("Authorization",'WSSE profile="UsernameToken"');
    xhrObj.setRequestHeader("X-WSSE", '');
    },
    });

    But keep in mind that to access from different domain you should allow CORS access.

    #30062

    ZOTTIG
    Participant

    Hi.
    I try this:

    And have result:

    What I doing wrong?

    #30063

    Alexandr Smaga
    Participant

    Hi.

    Recently we updated version of WSSE bundle and now it uses salt to generate “digest”. So i guess used app/console oro:wsse:generate-header command, am I right ?
    If so there will be small issue, here is a patch for you.

    Hope it will help.

    P.S. Also keep in mind that new version of WSSE bundle requires unique “nonce” on each request to prevent “replay attack”. So header should be regenerated with unique nonce.

    #30064

    ZOTTIG
    Participant

    Thank you very much! It works!
    How can I not regenerate headers each request? I have a lot of requests.

    #30065

    Alexandr Smaga
    Participant

    Seems that it’s correct behavior for WSSE. So for security reasons you should regenerate it.

    Please let us know if you have any other questions.

    #30066

    Dima Soroka
    Keymaster

    @ZOTTIG, this is an issue, we’ll solve this in next release at the beginning of April.

    #30067

    diglin
    Participant

    The patch works for me too but regenerating each time the key is not fun….

    At the moment I generate those keys via CLI. But am I right? normally I should generate it only once to use it from a third party application. So @dima this is what you mean that it will be fixed and only once this key should be generated.

    Thanks for the reply

    #30068

    Alexandr Smaga
    Participant

    @diglin It will work as I described before(the same in WSSE specs). You can find algorithm for header generation in our GenerateWSSEHeaderCommand and implement it in your client application.

    Issue that will be fixed in next release is related to “salt”, the problem was that you unable to generate header without “salt” and regular user should not know anything about it.

    #30069

    diglin
    Participant

    @asmaga Thanks for the explanation

Viewing 11 replies - 1 through 11 (of 11 total)

The forum ‘OroCRM’ is closed to new topics and replies.

Back to top