I have simulated successfully API calls with my postman client.
Postman client automatically populates the required JSESSIONID, COOKIE, and CLIENT ID.
However, when I try to realize the same with python I get 401. It looks like the session variable of the request API does not hold the required information
I would like to replicate the entire step below with both Postman generated python script and my script
Postman script
In the first POST call, I use my secretKey to request the secret
import requests
url = "https://url.com/v1/session/auth/token?X-Requested-By=Maddy&Content-Type=application/x-www-form-urlencoded"
payload="secret_key=zxcvfc-103f-950d-856d-cxvfdgh&username=myuser001&access_level=FULL"
headers = {
'X-Requested-By': 'Maddy', #This is my header
'Content-Type': 'application/x-www-form-urlencoded', #My header
'Cookie': 'route=e7esaafb42ce234234242347482341f; clientId= zxcvfc-103f-950d-856d-cxvfdg; JSESSIONID=e34cc53d-e99c-4296-a4fe-0d70a246bd11' #Postman generated
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)
I get a secret JHNXZasdasdasdasjdakdasdjdalsdjasdladasdlalsdjajsdjaskdjaksjdaskjdjaskdljasj very long
then the second GET call is done with the secret I have received.
import requests
url = "https://url.com/callosum/v1/session/login/token?username=myuser001&auth_token=JHNXZasdasdasdasjdakdasdjdalsdjasdladasdlalsdjajsdjaskdjaksjdaskjdjaskdljasj&redirect_url=https://url.com/callosum/v1/tspublic/v1/user/list"
payload={}
headers = {
'Cookie': 'route=e78as0dad9009q029420349249f; clientId=s0255-6598-5103-dec3-defererer090; JSESSIONID=dfgas8484-659595656-6526-5626-7589898ads'
}
response = requests.request("GET", url, headers=headers, data=payload)
print(response.text)
#The response contains JSON output with a list of users
Not the above header junk that contains id and session and cookie is generated by the postman
Now this is how my Python script looks like
url = "https://url.com/callosum/v1/session/auth/token?X-Requested-By=Maddy&Content-Type=application/x-www-form-urlencoded"
payload="secret_key=zxcvfc-103f-950d-856d-cxvfdgh&username=myuser001&access_level=FULL"
headers = {
'X-Requested-By': 'Maddy', #These one is mine
'Content-Type': 'application/x-www-form-urlencoded' #these one is mine
}
with requests.session() as s:
secret = s.post(url, data=payload, headers=headers,verify=False).text
#secret contain the lengthy secret for the get call stored in the variable secret
payload1 = {}
#The url2 contains login url and redirect url that contains the user API for get method
url2 = "https://url.com/callosum/v1/session/login/token?username=myuser001&auth_token={}&redirect_url=https://url.com/callosum/v1/tspublic/v1/user/list".format(secret)
r = s.get(url2,data=payload1,verify =False)
#Also tried without payload and with and without header results are the same
print(r.cookies)
print(r.text) #401 unauthroized
I get the secret but not the data. Do let me know if there is something that needs to be added.
Best Regards,
Gabby