Talking to an API

Anything beyond the basics in using the LiveCode language. Share your handlers, functions and magic here.

Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller

Nakia
Posts: 425
Joined: Tue Feb 21, 2012 8:57 am

Re: Talking to an API

Post by Nakia » Thu Mar 07, 2013 5:08 am

Happy days...

Was able to succesfully post to the API now..Thanks so much for you help!!

Nakia
Posts: 425
Joined: Tue Feb 21, 2012 8:57 am

Re: Talking to an API

Post by Nakia » Thu Mar 07, 2013 6:04 am

LOL...

Now I need to learn how to authenticate with works proxy... My Scripts work but not when on my works corporate network due to a
proxy authentication issue I believe..

Any tips on where to look for tips on this as a search in the forum did not yield to many results.

Nakia
Posts: 425
Joined: Tue Feb 21, 2012 8:57 am

Re: Talking to an API

Post by Nakia » Mon Mar 11, 2013 6:22 am

anyone got any ideas with this one?

Simon
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 3901
Joined: Sat Mar 24, 2007 2:54 am

Re: Talking to an API

Post by Simon » Mon Mar 11, 2013 6:40 am

Hi Nakia,
Do your users know their proxy settings?
set the HTTPProxy to host:portNumber
Run a check to see if they are outside the proxy first.

If they don't know and if it's being used across multiple proxy's and you want it automated... then the trouble really starts.

Simon
I used to be a newbie but then I learned how to spell teh correctly and now I'm a noob!

Nakia
Posts: 425
Joined: Tue Feb 21, 2012 8:57 am

Re: Talking to an API

Post by Nakia » Mon Mar 11, 2013 8:20 am

Hi Simon,

The problem is I can't seem to find how to set the httpProxy
With credentials (username and password)

Our proxy requires authentication to get outside our corporate network.

I have tried setting the httpProxy anyway (without credentials) but
Of course it fails.. I found a forum that mentioned setting the proxy-authorisation in
the the http headers but seems to also fail. Even if that worked wouldn't the header then
Be incorrect for the call to the API?

Scratching head right now ?

n9yty
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 52
Joined: Thu Feb 28, 2013 11:33 pm

Re: Talking to an API

Post by n9yty » Tue Mar 12, 2013 5:54 am

Is it using standard HTTP Proxy Authentication?

You might look here:

www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

And also on the link in the above document under footnote 43 about HTTP Authentication....

www.ietf.org/rfc/rfc2617.txt

It looks like when you make a request for which a proxy requires authentication it will reply with a 407 error, then you re-send the request with the right headers set containing your credentials and the proxy issues the request downstream but it removes your authentication headers before doing so. I wish I had one to test with, but I don't so I can't offer much more than that. I know when I was playing with REST, SOAP and XML-RPC there was a fair bit of working with HTTP headers.

Nakia
Posts: 425
Joined: Tue Feb 21, 2012 8:57 am

Re: Talking to an API

Post by Nakia » Tue Mar 12, 2013 6:12 am

Thanks for the reply.

I have learned today that it uses NTLM authentication which seems it may be a problem
As LC has no out of the box support for this.. Have been pointed in the direction of the GLX Framework which
Seems to cater for this but it seems like a new way of thinking in terms of development..

Open to any suggestions as I'm kinda loosing patience with this road block.

n9yty
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 52
Joined: Thu Feb 28, 2013 11:33 pm

Re: Talking to an API

Post by n9yty » Tue Mar 12, 2013 2:42 pm

Have you looked at the documentation on NTLM over HTTP authentication?

http://www.innovation.ch/personal/ronald/ntlm.html

http://davenport.sourceforge.net/ntlm.html

It looks like that should be do-able with just httpheaders support that is in LiveCode, shouldn't it? It would certainly require some poking around with the binary data, but binaryEncode() and binaryDecode() should allow you to manually work it out.

I say this all having never done it, so please forgive me if I am wrong.

I found the glx NTLM stuff, seems to work only on Windows as it has a .dll external that must be installed.
revolution.screenstepslive.com/s/revolution/m/glxapp

I also saw a reference to this in the libURL docs by way of the handlers:
libUrlSetAuthCallback

A bit more info here:
http://www.lacscentre.com/liburl/liburldoc.html

It says it requires an external to generate the NTLM keys, though. I found a unencumbered (no dependencies that is) C routine here, perhaps it could help it constructing some LiveCode handler to do it?

http://cntlm.sourceforge.net

(or python)

http://ntlmaps.sourceforge.net

I also saw a reference that the `curl` binary may have ntlm support (it does on my Mountain Lion Mac OS X install), so perhaps you could call that as a shell script to do your authentication?

Or, the library left to us by Mark Smith ?

http://marksmith.on-rev.com/revstuff/files/

Anyway, just fishing for ideas for you.

Nakia
Posts: 425
Joined: Tue Feb 21, 2012 8:57 am

Re: Talking to an API

Post by Nakia » Tue Mar 12, 2013 11:30 pm

Thanks kindly for all those suggestions.

It seems which ever way I look at this its going to be very complicated. As the application I am building is only going to run on windows (its all our company uses and allows) Im thinking I will likey just switch to the GLX Application Framework but I may just try the addition of the .dll first with some custom handlers.

LC is great tool and I couldn't be happier with it but sometimes these little "road blocks" really place some strain on a task and frustrate me to no end..

n9yty
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 52
Joined: Thu Feb 28, 2013 11:33 pm

Re: Talking to an API

Post by n9yty » Wed Mar 13, 2013 12:58 am

Nakia wrote:Thanks kindly for all those suggestions.

It seems which ever way I look at this its going to be very complicated. As the application I am building is only going to run on windows (its all our company uses and allows) Im thinking I will likey just switch to the GLX Application Framework but I may just try the addition of the .dll first with some custom handlers.

LC is great tool and I couldn't be happier with it but sometimes these little "road blocks" really place some strain on a task and frustrate me to no end..
I am thinking that it may not be too bad, that you could make it work with libURL (built in to LiveCode) with that dll added and the use of the libUrlSetAuthCallback() stuff, the docs I poinkted to over at lascentre.com are more informative about that than the LiveCode docs, even though LiveCode has a more recent version of the library itself. :) But it does specifically mention the use of that for NTLM so it should be possible to make it work.

See notes here about possibly using some of the GLX logic without the whole framework if you know the proxy server IP and don't need to handle the use of PAC files.... http://www.mail-archive.com/use-revolut ... 22627.html

I also found a httest tool that should simulate an NTLM server for testing, I may even play around with this, but no guarantees on that one, I've got a full plate at the moment. But if you have no aversion to using GLX that is probably the easiest route to go. I wish you all the best, if you think about it post back on how it goes.

Nakia
Posts: 425
Joined: Tue Feb 21, 2012 8:57 am

Re: Talking to an API

Post by Nakia » Wed Mar 13, 2013 1:40 am

Had a small break throught today.

IT have given me a proxy server to authenticate to that uses Basic Authorization!!!
I can now authorize with the proxy and load a URL (for example google) and all works as expected.

The issue I have now is that the API doesn't seem to like the authorization string that is in the httpHeader that is required to authenticate with the
proxy server.. It was my understanding that the proxy should have removed this from the call but it doesn't appear so...

n9yty
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 52
Joined: Thu Feb 28, 2013 11:33 pm

Re: Talking to an API

Post by n9yty » Wed Mar 13, 2013 2:01 am

Hmm... This would be most interesting.... If your final API host requires you use HTTP Basic Authentication to access it, but the proxy server is also using HTTP Basic Authentication, it seems like this would be an insurmountable problem... If you provide credentials to the proxy server and it removes them before sending upstream then you will have no credentials for the API. But if it leaves them in, and the login is different, then the API will reject it as a bad attempt. But I've not dealt with this configuration.

In reading back through this thread, I see it was recommended (not sure what you ended up doing) to set the http headers to specify Content-Type:, Accept:, and Authorization: Basic {hash of username/password}. In doing some brief looking, the examples for a http basic auth proxy server use an http header of Proxy-Authorization: Basic {hash of username/password}. If that is the case, then they shouldn't conflict. And, as described earlier in this thread, the hash is calculated via base64encode(username&":"&userpass) for both cases.

Edit: see this: http://stackoverflow.com/questions/1002 ... on-headers

Seems that Proxy-Authorization: is handled (and removed) by the proxy server, and WWW-Authorization: is passed through to your API (maybe just Authorization: but I am not sure on that point). I am also not clear if both are sent in the same request or if, as the link above showed, in a sequential fashion as you handle the responses coming back.

Nakia
Posts: 425
Joined: Tue Feb 21, 2012 8:57 am

Re: Talking to an API

Post by Nakia » Wed Mar 13, 2013 3:11 am

Thanks for your reply..

Have made some further progress but still hitting road blocks unfortunately.
It seems that if I do any requests to HTTPS whilst going through my company proxy I get a socket error 10061...

Does this maybe point to a certifictaes issue?

Nakia
Posts: 425
Joined: Tue Feb 21, 2012 8:57 am

Re: Talking to an API

Post by Nakia » Wed Mar 13, 2013 10:11 am

Want to add a little more context to my comments above as I tend to ramble a touch ...

Now I have a proxy I can successfully authenticate with whilst on my work network I can successfully get
any HTTP address.. But if its secure HTTPS I get a socket error returned..

Now, take my computer off my work network and I can get both HTTP and HTTPS addresses..

Where would you look next ? ? Certificates?? Have tried setting libUrlSetSslVerification false.

Note: I can successfully view HTTPS sites when on my work network through a web browser so is it something that LC is missing ?

n9yty
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 52
Joined: Thu Feb 28, 2013 11:33 pm

Re: Talking to an API

Post by n9yty » Wed Mar 13, 2013 5:47 pm

Does the proxy not handle HTTPS ? You might ask IT about that one.

Post Reply