Cognos Analytics

Cognos Analytics

Connect, learn, and share with thousands of IBM Cognos Analytics users! 

 View Only
Back to discussions
Expand all | Collapse all

REST API logon

  • 1.  REST API logon

    Posted Mon August 17, 2020 10:06 AM
    Hello,

    I want to use the new REST API controllers to upload Excel and CSV files from a 3rd party application.
    However, any attempt to log in to the Cognos system using the REST controller /api/session fails.
    (I use the REST tool POSTMAN)

    URL:
    http://<bi server hostname>:9300/bi/api/session

    Method:
    PUT

    Header:
    accept = application/json
    content-type = application/json

    Body:
    {
    "parameters": [
    {
    "name": "CAMNamespace"
    "value": "<LDAP ID>"
    },
    {
    "name": "CAMUsername"
    "value": "<username>"
    },
    {
    "name": "CAMPassword."
    "value": "<password>"
    }
    ]
    }

    I always get a "403 forbidden" error
    If I test the same parameters in swagger, this works.

    does anyone have an idea or experience with the REST controllers?

    Best regards

    Martin Braun

    ------------------------------
    Martin Braun
    ------------------------------

    #CognosAnalyticswithWatson


  • 2.  RE: REST API logon

    Posted Wed January 13, 2021 05:27 PM
    Martin,

    I am having the same issue that you describe.  I have tried getting it to work with Postman and SoapUI without any luck.  Did you ever get this working, or does anybody have any suggestions?

    Doug

    ------------------------------
    Doug Williams
    ------------------------------

    Original Message


  • 3.  RE: REST API logon

    Posted Thu January 14, 2021 12:56 AM
    Hi Doug & Martin,

    By default, Cognos requires an additional cookie, 'X-XSRF-TOKEN' The value of this token is returned if you do your first call to /login

    You can either implement that, of for the quick fix, disable the X-XSRF check:

    1. Open the Windows Services window and stop the IBM Cognos service.

    2. Open the file installation_location\wlp\usr\servers\cognosserver\bootstrap.properties.

    3. Add the following line:

      disableXSRFCheck=true

    4. Save the file.

    5. Restart the IBM Cognos service

      Rgds,
      Reinier





    ------------------------------
    Reinier Battenberg
    https://github.com/CognosExt
    ------------------------------

    Original Message


  • 4.  RE: REST API logon

    Posted Thu January 14, 2021 09:41 AM
    Martin,

    I wrote an article on how to log in and utilize the new REST APIs using Python. The example might help since you will ultimately wish to move from Postman into an actual scripting language.

    https://www.linkedin.com/pulse/scripting-new-rest-api-ibm-cognos-analytics-robert-hofstetter/

    ------------------------------
    Robert Hofstetter
    ------------------------------

    Original Message


  • 5.  RE: REST API logon

    Posted Thu January 14, 2021 10:24 AM
    Edited by System Admin Fri January 20, 2023 04:42 PM
    Thanks, Reinier and Robert.

    I was able to get the initial Session Put to work in SoapUI yesterday by adding the credential information as a JSON string instead of individual parameters.

    Now I am not able to get any of the get requests to work.  I have taken XSRF-Token cookie returned from the Session Put into the header of a GET request, say for /api/v1/files.  When I submit that, I get an "Authorization Required" response.  When I look at the network activity when using the Swagger API Test Page, I see that there is also a Cookie parameter in the header that seems to contain all of the Set-Cookie information returned in the Session PUT response header.  So is that also required?

    Doug


    ------------------------------
    Doug Williams
    ------------------------------

    Original Message


  • 6.  RE: REST API logon

    Posted Fri January 15, 2021 04:12 AM
    Dear Doug, 

    Have you tried this Swagger API Test Page after clearing the Cookies. Try it and then Restart the Cognos Server . hope it will work

    ------------------------------
    Adnan Sheeraz
    ------------------------------

    Original Message


  • 7.  RE: REST API logon

    Posted Fri January 15, 2021 09:57 AM
    Hi Adnan,

    The Swagger API test page works fine.  It's getting the requests to work using Postman or SoapUI where I'm having problems.  I can create a Session using the PUT /api/v1/session request, but haven't been able to get any of the GET requests to work using the XSRF-TOKEN in the response.  It seems that the other cookies in the response are used also, but I haven't verified that.

    ------------------------------
    Doug Williams
    ------------------------------

    Original Message


  • 8.  RE: REST API logon

    Posted Mon January 18, 2021 09:25 AM
    Edited by System Admin Fri January 20, 2023 04:23 PM

    Hi Doug, 

    when I worked with REST API I found out, that I have to pass whole cookies set which I received from PUT /api/v1/session. You also have to add new header X-XSRF-TOKEN with value of XSRF-TOKEN which you received from PUT statement.

    Then the other requests to the CA REST API are working fine. When I used only X-XSRF-TOKEN itself (without reusing cookies set from put statement), then I received "Authorization Required." error message.



    ------------------------------
    Jiri Smrz
    ------------------------------

    Original Message


  • 9.  RE: REST API logon

    Posted Tue January 19, 2021 06:10 PM
    Hi Jira,

    Thanks for the response and confirming I need the entire set of cookies in addition to the X-XSRF-TOKEN.  I was able to get it to work by constructing a new single cookie consisting of all of the ones returned from the Session PUT.  I also had to include the XSRF-TOKEN cooking in the whole cookie with the other ones, even though it is singled-out in its own header item, X-XSRF-TOKEN.

    Doug

    ------------------------------
    Doug Williams
    ------------------------------

    Original Message


  • 10.  RE: REST API logon

    Posted Wed May 19, 2021 10:43 AM
    Hi @Jiri Smrz,
    I am not able to apply /session or /files or /extensions to url because​ my url is /ibmcognos/bi/v1/disp ,then how to use /session for getting XSRF-TOKEN?
    And how to use /files and /extensions too?

    ----------------------
    Amol
    -------------------

    ------------------------------
    Amol Pukale
    ------------------------------

    Original Message


  • 11.  RE: REST API logon

    Posted Thu May 20, 2021 02:56 AM
    Edited by System Admin Fri January 20, 2023 04:28 PM

    Hello  Amol,

    I suppose ibmcognos/bi/v1/disp is legacy portal URL. You should be able to access to the REST API through this URL.

    https://<cognos_analytics_server>:<port>/api/api-docs

    See the REST API documentation .
    So, for instance, to create session you have to run PUT request on https://<cognos_analytics_server>:<port>/api/v1/session URL with following JSON body: 

    {
  "parameters": [
    {
      "name": "CAMNamespace",
      "value": "LDAP"
    },
    {
      "name": "CAMUsername",
      "value": "johnsmith"
    },
    {
      "name": "CAMPassword",
      "value": "mypassword"
    }
  ]
}

     As a response, you should get XSRF-Token key. 

    I also think that since CA 11.2.0 there is a change in logon action - you should be able to use cafContextId value in IBM-BA-Authorization header instead of reusing whole cookies. But unfortunately I have not had a time to test new Cognos version yet. 



    ------------------------------
    Jiri Smrz
    ------------------------------

    Original Message


  • 12.  RE: REST API logon

    Posted Thu May 20, 2021 03:33 AM
    Hi @Jiri Smrz,
    I am able to create session using https://<cognos_analytics_server>/api/v1/session. But i am getting response like
     
    {
  "generation": 3,
  "shareable": false,
  "isAnonymous": false,
  "cafContextId": "CAFW000000a0Q0FGQTYwMDAwMDAwMDlBaFFBQUFDZUxHLWhHdEVBZTZFUW5neEw0Qi1TU2g1aGtRY0FBQUJUU0VFdE1qVTJJQUFBQUxDUmJHb293dTRLREZDNGtmNmFKYUphdnBNcjhWbU5BeGJBVUVKeERnbmw0NTA0nM_",
  "logEnabled": false,
  "canCallLogon": false,
  "url": "/api/v1"
}
    I tried out on https://<cognos_analytics_server>:<port>/api/api-docs.
    But rin api-docs,they mentioned about logEnabled:true,canCallLogon=true.
    Is it wrong response.
    And After session created i am getting on next request by passing xsrf token
    { "message": "Authentication required." }
    Thanks!
    ----------
    Amol
    ----------


    ------------------------------
    Amol Pukale
    ------------------------------

    Original Message


  • 13.  RE: REST API logon

    Posted Thu May 20, 2021 03:39 AM
    Ah, I see.
    Based on your JSON, you are on CA 11.2.0. As I mentioned in previous post, I have not had a time to test it.

    But based on CA REST 11.2 documentation you should reuse cafContextId and add header IBM-BA-Authorization with value from cafContextId. 

    There is no XSRF-Token in CA 11.2.0 response.

    ------------------------------
    Jiri Smrz
    ------------------------------

    Original Message


  • 14.  RE: REST API logon

    Posted Wed June 22, 2022 01:49 PM
    I recently had a need to test some code against CA 11.2.2 and discovered that I was no longer getting an XSRF-TOKEN cookie in the response from log on. Thanks for pointing out they have updated this. Here is some working code in PowerShell for an example of the new method of passing along the session key:

    $url = "http://server:9300/api/v1/session"

    $raw_json = Invoke-RestMethod $url -Method Put -Body $credentials -ContentType "application/json" -SessionVariable websession

     

    # Grab the session key and add it to the request header for future REST calls

    $script:request_header = @{'IBM-BA-Authorization' = $raw_json.session_key}

     

    $url = "http://server:9300/api/v1/content"

    $raw_json = Invoke-RestMethod -Uri $url -Method Get -Headers $request_header -WebSession $websession



    ------------------------------
    Robert Hofstetter
    ------------------------------

    Original Message


  • 15.  RE: REST API logon

    Posted Thu May 20, 2021 04:02 AM
    Hi @Jiri Smrz,
    I am using cognos 11.1.7.​ And i am getting server response code 201(session created)
    Response body
    {
  "generation": 3,
  "shareable": false,
  "isAnonymous": false,
  "cafContextId": "CAFW000000a0Q0FGQTYwMDAwMDAwMDlBaFFBQUFDZUxHLWhHdEVBZTZFUW5neEw0Qi1TU2g1aGtRY0FBQUJUU0VFdE1qVTJJQUFBQUp6M2d6VXlUeWplNEdkVXk3cTBiUEo1S2IwOG1NR2xNS3dHQmNkamE4Kno0MTV8cnM_",
  "logEnabled": false,
  "canCallLogon": false,
  "url": "/api/v1"
}
    

    Response headers
    

     cache-control: no-cache  content-language: en-US  content-length: 302  content-type: application/json
     date: Thu, 20 May 2021 07:37:51 GMT
     expires: Thu, 01 Jan 1970 00:00:00 GMT
     x-ca-affinity: 3526048407
     x-ca-requesttime: path=session; start=1621496271093; end=1621496271177; elapsed=84
     x-ca-transaction: C9dGh9jqhGsClMdsM2h8ysMlMMvqhj9hl4Mhh 
    Thanks!
    ---------
    Amol
    ---------


    ------------------------------
    Amol Pukale
    ------------------------------

    Original Message


  • 16.  RE: REST API logon

    Posted Thu May 20, 2021 04:26 AM

    Sorry, that was my misunderstanding!! :-) I have the same JSON response.

    XSRF-Token is part of cookies. You have to get this value from session headers. How to do that depends on your implementation. If you are using swagger from https://<cognos_analytics_server>:<port>/api/api-docs you can check it directly in your browser.

    1.In Chrome/Edge (on Chromium) use shortcut CTRL + SHIFT + I. Developer console will open.
    2. In developer Console, go to network tab
    3. On Swagger, execute PUT request to create session
    4. In Developer Console, on network tab new Cookies tab should be available. Here you can see your XSRF-Token cookie and its value. 



    ------------------------------
    Jiri Smrz
    ------------------------------

    Original Message


  • 17.  RE: REST API logon

    Posted Thu May 20, 2021 04:57 AM
    Hi @Jiri Smrz,
    I am getting following cookies and XSRF token. Do i need to pass all cookies in get request.
    After passing all these, still i am getting 
    {"message":"Authentication required."}


    While creating session , iam getting canCallLogon": false,Is it ok or not?

    ------------------------------
    Amol Pukale
    ------------------------------

    Original Message


  • 18.  RE: REST API logon

    Posted Thu May 20, 2021 05:00 AM
    Yes, you have to reuse all cookies from that session. And also you have to create new header X-XSRF-TOKEN with value you retrieved in XSRF-TOKEN cookie.


    ------------------------------
    Jiri Smrz
    ------------------------------

    Original Message


  • 19.  RE: REST API logon

    Posted Mon May 24, 2021 04:57 AM
    Hello @Jiri Smrz,
    I am able to create session and getting response as following.
    Is it correct response?
    After that, i am going for GET request, using all session cookies in params and xsrf- token in the header sesction.

    Still i am getting
    "message""Authentication required."
    Please check all screenshots


    ------------------------------
    Amol Pukale
    ------------------------------

    Original Message


  • 20.  RE: REST API logon

    Posted Thu May 27, 2021 08:43 AM
    I think you'll need to send the cookies back as cookies, not params. 

    In my script I do this:
    1 - call GET /session
         This returns a 401 but it gives me the XSRF-Token in the Set-Cookie response header.
    2 - call PUT /session
           I send a header for X-XSRF-TOKEN and a header "Cookie" with the contents of the "Set-Cookie" returned from step 1.
           I also include a body with the parameters for the login 
    This returns a 201 and a bunch of other cookies.
    3- On all other calls, I include the X-XSRF-TOKEN header from step 1 and then all of the Set-Cookie lines from step 2 and it works.

    ------------------------------
    Andrew Wheeler
    ------------------------------

    Original Message


  • 21.  RE: REST API logon

    Posted Fri May 28, 2021 02:39 AM
    Edited by System Admin Fri January 20, 2023 04:18 PM

    Hi, 

    Andrew is right. You have to reuse all cookies. I am not aware of this implementation, but for instance in Java (with using apache.HttpClient), my process was following:

    1. I send PUT request to create a session. I stored all cookies into a cookie store. 
    2. For other requests I manually adding X-XSRF-Token header with value from XSRF-Token cookie retrieved in step one, but I also reusing all cookies from step one because I initialized the cookie store in first step. 

    I also suppose that XSRF-Token cookie value has to match with X-XSRF-Token header.



    ------------------------------
    Jiri Smrz
    ------------------------------

    Original Message


  • 22.  RE: REST API logon

    Posted Mon June 14, 2021 06:48 AM
    Hi Jiri & Andrew,
    @Jiri Smrz @Andrew Wheeler
    Thanks for your guidance. It means a lot.
    Unfortunately i am not getting response on the swagger api tool.
    After creating session on swagger, i am getting unauthorized message for next GET request.
    I guess if swagger shows response then we can continue to postman and java etc.
    Please correct me if i am wrong.
    So i am little confuse, should i test it on java program or some another reason causing issue like we have custom authentication?
    Please guide on this.
    Thanks!​​

    ------------------------------
    Amol Pukale
    ------------------------------

    Original Message


  • 23.  RE: REST API logon

    Posted Mon June 14, 2021 09:52 AM
    Honestly, the swagger tool does not work for me either.  It does work in Postman, though, which is what I used to set up my javascript calls.

    ------------------------------
    Andrew Wheeler
    ------------------------------

    Original Message


  • 24.  RE: REST API logon

    Posted Thu March 17, 2022 03:40 PM
    That was such an important little detail! Couldn't get my API request to work and spent hours looking into it! But changing the header to 'X-XSRF-TOKEN' made the difference. Looking back at the IBM documentation it also states this, but for people not so technical it's easy to overlook the added "X-" and just put "XSRF-TOKEN" as returned from the put request.

    This has been my approach.

    1) Clear any cookies related to the Cognos URL in Postman (There's a cookies link in the top right corner).
    2) Create the put request <server>/api/v1/session with the associated parameters in the body.
    3) Get the XSRF-TOKEN listed in the Cookies and Headers section in the request output below.
    4) Create a new get request <server>/api/v1/files without the body from before, but instead add a header with 'X-XSRF-TOKEN' and paste the value from 'XSRF-TOKEN' retrieved in step 2.

    ------------------------------
    Lasse Matthias
    ------------------------------

    Original Message


  • 25.  RE: REST API logon

    Posted Thu March 17, 2022 03:57 PM
    This is a really nice thread that shows how many hours you can spent on debugging REST API calls made with xyz (e.g. Postman) 

    My five cents on this:
    1. I love curl for handling the headers for me. 
    2. Handling this in angular is quite heavy ... here is a handy library for that

    And yes ... Reiniers Lib on github is also very cool.

    Why don't we have a call and show off the cool stuff around this?

    regards,
    Ralf

    ------------------------------
    Ralf Roeber
    https://linkedin.com/in/ralf-roeber-470425a/
    ------------------------------

    Original Message


  • 26.  RE: REST API logon

    Posted Mon August 01, 2022 09:29 AM
    This thread tells you how much time you can save by doing all of your work first.
    Postman, you're my five cents, but I agree. Curl is the best way to handle headers
    AngularJS is quite heavy to use, so the AngularJS library is a handy one for that.
    Rainier's is very cool.
    A: I'm having a problem with a friend who's trying to create a
    Wouldn't it be great if we could make cool things cool again?

    ------------------------------
    Apks Walk
    ------------------------------

    Original Message


Related Content