In datapower Multi-Protocol_Gateway Policy rule, we are building a POST request with content-type 'application/x-www-form-urlencoded'.
However the backend comes back with 400. 

To make it the simplest, we set the content-type to 'application/x-www-form-urlencoded',
then session.output.write('clientId=1234&grantType=password'); 

Looking at the probe, I see the Content with the request clientId=1234&grantType=password,
and Headers include Content-Type 'application/x-www-form-urlencoded'.

am I missing something here?




------------------------------
Michael Bae
------------------------------

You're getting back a 400, so something is malformed.  I actually don't know if it is required without testing, but, do you also need to set the content length?  The thing is, I always do, so not sure if that is required.



------------------------------
Joseph Morgan
------------------------------

Original Message:
Sent: Tue August 16, 2022 02:15 PM
From: Michael Bae
Subject: Sending POST request with content type 'application/x-www-form-urlencoded'

In datapower Multi-Protocol_Gateway Policy rule, we are building a POST request with content-type 'application/x-www-form-urlencoded'.
However the backend comes back with 400. 

To make it the simplest, we set the content-type to 'application/x-www-form-urlencoded',
then session.output.write('clientId=1234&grantType=password'); 

Looking at the probe, I see the Content with the request clientId=1234&grantType=password,
and Headers include Content-Type 'application/x-www-form-urlencoded'.

am I missing something here?




------------------------------
Michael Bae
------------------------------

Hi it is neither necessary nor possible to set the content length for a post request from the datapower ; the code will calculate that automatically.

What do the logs from the backend server say? Does it indicate why this is a bad request? Can you try it against a local loopback datapower service to see if you can get more data?

------------------------------
Matthias Siebler
MA
------------------------------

Original Message:
Sent: Tue August 16, 2022 02:15 PM
From: Michael Bae
Subject: Sending POST request with content type 'application/x-www-form-urlencoded'

In datapower Multi-Protocol_Gateway Policy rule, we are building a POST request with content-type 'application/x-www-form-urlencoded'.
However the backend comes back with 400. 

To make it the simplest, we set the content-type to 'application/x-www-form-urlencoded',
then session.output.write('clientId=1234&grantType=password'); 

Looking at the probe, I see the Content with the request clientId=1234&grantType=password,
and Headers include Content-Type 'application/x-www-form-urlencoded'.

am I missing something here?




------------------------------
Michael Bae
------------------------------

If your content is supposed to be url encoded shouldn't then the '&' show up as something different?

------------------------------
Francois Brandelik
------------------------------

Original Message:
Sent: Wed August 17, 2022 07:27 AM
From: Matthias Siebler
Subject: Sending POST request with content type 'application/x-www-form-urlencoded'

Hi it is neither necessary nor possible to set the content length for a post request from the datapower ; the code will calculate that automatically.

What do the logs from the backend server say? Does it indicate why this is a bad request? Can you try it against a local loopback datapower service to see if you can get more data?

------------------------------
Matthias Siebler
MA

Original Message:
Sent: Tue August 16, 2022 02:15 PM
From: Michael Bae
Subject: Sending POST request with content type 'application/x-www-form-urlencoded'

In datapower Multi-Protocol_Gateway Policy rule, we are building a POST request with content-type 'application/x-www-form-urlencoded'.
However the backend comes back with 400. 

To make it the simplest, we set the content-type to 'application/x-www-form-urlencoded',
then session.output.write('clientId=1234&grantType=password'); 

Looking at the probe, I see the Content with the request clientId=1234&grantType=password,
and Headers include Content-Type 'application/x-www-form-urlencoded'.

am I missing something here?




------------------------------
Michael Bae
------------------------------

Hi Francois,

I've only encoded the key and value 

for (var property in details) {
var encodedKey = encodeURIComponent(property);
var encodedValue = encodeURIComponent(details[property]);
formBody.push(encodedKey + "=" + encodedValue);
}

formBody = formBody.join("&");

------------------------------
Michael Bae
------------------------------

Original Message:
Sent: Wed August 17, 2022 08:35 AM
From: Francois Brandelik
Subject: Sending POST request with content type 'application/x-www-form-urlencoded'

If your content is supposed to be url encoded shouldn't then the '&' show up as something different?

------------------------------
Francois Brandelik

Original Message:
Sent: Wed August 17, 2022 07:27 AM
From: Matthias Siebler
Subject: Sending POST request with content type 'application/x-www-form-urlencoded'

Hi it is neither necessary nor possible to set the content length for a post request from the datapower ; the code will calculate that automatically.

What do the logs from the backend server say? Does it indicate why this is a bad request? Can you try it against a local loopback datapower service to see if you can get more data?

------------------------------
Matthias Siebler
MA

Original Message:
Sent: Tue August 16, 2022 02:15 PM
From: Michael Bae
Subject: Sending POST request with content type 'application/x-www-form-urlencoded'

In datapower Multi-Protocol_Gateway Policy rule, we are building a POST request with content-type 'application/x-www-form-urlencoded'.
However the backend comes back with 400. 

To make it the simplest, we set the content-type to 'application/x-www-form-urlencoded',
then session.output.write('clientId=1234&grantType=password'); 

Looking at the probe, I see the Content with the request clientId=1234&grantType=password,
and Headers include Content-Type 'application/x-www-form-urlencoded'.

am I missing something here?




------------------------------
Michael Bae
------------------------------

Hi Michael,

The GatewayScript looks fine.  I agree with Matthias that a packet capture to the backend server would show what is going across the wire.  If that backend is https, don't forget to get the ssl/tls session keys enabled on the packet capture so the pcap can be decrypted.  Without seeing your service, just some thoughts:

1. I'm assuming the GatewayScript action is writing to either the OUTPUT context or to a context that is used in the final results action that sends that context to OUTPUT?  Remember, the session.output.write is writing to the output context configured on the GatewayScript action, but what is sent to the backend is what is written to OUTPUT.
2. Does your GatewayScript action specify an input context?  If so, it used to be that if you don't read that context with a session.input.readAsxxxx function, GatewayScript could replicate that payload in addition to what is written in your session.output.write.  If that is the case and you don't need any input, set the input context to NULL in your GatewayScript action.
3.  One DataPower nuance I've seen from time to time during service development is that your processing policy rule MUST access the INPUT context or that data will be put on the wire to the backend in addition to what is intended to be sent to the OUTPUT context.  If you have data POSTed to your service, that data could be sent to the backend in addition to the query string your GatewayScript wrote.  If that is the case, a simple Set Variable action that sets some unused variable var://context/mycontext/noop to a value of 1 that references INPUT as the input context will be sufficient.

Ultimately, the packet capture will tell what is going on.

Regards,
Steve

------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM
------------------------------

Original Message:
Sent: Wed August 17, 2022 01:17 PM
From: Michael Bae
Subject: Sending POST request with content type 'application/x-www-form-urlencoded'

Hi Francois,

I've only encoded the key and value 

for (var property in details) {
var encodedKey = encodeURIComponent(property);
var encodedValue = encodeURIComponent(details[property]);
formBody.push(encodedKey + "=" + encodedValue);
}

formBody = formBody.join("&");

------------------------------
Michael Bae

Original Message:
Sent: Wed August 17, 2022 08:35 AM
From: Francois Brandelik
Subject: Sending POST request with content type 'application/x-www-form-urlencoded'

If your content is supposed to be url encoded shouldn't then the '&' show up as something different?

------------------------------
Francois Brandelik

Original Message:
Sent: Wed August 17, 2022 07:27 AM
From: Matthias Siebler
Subject: Sending POST request with content type 'application/x-www-form-urlencoded'

Hi it is neither necessary nor possible to set the content length for a post request from the datapower ; the code will calculate that automatically.

What do the logs from the backend server say? Does it indicate why this is a bad request? Can you try it against a local loopback datapower service to see if you can get more data?

------------------------------
Matthias Siebler
MA

Original Message:
Sent: Tue August 16, 2022 02:15 PM
From: Michael Bae
Subject: Sending POST request with content type 'application/x-www-form-urlencoded'

In datapower Multi-Protocol_Gateway Policy rule, we are building a POST request with content-type 'application/x-www-form-urlencoded'.
However the backend comes back with 400. 

To make it the simplest, we set the content-type to 'application/x-www-form-urlencoded',
then session.output.write('clientId=1234&grantType=password'); 

Looking at the probe, I see the Content with the request clientId=1234&grantType=password,
and Headers include Content-Type 'application/x-www-form-urlencoded'.

am I missing something here?




------------------------------
Michael Bae
------------------------------

Hi Matthias, 

The backend server is a 3rd party and getting the logs is not an option.
However, I was able to get 200 valid response back by bypassing Datapower.

400 the error message complains about the first parameter they check in the following scenarios:
1. Datapower(build the request)--> 3rd Party backend API 
2. ESB AppConnect (build the request) --> Datapower (just passthrough) --> 3rd Party backend API 
I suspect some sort of wrapper in the body request that is causing the issue.

200 valid response back when:
1. ESB AppConnect (build the request) --> 3rd Party backend API.

Using Datapower is as our gateway is a requirement, but it seems Datapower is doing something to the request that the backend APi doesn't like.
Any experience with this?

------------------------------
Michael Bae
------------------------------

Original Message:
Sent: Wed August 17, 2022 07:27 AM
From: Matthias Siebler
Subject: Sending POST request with content type 'application/x-www-form-urlencoded'

Hi it is neither necessary nor possible to set the content length for a post request from the datapower ; the code will calculate that automatically.

What do the logs from the backend server say? Does it indicate why this is a bad request? Can you try it against a local loopback datapower service to see if you can get more data?

------------------------------
Matthias Siebler
MA

Original Message:
Sent: Tue August 16, 2022 02:15 PM
From: Michael Bae
Subject: Sending POST request with content type 'application/x-www-form-urlencoded'

In datapower Multi-Protocol_Gateway Policy rule, we are building a POST request with content-type 'application/x-www-form-urlencoded'.
However the backend comes back with 400. 

To make it the simplest, we set the content-type to 'application/x-www-form-urlencoded',
then session.output.write('clientId=1234&grantType=password'); 

Looking at the probe, I see the Content with the request clientId=1234&grantType=password,
and Headers include Content-Type 'application/x-www-form-urlencoded'.

am I missing something here?




------------------------------
Michael Bae
------------------------------

You'd probably have to get a decrypted pcap of both cases and compare to see what datapower does differently.

------------------------------
Matthias Siebler
MA
------------------------------

Original Message:
Sent: Wed August 17, 2022 01:04 PM
From: Michael Bae
Subject: Sending POST request with content type 'application/x-www-form-urlencoded'

Hi Matthias, 

The backend server is a 3rd party and getting the logs is not an option.
However, I was able to get 200 valid response back by bypassing Datapower.

400 the error message complains about the first parameter they check in the following scenarios:
1. Datapower(build the request)--> 3rd Party backend API 
2. ESB AppConnect (build the request) --> Datapower (just passthrough) --> 3rd Party backend API 
I suspect some sort of wrapper in the body request that is causing the issue.

200 valid response back when:
1. ESB AppConnect (build the request) --> 3rd Party backend API.

Using Datapower is as our gateway is a requirement, but it seems Datapower is doing something to the request that the backend APi doesn't like.
Any experience with this?

------------------------------
Michael Bae

Original Message:
Sent: Wed August 17, 2022 07:27 AM
From: Matthias Siebler
Subject: Sending POST request with content type 'application/x-www-form-urlencoded'

Hi it is neither necessary nor possible to set the content length for a post request from the datapower ; the code will calculate that automatically.

What do the logs from the backend server say? Does it indicate why this is a bad request? Can you try it against a local loopback datapower service to see if you can get more data?

------------------------------
Matthias Siebler
MA

Original Message:
Sent: Tue August 16, 2022 02:15 PM
From: Michael Bae
Subject: Sending POST request with content type 'application/x-www-form-urlencoded'

In datapower Multi-Protocol_Gateway Policy rule, we are building a POST request with content-type 'application/x-www-form-urlencoded'.
However the backend comes back with 400. 

To make it the simplest, we set the content-type to 'application/x-www-form-urlencoded',
then session.output.write('clientId=1234&grantType=password'); 

Looking at the probe, I see the Content with the request clientId=1234&grantType=password,
and Headers include Content-Type 'application/x-www-form-urlencoded'.

am I missing something here?




------------------------------
Michael Bae
------------------------------