Configuring Header to work with a specific API

General
1

I am attempting to get an HTTP API request to work. I have multiple different connections to various products / API's / Websites / hardware using . Just one I am struggling with and it is to my ignorance on configuring these. The product connecting to (for transparency purposes) it Tenable Nessus. I will show my keys as they are expired and that system decommissioned. What I am attempting to do (for now is just Prototyping) is to use the function node connected to an http request node. This is not prod so it is only to test the connection and response. Here is a working Curl (Works Perfect):

curl -k -H "X-ApiKeys: accessKey=f88f43863c3c21aa081974100f616560fadbf22aaf684bf79fff0dd7cabebd3f; secretKey=55b8f76d138f43475ad439ded6b5f9e1ccf51774d33a0345ede2e2df31342aeb" https://192.168.50.106:8834/scans

Note that it starts with ApiKeys: then two veriable pairs. So it is an object consisting of two variables. Now I have tried to set the header (again, it is a prototype so cleartext keys are fine for now). I have tried this:
------------Start Code------------

var v1="f88f43863c3c21aa081974100f616560fadbf22aaf684bf79fff0dd7cabebd3f";
var v2="55b8f76d138f43475ad439ded6b5f9e1ccf51774d33a0345ede2e2df31342aeb";
var hHeader={};
hHeader['accessKey']=v1;
hHeader['secretKey']=v2;
msg.headers = {};
msg.headers['x-ApiKeys']=hHeader
msg.rejectUnauthorized = false

------------End Code------------
Also note, I could use the Exec node...but this will not be scalable and the preference is to not go out to the system.

Thanks for any direction

2

Those are not quite the same. 'x' vs 'X'

3

I note you are setting the header to an object, rather than a string. I'm not 100% sure how that will get handled by the node - it isn't something I've ever seen done.

You may find you need to construct the header value as a string.

As for the X Vs x - in theory http header names should not be case sensitive, so that shouldn't be an issue... unless you're working with a server that requires them to be case sensitive despite what the spec says.

4

Great catch...thank you. Fixing the case does'nt fix the issue...but it is still a great catch. My key issue is how to set the header to match what an equivelant that works in curl. So the curl is ' curl -k -H "X-ApiKeys: accessKey=' Note the ApiKeys:' which is what led me to try creating an object and putting it as the header. That does not work. So I am trying to figure in Node-Red speak (can do it in Python and others) how to push a header that is:
*X-ApiKeys: accessKey={Key1}; secretKey={Key2}*

5

One other...using curl in the command line if I put in 'x-ApiKeys' or 'X-ApiKeys' both works. I was wrong in putting in the wrong case...but they both work with curl. Note, again, this works with the exec node using curl...just do not want to use the exec node....so a function and http request node is the goal for the test.

6

Try the following:

var v1="f88f43863c3c21aa081974100f616560fadbf22aaf684bf79fff0dd7cabebd3f";
var v2="55b8f76d138f43475ad439ded6b5f9e1ccf51774d33a0345ede2e2df31342aeb";
msg.headers = {};
msg.headers['x-ApiKeys']=`accessKey=${v1}; secretKey=${v2}`;
msg.rejectUnauthorized = false
7

Brilliant...

8

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.