Hello Team,
I have a API which can only be accessed via SSL Certificate and Basic Authentication. I only to generate the response. I have already able to generate the respone successfully via Postman manually.
How can the same be achieved via RobotFramework. Any help is much appreciated. Thanks.
Hi @sayom88 ,
Have you tried Requests Library, specifically starting your Requests Library session with Create Client Cert Session?
Dave.
Hi @damies13 i looked into it, but unable to crack it…can you please share one small sample code to help me.
Unfortunately I don’t have an example, I’ve never need to do this myself as not many people use self-signed certs these days.
Perhaps if you post what you have I can see anything that doesn’t match with the doco?
But I expect it would need to look something like this:
${client_certs}= Create List ${path to certs}client_certificate.pem ${path to certs}client_key.pem
Create Client Cert Session Session_Alias https://your.api.server/path client_certs=${client_certs}
Hi - I am getting 400 Bad request error , but the same works fine when run from Postman.
I am using robotframework-requests library version 0.9.4, python 3.9
here is my code
Hi Sarala,
Firstly, its bad practice to hijack an old thread (your less likely to get an answer) so in future start a new thread and link to the old thread if you think it’s related to your problem.
Next start with the basics, make sure what you are requesting is exactly the same from Requests library as what you are requesting with Postman
Some examples of differences I see at a first glance
| Requests | Postman |
|---|---|
| Token_Name | Token Name |
| TestTokenname | testtoken |
| grant_type | Grant Type |
| client_credentials | Client Credentials |
| client_id | Client Id |
| Client_Secret | |
| 1 Header (Content-Type) | 10 Headers |
Beyond that, can you show the request headers and bodies from both Requests Library and Postman?
Ideally you want to get the raw request headers and request bodies in a text file and compare them with a diff tool to help you see what the differences are, and that will tell you what you need to change to make it work.
Dave.
Dave - Apologies for replying on old thread, fairly new to this group.
As you see in my postman clip, the actual API service and the OAUTH API service are two different APIs. We call the OAUTH service, get the token and pass that as bearer token to the actual API. The Body is mainly the Payload with business data for the actual API. And about 1 header vs 10 headers in Postman, those were auto generated and hidden in Postman. To get the auth token in Postman, I go to the Postman AUTH tab and request new token and use that token. For that call, all I need is that content-type header. Just to confirm, I unchecked all autogenerated headers, still was able to get the new token from Postman. However when I post the actual API call, I had to add them back, otherwise I am getting bad request error. The Robot code is Only for the first part, to get the token and that is failing on 400 error.
Hi Sarala,
No worries, doesn’t bother me, but in many forums it can cause you issues, so I mention it to hopefully save you from some nasty comments.
Great news, you’ve ruled that out, I’ve seen many applications where 1 missing header can mean you get an obscure error that doesn’t even hint as whats missing.
Same thing with request bodies, some app servers are really case sensitive, also spaces vs underscores will often trip you up so it’s best to make sure these are all the same, as in the past I’ve spent hours trying to solve an issue that turned out to be the difference between an S and an s, which is why I point these things out first.
So just to confirm, in Postman you do:
Call OAUTH API (is this a POST or GET?) → get back bearer token → call the actual API service using the bearer token
In Rrobot framework you are trying to get requests library to do:
Call OAUTH API (is this a POST or GET?) → get back bearer token
So that brings me to where does ${Key} and ${Secret} come from, and do they remain static? Is there some sort of fingerprinting happening on the server that once you use them with Postman then the server registers that and future requests from any other app will fail regardless what you do? This is something you might have to ask the developers down the track. Also do these expire?
Ah ha, so the OAUTH API doesn’t require them but the actual API service does, or at least one of them. Once you get past OAUTH call if you are planning to hit the actual API service, you’ll need to keep that in mind.
As I mentioned before with out the actual request headers and bodies that both Requests Library and Postman sent to compare, there’s really no way to guess what your problem might be, which is why my suggestions are generic in nature, pointing you in the most likely places to look.
HTTP protocol is quite simple really, there’s really only 3 places you can get things wrong:
And the last one only really applies to POST requests, all of them are plain text so easy to compare, get all of them right and you’ll get the expected result.
BTW also double check ${Secret}, i typed it into a base 64 decoder and got “not a UTF-8 string”, If you changed some characters to post here then that’s OK, just make sure they are the same in rf and postman.
Dave.
Dave,
Thank you so much for being nice and explaining in detail. You helped me go back and check the Postman console and see how the call going out to the OAUTH API. I was able to fix the code, all I had to do was to include Authorization in the header with base64 encoded credentials.
'"Basic " + encode64(Client_id + ':' + Client_Secret))'
Hi Sarala,
Glad you were able to find the issue 
Dave.