Hybrid Object Type (HOT) - REST API Response in cookies - Access

Hi Mike,

What are you trying to achieve?  In general terms the header data is used for things like pagination, but I'm not sure that anyone has asked for anything around cookies...  What is the use-case here?

Regards,

Craig.

Hi Craig, 

I am currently testing connecting to a financial plannning software (Xplan) and the api call for an auth token returns as a cookie.

I need that token to complete authorization.

Regards,

Mike.

So the token is used in subsequent requests? Returned as a cookie, or used another way somehow? 

Edit: I just checked with one of the authors of the HOT tool and he pointed me at this configuration setting.  Might it help?

Thanks Craig, appreciate the help.

After reviewing the API in detail. This might not be the approch to follow. 

This is basically an oAuth2 autherisation and requires the user to sign-in via a browser. Im not familar with M-Files, im not sure if this is even possible. Embedded html window?. VAF of some type?

Also the first call is a GET request and the second call is POST which returns both the access and refresh token.

The VAF process occurs "server side" without a user present, so you can't use any OAuth (or other) authentication flow which requires user input.

If they support machine-to-machine OAuth (e.g. client credentials flow) then perhaps it could be done, but I haven't personally implemented this before.

Do they support any other authentication process, such as a secret key that can be provided in the HTTP requests? 

Hi Craig,

Here is information on the connection

community.iress.com/.../14018

The application also uses basic auth, but in most cases they require oAuth2. I might re-think this. We have a ETL application that may work as 'go between' 

On a side note, can the HOT connector be automated to re-sync (trigger) on a schedule?

Regards,

Michael

Hi Craig,

Here is information on the connection

community.iress.com/.../14018

The application also uses basic auth, but in most cases they require oAuth2. I might re-think this. We have a ETL application that may work as 'go between' 

On a side note, can the HOT connector be automated to re-sync (trigger) on a schedule?

Regards,

Michael

Hi Michael,

I have sometimes either used an intermediary or, note, that you can create your own connectors.  They are still limited in the same way (no UI for the OAuth process), but it does give you some control over the exact requests that are made.

The trigger for the external object type data source is controlled by the wider system, rather than configured for the data source (e.g. HOT) itself.  You can read more about controlling it here: Refreshing External Object Types (m-files.com)

Regards,

Craig.