Create API tokens
API tokens provide a level of authentication for External Data Source REST APIs and the WDSL links obtained from workflows registered as Web Services. A REST API External Data Source or Web Service may not be accessed via its URL unless it has at least one valid API token. API tokens have expiration dates, and are valid for either 30, 60 or 90 days.
Users with Administrator privileges may create API tokens for existing REST API External Data Sources or Web Services by carrying out the following steps:
-
Select the REST API External Data Source in Data/External Data Sources hierarchy folder. Alternatively, select the Data/Web Services hierarchy folder, and locate the Web Service for which to create an API token.
-
Click ‘Make API Token’ to display the Create API Token screen.
-
Set an expiration period for the API token, and click ‘Create API Token’. The API token is listed in the API Tokens screen.
API tokens are associated with External Data Source REST API and WDSL links by updating the URL headers.
External Data Sources
For External Data Source REST APIs, this can be done using the curl utility from the command line. The following command lists the authorizations associated with an External Data Source REST API URL.
Format
curl -i < External Data Source REST API URL>
Example
C:\temp>curl -i http://localhost/livecompare/studio/xds/A1D3A41788A149F3B622E66209A00CAC.xdsx
HTTP/1.1 401 Unauthorized
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-UA-Compatible: IE=edge
Access-Control-Allow-Origin: *
Date: Tue, 31 Jan 2023 03:32:34 GMT
Content-Length: 0
The ‘HTTP/1.1 401 Unauthorized’ line indicates that access to the External Data Source via its REST API URL is unauthorized. The following command shows how to apply an API token to the URL’s header.
Format
curl -i -H "Authorization: Bearer <API token>" < External Data Source REST API URL>
Example
C:\temp>curl -i -H "Authorization: Bearer CCD77B6445784254A9B609776E3A85C9" http://localhost/livecompare/studio/xds/A1D3A41788A149F3B622E66209A00CAC.xdsx
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-UA-Compatible: IE=edge
Access-Control-Allow-Origin: *
Date: Tue, 31 Jan 2023 03:43:00 GMT
Content-Length: 177
{"cols":[{"id":"NAME","label":"NAME","type":"string"},{"id":"TYPE","label":"TYPE","type":"string"}],"rows":[{"c":[{"v":"VA01"},{"v":"TCOD"}]},{"c":[{"v":"VA02"},{"v":"TCOD"}]}]}
The ‘HTTP/1.1 200 OK’ line indicates that access to the External Data Source via its REST API URL is authorized. The final line contains the table data returned from the External Data Source.
Web services
The following Python script shows how an API token can be applied to the WSDL link for a workflow registered as a Web Service. The workflow has two input parameters named x and y, and returns their sum in a String dataset named sum.
from requests import Session
from zeep import Client
from zeep.transports import Transport
def adder():
WSDL = 'http://localhost/livecompare/studio/Adder/Adder.lcsx?WSDL'
session = Session()
session.verify = False
transport = Transport(session=session)
headers = {
# Update the following line with your API token
'Authorization': 'Bearer E4B6E815C0174281AB5AA098F404C98C'
}
session.headers.update(headers)
client = Client(WSDL, transport=transport)
swr = client.service.StartWorkflow(x=10, y=20)
token = swr['token']
ewr = client.service.EndWorkflow(token=token)
while True:
status = ewr['status']
if status == 'FAILED':
break
if status == 'COMPLETED':
break
ewr = client.service.EndWorkflow(token=token)
if status == 'COMPLETED':
print('sum: {0}'.format(ewr['workflowResult']['sum']))
adder();
The Run Web Service action allows API tokens to be applied to Web Services called from LiveCompare.
Turn off authentication
To turn off REST API authentication, carry out the following steps:
-
Make sure no users are logged into LiveCompare, and that no workflows are currently running.
-
Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Tricentis\LiveCompare\5.3\Settings folder.
-
Create a String value named SkipRESTAuthorization and set its value to X.
To turn off Web Services authentication, carry out the following steps:
-
Make sure no users are logged into LiveCompare, and that no workflows are currently running.
-
Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Tricentis\LiveCompare\5.3\Settings folder.
-
Create a String value named SkipWebServicesAuthorization and set its value to X.
If you set or clear the SkipRESTAuthorization or SkipWebServicesAuthorization values, you will need to restart the LiveCompare Application Pool on the LiveCompare server.