I'm trying to figure out where the different aspects of a call to an API would go. For example, the API key or the web address of the API. Also, what is the purpose of the username and password? Is that supposed to be the username and password of your API's account? Also, where do I get the Authorization Server ID if my server is hosted on PTC's cloud service? What are the CSRF settings? What do I do with the Authorization Server Scopes Settings? I found the PTC Help Center article about this, but it wasn't very helpful. Thanks in advance.
In case, you are unaware, there is a Base Thing Template called Http Connector. If you view the different aspects of tabs of that type of Thing, you'll find the properties I'm talking about.
Hello Ike@ACE ,
Have you looked at the tool https://www.postman.com/ which allows you to exercise a REST API to determine how to structure your inputs and what gets returned.
For example if you wanted to get information from ThingWorx Thing by running a service you could create a POST transaction in Postman. The header would need to contain key/value information.
appKey, Content-type, Accept.
The appKey has a value which is defined in ThingWorx. This is how you identify yourself to ThingWorx as an authorized person to make requests.
The Content-type has a value of "application/json" which tells the interface how to communite
The Accept identifies what type of information you are looking to accept in my test case "text/html".
The Cross-site request forgery (CSRF) is information to help you protect from a REST API.
A common defense against CSRF attacks is to use synchronized tokens. However, ThingWorx uses an alternate approach and instead routes all requests through a strict content type filter. This approach is equally secure while being more appropriate for a stateless implementation.
Are you trying to make REST API calls into ThingWorx or have ThingWorx make calls into a REST API. I have done some of both. Let me know if any of this information helps. Postman is a great tool to work out the necessary configuration.
I also have this problem and have never done it before. I will have ThingWorx make calls into a REST API from POSTMAN / MarineTraffic.
Currently, I'm trying to route the Climacell API through Thingworx and then into an AR experience created with Vuforia Studio. This will end up serving the purpose of allowing two different users in two different locations across the country to use the same experience, but get different results based on their location. It will also allow me to edit the Climacell call without having to go through every experience that uses it and edit the code. I can just edit the Thingworx service, instead.