Skip to main content
I
Ike@ACE15-Moonstone
15-Moonstone
January 13, 2021
Question

Bringing in an external API with the Http template

  • January 13, 2021
  • 2 replies
  • 3635 views

I'm trying to figure out where the different aspects of a call to an API would go. For example, the API key or the web address of the API. Also, what is the purpose of the username and password? Is that supposed to be the username and password of your API's account? Also, where do I get the Authorization Server ID if my server is hosted on PTC's cloud service? What are the CSRF settings? What do I do with the Authorization Server Scopes Settings? I found the PTC Help Center article about this, but it wasn't very helpful. Thanks in advance.

2 replies

S
slangleyCommunity Manager
Community Manager
January 14, 2021

Hi @Ike@ACE

 

Please provide more details on what you're trying to call.  Is this an API you're trying to call from a client to the ThingWorx platform, or are you trying to run javascript in ThingWorx for connecting to an external system? 

 

Regards.

 

--Sharon

I
Ike@ACE15-MoonstoneAuthor
15-Moonstone
January 14, 2021

In case, you are unaware, there is a Base Thing Template called Http Connector. If you view the different aspects of tabs of that type of Thing, you'll find the properties I'm talking about.

P
PEHOWE17-Peridot
17-Peridot
January 14, 2021

Hello @Ike@ACE ,

Have you looked at the tool https://www.postman.com/ which allows you to exercise a REST API to determine how to structure your inputs and what gets returned. 

For example if you wanted to get information from ThingWorx Thing by running a service you could create a POST transaction in Postman. The header would need to contain key/value information.

appKey, Content-type, Accept.

 

The appKey has a value which is defined in ThingWorx. This is how you identify yourself to ThingWorx as an authorized person to make requests.

 

The Content-type has a value of "application/json" which tells the interface how to communite

 

The Accept identifies what type of information you are looking to accept in my test case "text/html".

 

The Cross-site request forgery (CSRF) is information to help you protect from a REST API.

A common defense against CSRF attacks is to use synchronized tokens. However, ThingWorx uses an alternate approach and instead routes all requests through a strict content type filter. This approach is equally secure while being more appropriate for a stateless implementation.

 

Are you trying to make REST API calls into ThingWorx or have ThingWorx make calls into a REST API. I have done some of both. Let me know if any of this information helps.  Postman is a great tool to work out the necessary configuration.

 

Regards

Peter 

    A
    A.Asir1-Visitor
    1-Visitor
    January 15, 2021

    Hi Peter,
    I also have this problem and have never done it before. I will have ThingWorx make calls into a REST API from POSTMAN / MarineTraffic. 

     

    Regards

    AA

    Terms & ConditionsAccessibility statement