We are trying to call a service on the Thingworx platform, not directly, but via the EMS channel. Our assumption is that once our EMS communication channel has been established, we can make REST calls to the EMS and our REST call will travel to the Thingworx platform to where the execution of the service will take place. We are making this REST call on the same PC as our EMS is running but are running into "401 Authentication Required" errors. In our config.json, we have ssl and certificates enabled.
Using Postman, we POST: https://localhost:9000/Thingworx/Things/<Thing name>/Services/WhatsMyName (note the use of https)
In our header we pass the appKey = <app key>, Content-Type = application/json, Accept = application/json, x-csrd-token and x-thingworx-session = false.
No matter what we seem to try, we just get the "401 Authentication Required" error. We assume this error is on the EMS side and not the Thingworx platform side.
1) Is it possible to call the EMS and have the EMS simply act as a conduit to the Thingworx platform?
2) Are the header parameters correct or are we missing something?
3) Is there a configuration we need to do on the EMS side to make this REST call a success?
4) Is there any helpful logging that will help pinpoint the specific cause of this error?
Any help is appreciated. Thanks
Does the EMS http server require authentication ? (http_server.authenticate=true in config.json)
Note that the EMS REST request is not forwarded to the platform as it - it is converted to a AlwaysOn message and sent to the platform over WebSocket. The appKey in the header is most probably ignored, the appKey defined in the EMS config.json will be used to communicate to the platform.
Yes, http_server.authenticate=true in config.json.
We were thinking of making our REST calls to the EMS to take advantage of the security aspects that the EMS provides instead of doing direct REST calls to the platform. Will the request and responses from/to the consumer be the same (i.e. transparent) if making the REST calls through the EMS versus directly? We are still trying to determine which path to go down regarding making REST calls to our custom Thinkworx services.
I did look at that, thanks.
We are wondering if the authentication error is due to not properly passing in the emsuser credentials. Perhaps it's a bad interaction with the certificates.
Do you have the same issue with a GET method (for example get property value) ?
If it is working with GET, it is probably related to CSRF token . You can also try to disable the CSRF token support (http_server.enable_csrf_tokens : false in config.json).