We have devices posting data to TW server via HTTP post requests. I want the sessions related to these device posts to end immediately because it ends up having thousands of active sessions at any given time. P.S. we have the "connection : close " line in the post request.
Any help will be appreciated.
Are you using an application key for authentication? When using an application key, no session should be established,unless specifically specified.
OK. will try that. Thank you.
So I tried to use the REST API with an app key. I got a strange behavior just like as described in this post:
https://twc.thingworx.com/Thingworx/Runtime/index.html#master=ThingWorxCommunity&mashup=TWCBlogSearchResult&blog=GeneralCommForum&entryID=34972
"
E.g. open a Chrome incognito window. Paste in a URL with an appKey
http://www.server.com:8080/Thingworx/Things/Thing/Properties?appKey=9eb5f9d7-fb84-4026-a85a-98abc11dcea9&Accept=application/JSON
The first time this call returns the desired result.
The second time (hit Ctrl-R or refresh), I get an error page:
"HTTP Status 401 - No authType or appKey parameter has been specified for Authentication Scheme: AUTH_THINGWORX_APPKEY"
Another Ctrl-R refresh brings back the normal call result and the next one again the error. It alternates."
Haven't tried on the devices yet, but I presume the behavior when trying to update data from the devices will be similar. Any idea what causes this ?
Orhan
Hi Orhan,
Did you also try with the parameter x-thingworx-session=true added to the http request?Happens to me all the time if I don't set this parameter to true.Good luck!Vladimir
x-thingworx-session=true ?
Hi Orhan,
Please check my answer to the post you mention (copy and paste the link in a browser).
I'm having some trouble answering directly here in the forum, as the most important part is missing from my reply (I reported the bug).
It involves setting a parameter to true in the HTTP call.
BR,
Vladi
<pre>x-thingworx-session=true</pre>
Hi Vladimir,
The thing is, I am trying to eliminate active sessions from the devices so turning the session to true is not what I want.
Nevertheless, I tested the appKey with a php content retriever and it does the trick. It can be called repeatedly with no problems. I think the issue is only when using a browser. I will check with the device firmware to see if there are any problems.
Thanks for all the input.
Regards,
Orhan
Hi Vladimir,
The thing is, I am trying to eliminate active sessions from the devices so turning the session to true is not what I want.
Nevertheless, I tested the appKey with a php content retriever and it does the trick. It can be called repeatedly with no problems. I think the issue is only when using a browser. I will check with the device firmware to see if there are any problems.
Thanks for all the input.
Regards,
Orhan
Glad the appKey works. That is exactly what its use case is. Also these calls are not meant to be in browser.
We are making an HTML/Javascript SPA website that needs to access ThingWorx services via the REST API calls. This is a very simple website that we hope requires no server-side (PHP) code.
I am testing the API calls in PostMan (Browser-based) and the only way I am able to successfully make a call is if I create a session. Is there no way to make a Javascript/Browser-based API call to a ThingWorx platform server without creating a session??
-Matt
Are you using an appKey?
What we've noticed is that when using a REST API tool that does browser based type calls, you will fail auth every other call even when using the appKey.
This doesn't apply when you are using a 'true' rest call.
This is something on the bug list to be fixed.