Community Tip - Did you get called away in the middle of writing a post? Don't worry you can find your unfinished post later in the Drafts section of your profile page. X
What is the Thingworx 8 alternative to sending the appkey as part of the URL to view a mashup? We are building screens that will be for visual display so they will not have any input devices attached. We need the Mashup to launch without user interaction. I do not want to send the appkey in the URL since that has been deprecated.
Solved! Go to Solution.
The way to get around supplying the appKey in the URL is to write a custom Authenticator. This was suggested to me by PTC support. Here is a link with instructions on how to do that.
Hi Steven,
An alternative to sending the app key as part of URL is to include the required application key in the request’s headers. Please refer the attached document for more details. https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS264349
Thank you for the response but I'm missing a piece. I can't figure out how to load a Mashup from the information in the document. I've tried doing a GET request to ./Thingworx/Mashups/<mashup name> with the appKey in the header. I've also tried to do the same to ./Thingworx/Runtime/index.html#mashup=<mashup name>. Neither seems to work.
Steven,
Did you try adding "accept": "application/json" and "content-type": "application/json" along with the app key in the header?
I have tried this with application/json and text/html for the context-type. I'm using ajax to send the response to a div tag to display the page but I get a bunch of errors when it runs the HTML that is sent back in the response. I get GET 404 errors for Combined.8.0.0-b11.20170607.00903.00903.js?=<number>
I get a similar error for CombinedExtensions and CombinedExtensions.css.
The code I'm using is:
<script type="text/javascript">
$(document).ready(function(){
$("button").click(function(){
$.ajax({
type: "GET",
url:"http://<Thingworx server>/Thingworx/Mashups/<mashup name>",
xhrFields:{withCredentials:true},
headers:{"appKey":'<appkey>',"x-thingworx-session":true,"accept":"application/json","content-type":"text/html"}
}).done(function(data){$("#pageload").html(data);}).error(function(jqXHR,textStatus,errorThrown){
console.log("error" + errorThrown);});
});
});
</script>
I have also tried using the redirect that the above sends back:
<script type="text/javascript">
$(document).ready(function(){
$("button").click(function(){
$.ajax({
type: "GET",
url:"http://<thingworx server>/Thingworx/Runtime/index.html#mashup=<mashup name>",
xhrFields:{withCredentials:true},
headers:{"appKey":'<appkey>',"x-thingworx-session":true,"accept":"application/json","content-type":"text/html"}
}).done(function(data){$("#pageload").html(data);}).error(function(jqXHR,textStatus,errorThrown){
console.log("error" + errorThrown);});
});
});
</script>
Steven,
Could you please check if there is any firewall preventing the Combined.js to get downloaded?
I am running the code provided from our Thingworx server so there is no firewall between them. If I do a jQuery.parseHTML(data) it gets rid of most of the errors and just has 3 .css errors for Combined.8.0.0<number>.css, redactor.min.css and CombinedExtensions<number>.css however it still does not display a page. The last thing the console logs is XHR Loaded (index.html - 200 - 9.625 - 5.965kb)
Just a quick update. If I run the code listed above and get from ./Thingworx/Mashups/<mashup name> with content-type: application/json and accept:application/json it does return the json for the <mashup name>. I don't know how go from there into displaying the mashup.
Try doing a Post rest call to load the mashup.
Using the appKey in the URL has been deprecated in Thingworx 8 and disabled by default. You can re-enable it however they state it may be completely removed in the future for security reasons. I'm trying to figure out the new way of doing this instead of using the deprecated feature.
The way to get around supplying the appKey in the URL is to write a custom Authenticator. This was suggested to me by PTC support. Here is a link with instructions on how to do that.