api v2 - POSTMAN examples

Jason_C
Contributor

api v2 - POSTMAN examples

I am sorry for not posting these POSTMAN examples sooner. You can download the attached file and import them into your Postman. 

There are over 30 examples of different ways to hit the API. and this is for those users who are not using cURL. 

 

These range from Exports, Imports, uploading data, and reviewing dump files.  

I hope these are beneficial.

 

NOTE: you may have to update the file extension from .txt to .json. Anaplan community does not all .josn

16 REPLIES 16
fxlepoutre
Contributor

Hello @christophe_keom 

 

Thanks for the hint. I juste tested your suggestion..

 

1. Changed my authorization header to be the following:

 

Authorization:CACertificate {{anaplan_certificate_base64}}

 

 2. Added a line to the Pre-Req script:

 

pm.environment.set("anaplan_certificate_base64", btoa(pm.environment.get("anaplan_certificate")));

 

 

This transforms correctly my certificate value "MIIFHzCCBAegAwIBA.............EWmQjqsbcj2zY09pew==" to "TUlJRkh6Q0NCQWVnQ........21RanFzYmNqMnpZMDlwZXc9PQ==" which corresponds to the Base64 text value of the certificate.

 

But still, the test gives me 401 reply, with a "FAILURE_BAD_CREDENTIAL" message. 😞

Any other idea?

 

Thanks,

FX

christophe_keom
Contributor

FX,

 

Seeing the outcome of what you get makes me think that it might be a simple issue.

Can you ensure that you keep those titles:

"-----BEGIN CERTIFICATE-----"

"-----END CERTIFICATE-----"

when you try to generate that

anaplan_certificate_base64

value

?

After reading your previous post, I guess this is what happened.

You should have a value starting with "LS0.."

 

Rgds,

 

Christophe K.

Jason_C
Contributor

When I test via Postman I absolutely use the certificate. That is the only way, if you are looking at data loaded into a file on Anaplan can truly confirm you are looking at the right data.

You can use a tool called openssl (https://www.openssl.org) to help convert your certificates.  

Example: enc -base64 -in "C:\OpenSSL-Win64\bin\anaplan_api_v2_1.0.0\random_strg_100.txt" -out "C:\OpenSSL- Win64\bin\anaplan_api_v2_1.0.0\random_strg_100.txt.base64"

 

OR 

 

Per instructions from the Anaplan support team:

  1. Use a Base-64 encoder (e.g. https://www.base64encode.org/ ) to encrypt the CN and PEM string, separated by a colon. For example, paste this in:
    your.name@company.com:-----BEGIN CERTIFICATE-----
    CERTCONTENTS
    -----END CERTIFICATE-----
kleches
Not applicable

Hello,

 

I am trying to do the same with postman but not working (i have Error 400 Bad Request Result)

I am using java to sign and encode data like i found in the following link (https://anaplanauthentication.docs.apiary.io/#reference/authentication-token)

 

In postman Header, i have added : 

 

Content-Type : application / json

Autorization : CACertificate LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS[..................]kQgQ0VSVElGSUNBVEUtLS0tLQ

 

In Body part :

 

 

{ 
'encodedData': 'VOOBp3PvmX+DQL[..........................]Dn6zKU+x1MJQ==',
'encodedSignedData': 'p1pnJ4/O8YcizY++b2OmZNfF70PWjvm0vPR6y+PoqrKhfPVi8f6YcTi66QTdV9dR+X7S69ooWqgG894PLny[............................]xPCtmNV7gIdfvk4W4rL04KKvNvqfV+pvLTtC7gBWE0Rg=='
}

 

 

(EncodedData is random string from 100char encoded to base64 => 136char

EncodedSignedData is random string signed with the private key and encoded to base64 => 344char)

 

Do i need to put simple quote in the Json ? In the Header for the CACertificate ?

I think this is just a little thing but i am not able to found it.

 

Thank you and best regards,

fxlepoutre
Contributor

Hi @Jason_C and/or @christophe_keom 

I'm sorry I don't get it. I really think I am not very far, but it still continues to fail. 😟

I now have a header looking like this: "Authorization: CACertificate LS0.....", so it seems OK.
But still a 401 FAILURE_BAD_CREDENTIAL.

The full code I have in the pre-req script is the following:

 

function randomString(length, chars) {
    var result = '';
    for (var i = length; i > 0; --i) result += chars[Math.floor(Math.random() * chars.length)];
    return result;
}

var anaplan_privatekey = "-----BEGIN PRIVATE KEY-----\
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDg/EygC4681MTB\
MToJXByMoFHhyPZNSTLtl7xRLjVNJ7N31JQLtf8Anv5e1hRcjDy4mQcPgxvhWvVa\
.....
Vcfg8G3Jbel2sz6HGjR9SohMFx038K5C2F43L5hRW0MF4dxwGYeWs3Ic0Z7CC9IR\
tgkrHJ+SKp/EFH2PhBx1xjE=\
-----END PRIVATE KEY-----"

var anaplan_certificate = "-----BEGIN CERTIFICATE-----\
MIIFHzCCBAegAwIBAgIQBghdO0SjwpaGWIjw5OftnTANBgkqhkiG9w0BAQ0FADBl\
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\
...
TxAKO5P+pU1Hc8vVW2jtMY4ajNn4C2L6vUfQ0rfMW3jSrBWXlG3GJWYiYJ1BkNxJ\
tDCDJO1yEWmQjqsbcj2zY09pew==\
-----END CERTIFICATE-----"

var privatekey = anaplan_privatekey.replace(/(?:\r\n|\r|\n)/g, "").replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "")

var randomString = randomString(150, '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ');
var signedString = CryptoJS.HmacSHA512(randomString, privatekey);

// var certificate = anaplan_certificate.replace(/(?:\r\n|\r|\n)/g, "").replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "")
var certificate = anaplan_certificate;

var randomStringBase64 =  btoa(randomString);
var signedStringBase64 = btoa(signedString);
var certificateBase64 = btoa(certificate);

console.log("privatekey: " + privatekey);
console.log("randomString: " + randomString);
console.log("randomStringBase64: " + randomString);
console.log("signedString: " + signedString);
console.log("signedStringBase64: " + signedStringBase64);
console.log("certificate: " + certificate);
console.log("certificateBase64: " + certificateBase64);

pm.environment.set("anaplan_encodedString", randomStringBase64);
pm.environment.set("anaplan_signedString", signedStringBase64);
pm.environment.set("anaplan_certificate_base64", certificateBase64);

 

I feel like the CryptoJS.HmacSHA512() function is not behaving like Anaplan expects.

For reference, the body of the request does not change:

{
    "encodedData": {{anaplan_encodedString}},
    "encodedSignedData": {{anaplan_signedString}}
}

Any other ideas?

Thanks a lot,
FX

matKa
New Contributor

Hi @fxlepoutre did you manage to solve this issue? I seem to have the same problem.

fxlepoutre
Contributor

Hi @matKa 

Unfortunately not.

From my understanding, Postman's javascript function "CryptoJS.HmacSHA512()" is not generating a signature as required by Anaplan of the random string.

Our developers managed to do the integration in Java on their environment without the Postman example finally, but based on the Python and C# examples posted previously on the thread.

If you manage to do the signature within the pre-req scripts of Postman, I'd be glad if you can share your code.

Have a good day,