Layer7 API Management

Here is my use case which I am going to implement - 

1. One request is coming to LAC for a Resource created for a table.

2. That request is passed to the Request Event created by me....

1. Request event code gets the value from the request header and
2. hitting the resource by SysUtility.getResource().
3. 2nd (above) line give the error that 

   {
   "statusCode": 500,
   "errorCode": 5004,
   "errorMessage": "Internal server error: You cannot call SysUtility.getResource because the request has not been authenticated."
   }

Where in this link the request authentication is the first step when a request comes to LAC and then Request Event gets executed. Then why I am getting above error?

am I missing socomething here?

If you are still working on an earlier problem (re: Error on Invoking one function from another) on getting an endpoint to call a resource, use part of the data to update another resource, suggest that you try creating a JavaScript resource which:
1. Call GET request using SysUtility.restGet on the first resource
2. Parse the response to get the data needed, form the payload for the next call
3. Call PUT request using SysUtility.restPut to update the second resource

Note that you need to pass in the settings variable into both the SysUtility.restGet/Put calls. See the sample Demo API resource called “CustomerJSOrdersREST” or create a new JavaScript resource and click the “Examples” button to insert a code example snippet which will give you an idea on how to make these calls. Hope this helps. 

That's a fair question, and the answer is that there were good reasons for it to work that way at one point, but those reasons have disappeared a long time ago. I have filed bug DE321394 on your behalf, this will be fixed in the next release.

For now, you won't be able to use SysUtility.getResource in a request event, but you can use SysUtility.restGet.

For my own education, could you describe what you're trying to do? Perhaps there is another way of doing this.

Thank you so much for understanding my concern. I am just uploading my use case. If you can read it now and can give me some thoughts that will be helpful for me because its a blocker for me to proceed further and as you also said I was also looking for the alternative of that.

I also tried to use SysUtility.restGet() but it breaks the entire LAC application (some popup start coming up with errors and LAC starts behaving incorrectly). What I understand is that when I am calling SysUtility.restGet() from the Request Event then it again fire the Request event (Recursively) causing the deadlock.

Thanks in advance.

Yes, if you're going to call restGet from a request event, you clearly want to avoid recursion, which can be done with a URL parameter, something like:

if (req.urlParameters.doNotRecurse) {
    return;
}

var response = SysUtility.restGet('http://localhost:8080/rest/default/myAPI/v1/main:Customer/',
    { doNotRecurse: true },
    { headers: { Authorization: "CALiveAPICreator ABC123:1"}}
);

var responseObject = REST.parse(response);

// etc...

It is working. Thank you so much! Appreciated for your help!
You just saved me!

Here is my use case what I am implementing -

I have "Users" table which is having the registered users of our application.

When a user does Sign In on our application I have to do the following things - 

1. Get Username & Password from the request  // (will be done in custom endpoint)

2. Check for the user exist with the given username & password in Users table // (will be done in custom endpoint)

    a) If user exists then generate a session token lets say of 32 alphanumeric characters and save this token in the Users table itself with its timeout period. And also send this token in response to the user so that he can send this token in next request he is going to make. And from here the actual picture/use case starts

3. Now each request needs to be checked for the session token which we have sent in the response in step #2 above and for this I got to know that this can be achieved by Request Events.

4. And thats what I am implementing now, I am checking for the session token in each request in the Reqeust Event and if it exist then I need to find that token in the Users table to check it for its expiry. For which I need to query the Users Resource by any way restGet/getFunction/etc but it is the point where I am facing the error as I described in the main question.

Correct me if I'm wrong, but it sounds like you are doing all the work of an authentication provider. There is a mechanism built into Live API Creator for this, have you considered using it, or is there a reason you are using this approach?

https://docops.ca.com/display/CALAC/Admin+Authentication+Providers 

Writing an auth provider is not a trivial effort, but you are already doing a fair amount of work, and I think it might fit better into the architecture of the product. There is a sample that could be a good start for you at https://github.com/EspressoLogicCafe/RESTSqlAuthProvider 

Your comments forced me to think on authentication providers. I will check it. At the instant I have some confusion, my questions might be silly but I shouldn't let them within me.

What I was understanding from the LAC authentication is, there will two level of authentication

1. One for accessing the LAC APIs and 

2. Second is for the application level authentication about which we are discussing for a long time and which is the conventional approach followed in the applications which are not using LAC.

So the kind of authentication providers you mentioned above comes in #1 or #2 ? 

Authentication providers are used to authenticate API users. If you are using LAC to create an authentication mechanism for your application, then that may be a different story, but many applications use LAC's authentication (with a custom auth provider) to log in the user.

I don't have any context so I would not presume to go beyond that. Please do let us know if you think we can be of assistance.

Thanks for making me clear about the Authentication providers role in LAC. I will come to you after doing some groundwork on my use case.

For now, if you can help me for the below that would be great,

I saw in the documentation that we can just do throw " message "  in request events, can't we return some response from the request event itself based on the request parameters? I tried to write return {} statement with JSON response but it does not return to the caller.

Hmmm... Interesting. The short answer is no -- there isn't a mechanism for a request listener to stop the processing of the request and provide a response, but perhaps there should be. That's an interesting suggestion, I have created story US411257 to track it. For now, your only option is to throw something (typically a string, but you can throw pretty much anything in JavaScript).

I have marked this response as helpful but I can not stay idle without writing a Thank you note to you for you accurate replies and understandings to the questions I asked.

can you please have a look my another question Sending Email in LAC? I know it is not good to mess other unrelated contexts/threads in this thread but I didn't get any reply on it yet. Thanks again!