Hi community,
I was playing around with the User Defined APIs, and noticed a weird behavior.
Initially I was sending my PUT-request via Postman over the standard HTTP interface using the cloud url of my DataMiner (<systemName>.on.dataminer.services/api/custom/<my-custom-endpoint>). The user defined API on DataMiner triggered and executed the script. "Yay! 🙌"
But I noticed that the context seemed to be wrong. The "body" (requestData.RawBody) was showing an empty value, and the "request method" (requestData.RequestMethod) was always showing "Get" method instead of the actual "PUT".
After testing around some more, it turns out when I point postman to be using HTTPS instead, that now the method shows correctly that this is of type "PUT" and also my request "body" can now be processed correctly in the script. (This helped me to complete my use-case and have everything working now ✅)
Is this expected behavior that it only works in full when using HTTPS?
And if so, why is it then still triggering the user defined end-point in the script in the first place when I'm sending over HTTP?
Note that I'm using a cloud connected system. And the behavior is different if I target the User Defined API directly to the DMA IP (from within the same network) VS via using the Cloud URL (from outside of that network).
Via the direct IP: HTTPS works. HTTP request doesn't seem to give any reply.
Via the cloud URL: HTTPS works. HTTP triggers the User defined API, but with missing/wrong context...
let me know if you need more details. Thank you
Hi Thijs
We have found the root cause of this issue. We have some rules in place that do automatic HTTP to HTTPS redirection. This works well for normal requests using the browser, but has some side effects when doing API calls:
- The HTTP method is set to GET by default (because of the 302 found response that triggers a redirect)
- The body of the request is dropped.
We have created a bug for this on our backlog and will see to it that users are blocked from calling the HTTP endpoint on dataminer.services for remotely triggering the user defined APIs.
For now I will update the docs to indicate this unwanted side effect when calling the HTTP endpoint. You will find a warning on this page.
Thank you for reporting this issue to us!
Hi Thijs
Happy that it is still working for you on HTTPS but it is indeed not expected that the request is sent to the DMA with the malformed body and method. The expected flow is to use HTTPS for all requests when going through dataminer.services.
I will do some investigations to understand what is happening with these requests.
Hi Baptiste, feel free to reach out in case you want me to show you my use-case. I can even provide you access on this system so you can play around yourself.