Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 304 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 260 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
How to connect to and authenticate an external web service from BC cloud
garth68
Member Posts: 5
I am trying to connect to the ABN Amro sandbox. The API example is as follows:
curl -X POST "https://auth-mtls-sandbox.abnamro.com/as/token.oauth2" \
-v \
--cert CertificateCommercial.crt \
--key PrivateKeyCommercial.key \
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&client_id=test_client&scope=account:details:read account:balance:read account:transaction:read'
The headers, body, certificate and connection are fairly easy, but I have no idea how to use the key file:
Url := 'https://auth-mtls-sandbox.abnamro.com/';
BodyContent := 'grant_type=client_credentials&client_id=test_client&scope=account:details:read account:balance:read account:transaction:read';
Headers.Remove('Content-Type');
Headers.Add('Content-Type', 'application/x-www-form-urlencoded');
Headers.Add('Cache-Control', 'no-cache');
Body.WriteFrom(ContentText);
Body.GetHeaders(Headers);
// cert = get from cert table convert to base64?
Client.AddCertificate(Cert);
if not Client.Get(Url, Response) then
Error(WebServiceError);
Any help is appreciated!!
curl -X POST "https://auth-mtls-sandbox.abnamro.com/as/token.oauth2" \
-v \
--cert CertificateCommercial.crt \
--key PrivateKeyCommercial.key \
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&client_id=test_client&scope=account:details:read account:balance:read account:transaction:read'
The headers, body, certificate and connection are fairly easy, but I have no idea how to use the key file:
Url := 'https://auth-mtls-sandbox.abnamro.com/';
BodyContent := 'grant_type=client_credentials&client_id=test_client&scope=account:details:read account:balance:read account:transaction:read';
Headers.Remove('Content-Type');
Headers.Add('Content-Type', 'application/x-www-form-urlencoded');
Headers.Add('Cache-Control', 'no-cache');
Body.WriteFrom(ContentText);
Body.GetHeaders(Headers);
// cert = get from cert table convert to base64?
Client.AddCertificate(Cert);
if not Client.Get(Url, Response) then
Error(WebServiceError);
Any help is appreciated!!
0
Best Answers
-
ftornero
Member Posts: 524
Hello @garth68,
You need to convert the .crt and the .key to a .pfx and this new certificate is the one that you use with Client.AddCertificate(Cert).
For this conversion you can use openssl.openssl pkcs12 -export -out NewCertificate.pfx -inkey PrivateKeyCommercial.key -in CertificateCommercial.crt
Regards.0 -
ftornero
Member Posts: 524
Hello @garth68,
You could save the pfx certificate in a BLOB field and the password in a text field, for the test, later you could elaborate a little more for security purposes.
And use Client.AddCertificate(Cert, Password)
The Cert in the Client.AddCertificate must be in Base64 format, so you can save in the BLOB field the certificate in Base64 o convert to Base64 if is in pfx format.
Regards.0
Answers
What kind of certificate do you store in the cert table ?
Regards.
Thanks for the reply! I'm not sure what type of certificate it is. I'm not even sure if I'm supposed to store it in the certificate table (I can't find any help on this topic).
The certificate and key (which are freely available for this sandbox testing) are as follows:
.crt file:
BEGIN CERTIFICATE
MIIF6zCCA9OgAwIBAgIUGQpUrbFYC6Ld1+n9PIgYqHQxzNwwDQYJKoZIhvcNAQEL
BQAwgYQxCzAJBgNVBAYTAk5MMRYwFAYDVQQIDA1Ob29yZCBIb2xsYW5kMRIwEAYD
VQQHDAlBbXN0ZXJkYW0xEDAOBgNVBAoMB1NhbmRib3gxDDAKBgNVBAsMA0NBVDEp
MCcGA1UEAwwgU2FuZGJveENlcnRpZmljYXRlIFdJVEhPVVQgVFJVU1QwHhcNMTkw
OTA0MDkzNzQ5WhcNMjkwOTAxMDkzNzQ5WjCBhDELMAkGA1UEBhMCTkwxFjAUBgNV
BAgMDU5vb3JkIEhvbGxhbmQxEjAQBgNVBAcMCUFtc3RlcmRhbTEQMA4GA1UECgwH
U2FuZGJveDEMMAoGA1UECwwDQ0FUMSkwJwYDVQQDDCBTYW5kYm94Q2VydGlmaWNh
dGUgV0lUSE9VVCBUUlVTVDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AMRWQ+VekoSxHEhJ93rSgApLW2pvFinb6N1hipHIBIwJPdlAsnEAwCkA009zojs
MxscvspsUJvsdsUn2RCjw4idP41Ta0ZFsVla63NIoTI83ZpToE20lpgJrM0ay1Zv
rraLJzoXCj3PDP6JyqlhXtl/ASRXtOlOwf+KL2XBfkrwtRXsMwSbXh/A8V4AjzTN
M1QyUdfiHnImzw04HfS2nPaUbJ4TEcvrw5s9qMGddsmeMsRPH54zCO9JVdt3emXg
l5sBdbzDxp1nwkcR6sKoYiEy7k/o3+CDWYkTf1FUREiylVl46J85nHl3Msw1ptwA
keMw1aL6U+JG07EOq/RhRctIhdWqR40JkUspeVd70t4hgqUaQL/Uopv6dVfK9zM3
6s29SMtlWNvvRNHpS+z0USsJ/MKO60gtHo+O5jnmYJtL8WgdKt7LlmIxzgX2kc0j
hkI+g42dy4y0+aPsw01Nw+htYfIp24sYv7GiouYRMel1zdHMQtMnA3p6ScU/asMJ
UfGMWxo8s1rBoUNA5q0R0nXIe9EqDmg0TeSEUwOGEahDVy/3w6tj4JhKKrg+Cn4P
PnPGil8ctA2+3HxRRTYsQhfg8S9v54oN5VxlT8R+tAzA6I8vRNvZGT80NfSRg2UY
HaRhG8I+IZsJlIDeiKr3Ly2mf0bBFcnjSecaLuYp1Kh9AgMBAAGjUzBRMB0GA1Ud
DgQWBBSCTmDMlhAdffJom0d51PJiXNNjPzAfBgNVHSMEGDAWgBSCTmDMlhAdffJo
m0d51PJiXNNjPzAPBgNVHRMBAf8ETADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAc
Z94K2zG+slwPGQmu28RK7q7sN5zHgfBnAUJy4SUp7Rl3RgDB+n9GxuvCwcoCnPA3
z3LTJLoV/YVV1gzsfNRn3XQE0qUzmqPb+0jgpNvf+1tw5JCVdKtjzjWP6PBxTGVW
EzpdQGZDfc3/nlacHRSE5Aj9vHyXdobGKI4h/y/jgkoslUXEKY3j2wTSYtwzACEX
YX/1vDm/16sVCgAwLqocyfeKXZce7Mc+3hnM4fgsLVIayY7tHjYC/4MPnJixVTtC
T858gQ6vpGNpv9qYsFBMWkoQIpBH2fjFr4iJ0UO/3J79A+Bn/kDvvWRZXpeH51zq
LK63VBO9x+2wI1aDeu4zdrS4iDlDmxy3CXke6QzT1faafan0PwiI7B1FFUVIgNR/
P7Pmawr8T73FmTo7rfBIkKzTa6A66KhScpz3h0ctJ8HKmG005k/T4WBUlZB8a9on
fo1r1IgeoOjKg86NMRHJKsyHo8GWn7QmLsxD+LNIz9OLqxm3UiB/+EeIYyyFccET
YzMyT90GI7jXOg6g1y+p1pqYWuQBvkizgV8QTZgrKFA3KxfX4YfhyjjOm6OhlKlx
M9nEfgq8xoha51clgWrUVWtUnPS6MRWsAIg7jKq3lOPIThBwuH/V4MkLukIvqkFr
j4Kpgx9lYMfp1QPbWCaVLS94r26h+oHHzk8au8K9RA==
END CERTIFICATE
.key file:
BEGIN PRIVATE KEY
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDEVkPlXpKEsRxI
Sfd60oLwKS1tqbxYp2+jdYYqRyASMCT3ZQLJxAMApANNPc6I7DMbHL7KbFCb7HbF
J9kQo8OInT+NU2tGRbFZWutzSKEyPN2aU6BNtJaYCazNGstWb662iyc6Fwo9zwz+
icqpYV7ZfwEkV7TpTsH/ii9lwX5K8LUV7DMEm14fwPFeAI80zTNUMlHX4h5yJs8N
OB30tpz2lGyeExHL68ObPajBnXbJnjLETx+eMwjvSVXbd3pl4JebAXW8w8adZ8JH
EerCqGIhMu5P6N/gg1mJE39RVERIspVZeOifOZx5dzLMNabcAJHjMNWi+lPiRtOx
Dqv0YUXLSIXVqkeNCZFLKXlXe9LeIYKlGkC/1KKb+nVXyvczN+rNvUjLZVjb70TR
6Uvs9FErCfzCjutILR6PjuY55mCbS/FoHSrey5ZiMc4F9pHNI4ZCPoONncuMtPmj
7MNNTcPobWHyKduLGL+xoqLmETHpdc3RzELTJwN6eknFP2rDCVHxjFsaPLNawaFD
QOatEdJ1yHvRKg5oN3khFMDhhGoQ1cv98OrY+CYSiq4Pgp+Dz5zxopfHLQNvtx8
UUU2LEIX4PEvb+eKDeVcZU/EfrQMwOiPL0Tb2Rk/NDX0kYNlGB2kYRvCPiGbCZSA
3oiq9y8tpn9GwRXJ40nnGi7mKdSofQIDAQABAoICAQC20FhSF7g4A64BBZaBb8hq
FP1u0hBFQEqsGj892JJdPST+kriA5JmjHBTS9Ez+o2iGw0JHu4lnVkvVEmCEpOfp
qfnF/zmw6i3TtNvtsWAfJht1mo52LEPY95FGPb++ESnOYU26Qj/QA53m2KizBK5L
uH14uI4Ee8gZyDKP/hY5c146Nn/et0hyKrbUP5MYqEU2DdC1Qp/0zHwYo/sIpI0M
8HEe00TL6xBs2YHsHlHANCSzM7WOGZklLdTbEKoQeIrR0w8tH+ItKLL2eBFvBVix
7vmFwKHNLKDPCS+Qq/UU9+wmrnVz5TH0y++pw/9FdOZidFNIeOxokmiEwdONLpHL
sD0ovxKSNkknZoQfjtyZJ0iUkUrjixDGrfCeMb/Q3LOuDRgGB2id5A4Z+e+Zx8nM
ZHHv4KQXY+DdY7yod4U1/BKWP3syfQX5DN78WC4wRnyA+0Cxhi8GNzS9gdpRtNVB
4AByK8NE1ZVL2ytp1ZsfZkff19hl1psBwUGG9DkFAjtFgnsTq+fE7NBxHbyJMOXG
58mbIIoAUmiJpUA6gZo6JKEOYH0sbKhvz8nKUy/QZolquSCixzUqpIGJZellC+4W
Hd5Hkl6je/VkVfC17Hs+pxKMRCjICvFI3J4Ef1a3Lr7j2f8maendHsjFTjqBAg2R
mH5s03+kgoIY5UJ1bga7IQKCAQEA6R56/w9UBb0woeSXI+T7ql5zURtmvOmF2SsR
28D+lWoaCHbd+6lxXzrT6XZztWW40eI0Z3WNVClDdfaTrWofPrzHot3nKQPgnvt1
LDSa6HLmZUWRGHz2mPZccxnxwjJev+fr8O8JRb//i1wMGwO8yJwF252ZxZIQgYVB
SSzMyaMSeZYkdhvnUErfKUd9djB+TydMQaeOHPnhFls7DuDne0onV2zjUkElH6pg
GVege/0g4isUqHNYoBYpIqPw7C78GNQetQeifrq6wrS8bAAnUSlIXuROsLIhd/Ml
eGvA/3B2Mc+Rjj9WPQT4LIhAHyKvZnGpZMAtk5lKPN8RmCKQeQKCAQEA15uSNiT/
2B0XjFpZueoZvbV9VADK0aM9PhWV+vdrKCYzhliQ0N7PyvFpqLgp0l9LT/oVY/Mh
f5z9CqsTH5Z49WVQdquEe1MnsGo16RUzlk/8J3/n052HYRtglbk73fckH/PIhxtY
+PoTl6fBQrVSJ3tPzpi9oNHUTx1xcyTfvrcGDBWEyK/0majb/RW3OxTo/5Ogg/LY
JJKkdOlQpzJQkPa1BwmzTKYn6rdGZeP890n+erl6dJ9GZBCotOI5WfzKSX+VCJfI
RPaitkFj7uemry1FkboLo2Psqk5odmIKJCdx+54gv9uYGWdMSh0utEufg2GB+8gE
JhR3zIegg4g/JQKCAQA0Uwkcct5TI3HlBKAACIeMaALOM65NvMS0R/yMLLd35gbN
25Bbyl6OF3A1OMcj8h8XzQQiLLp6J4Di22OuSuGUfV756YDXLe2fAaX9NBmJDzEz
jffRXUskbje2Bh7DjfbCcFX/EEguhbfgGdsFvUMEbDDMaIV5WR2nVLegqxOUNqwQ
6mhosj6rQQLyCv/YJW5Uaeet3OQDEPs6v2N0JXsPq0dFUkV70u94Og+z4H0/F0Po
P+81GB7OX+r/wXh0Kt+e2w3BaGNKurLsvRCF1Ur95pw94FThSDpG6CaC7vy02RNO
ft6W5RSAQbtKk5KA6pIgFmcFHDWeqYuGOjOCyE9RAoIBAQCLXKJoXwgEL+G9tdTT
Z+7Vgc8NkimG0cXPMHKuMmjQHckmKG8Ko0qauep6xPc7ZJ8whcx3u3rGmrmwwJ1u
yHtM2vzkh77tW/WGgVBxZWPf37lz6qf1T5hm+yQ2AvIgahOul4vhUJr06+foGeXA
caU1oe4W8wF3Rsm9jaF8NLRu+Kxu+SXH9nvbKptvfi7egIiOUmTphPmSwjqM2xZn
zAzpdp3Se8GqZKfefjKBv5kWoSj3Om7IgyEt4Pkz2kUsmIqmc3CLSGk+ep4ddHb
ZV6HUnLqW+AT743VEzNQedRmRBzX8ADpIk6w9OUJ7sz2ev8TE97J2SJdXtOEn5Hw
EwwFAoIBAEfD4QJlT1llPJM5r1Xtjq5tmPNuwNfUAG6497qlEdaHK37TFtdS0C9m
ubp2VuCE+H4QfMdhmqzLgWaR0IUlLF8fmEChbUjw1fcjHJkYVZDMMmpf4LGzEXEj
BcCTOnUqqYt4wNGBE+FulGPjDLsqPmYOsQApxCGG1Vo90ApfiR/lhsQrdWP+Wq7C
CF8DxWtRQ1ZkWXhvoy1gSVCfSkIZrFIebvn8eqLbewuE3kgfbpZQX+D7tqPAtCZ9
emHiwmIk09/Qs4HYU+sGXDRyLs0Qe6u60Tf693IAZYwe7IVobasYT0R2ThbawGrS
gj12OIBan8VryRt0eIuQKPp06ARzEzs=
END PRIVATE KEY
In Postman I add these 2 files to the certificate setup and I can connect. But in BC cloud I have no idea how to use them. I assume that I stream the certificate to the client using Client.AddCertificate(Cert)...
The response to this Client.Get should be a OAuth2 token that allows me to get the data needed
You need to convert the .crt and the .key to a .pfx and this new certificate is the one that you use with Client.AddCertificate(Cert).
For this conversion you can use openssl.
Regards.
Thanks, created without a problem. How do I actually use the certificate? The functions in the Certificate Management codeunit are marked as OnPrem, and when I use the isolatedstorage.Get I get an error:
Certificate.Get('CERT0000000002');
//CertificateMgt.GetCertAsBase64String(Certificate); //marked as OnPrem
ISOLATEDSTORAGE.Get(Certificate.Code, DATASCOPE::CompanyAndUser, Cert); //error here
ISOLATEDSTORAGE.Get(Certificate.Code + 'Password', DATASCOPE::CompanyAndUser, StoredPassword);
The Isolated Storage does not exist. Identification fields and values: App Id='{56368753-DB13-4133-8BF0-6F24NNNA7A4A}',Scope='CompanyAndUser',Company Name='TestDB',User Id='{026716F0-DBEB-4417-A3E0-9FA440277933}',Key='CERT0000000002'
I'm really not sure how this functionality works because the code on the Certificate page to save the file in isolated storage calls the following function in cert management:
[Scope('OnPrem')]
procedure SaveCertToIsolatedStorage(IsolatedCertificate: Record "Isolated Certificate")
Am I missing something? I don't get an error, but I don't see how this can work....
You could save the pfx certificate in a BLOB field and the password in a text field, for the test, later you could elaborate a little more for security purposes.
And use Client.AddCertificate(Cert, Password)
The Cert in the Client.AddCertificate must be in Base64 format, so you can save in the BLOB field the certificate in Base64 o convert to Base64 if is in pfx format.
Regards.