How to connect to and authenticate an external web service from BC cloud

garth68garth68 Member Posts: 5
I am trying to connect to the ABN Amro sandbox. The API example is as follows:

curl -X POST "https://auth-mtls-sandbox.abnamro.com/as/token.oauth2" \
-v \
--cert CertificateCommercial.crt \
--key PrivateKeyCommercial.key \
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&client_id=test_client&scope=account:details:read account:balance:read account:transaction:read'

The headers, body, certificate and connection are fairly easy, but I have no idea how to use the key file:

Url := 'https://auth-mtls-sandbox.abnamro.com/';
BodyContent := 'grant_type=client_credentials&client_id=test_client&scope=account:details:read account:balance:read account:transaction:read';
Headers.Remove('Content-Type');
Headers.Add('Content-Type', 'application/x-www-form-urlencoded');
Headers.Add('Cache-Control', 'no-cache');
Body.WriteFrom(ContentText);
Body.GetHeaders(Headers);

// cert = get from cert table convert to base64?
Client.AddCertificate(Cert);

if not Client.Get(Url, Response) then
Error(WebServiceError);

Any help is appreciated!!

Best Answers

  • ftorneroftornero Member Posts: 459
    Answer ✓
    Hello @garth68,

    You need to convert the .crt and the .key to a .pfx and this new certificate is the one that you use with Client.AddCertificate(Cert).

    For this conversion you can use openssl.
    openssl pkcs12 -export -out NewCertificate.pfx -inkey PrivateKeyCommercial.key -in CertificateCommercial.crt
    

    Regards.
  • ftorneroftornero Member Posts: 459
    Answer ✓
    Hello @garth68,

    You could save the pfx certificate in a BLOB field and the password in a text field, for the test, later you could elaborate a little more for security purposes.

    And use Client.AddCertificate(Cert, Password)

    The Cert in the Client.AddCertificate must be in Base64 format, so you can save in the BLOB field the certificate in Base64 o convert to Base64 if is in pfx format.

    Regards.

Answers

  • ftorneroftornero Member Posts: 459
    Hello @garth68,

    What kind of certificate do you store in the cert table ?

    Regards.
  • garth68garth68 Member Posts: 5
    Hi @ftornero,

    Thanks for the reply! I'm not sure what type of certificate it is. I'm not even sure if I'm supposed to store it in the certificate table (I can't find any help on this topic).
    The certificate and key (which are freely available for this sandbox testing) are as follows:
    .crt file:
    BEGIN CERTIFICATE
    MIIF6zCCA9OgAwIBAgIUGQpUrbFYC6Ld1+n9PIgYqHQxzNwwDQYJKoZIhvcNAQEL
    BQAwgYQxCzAJBgNVBAYTAk5MMRYwFAYDVQQIDA1Ob29yZCBIb2xsYW5kMRIwEAYD
    VQQHDAlBbXN0ZXJkYW0xEDAOBgNVBAoMB1NhbmRib3gxDDAKBgNVBAsMA0NBVDEp
    MCcGA1UEAwwgU2FuZGJveENlcnRpZmljYXRlIFdJVEhPVVQgVFJVU1QwHhcNMTkw
    OTA0MDkzNzQ5WhcNMjkwOTAxMDkzNzQ5WjCBhDELMAkGA1UEBhMCTkwxFjAUBgNV
    BAgMDU5vb3JkIEhvbGxhbmQxEjAQBgNVBAcMCUFtc3RlcmRhbTEQMA4GA1UECgwH
    U2FuZGJveDEMMAoGA1UECwwDQ0FUMSkwJwYDVQQDDCBTYW5kYm94Q2VydGlmaWNh
    dGUgV0lUSE9VVCBUUlVTVDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
    AMRWQ+VekoSxHEhJ93rSgApLW2pvFinb6N1hipHIBIwJPdlAsnEAwCkA009zojs
    MxscvspsUJvsdsUn2RCjw4idP41Ta0ZFsVla63NIoTI83ZpToE20lpgJrM0ay1Zv
    rraLJzoXCj3PDP6JyqlhXtl/ASRXtOlOwf+KL2XBfkrwtRXsMwSbXh/A8V4AjzTN
    M1QyUdfiHnImzw04HfS2nPaUbJ4TEcvrw5s9qMGddsmeMsRPH54zCO9JVdt3emXg
    l5sBdbzDxp1nwkcR6sKoYiEy7k/o3+CDWYkTf1FUREiylVl46J85nHl3Msw1ptwA
    keMw1aL6U+JG07EOq/RhRctIhdWqR40JkUspeVd70t4hgqUaQL/Uopv6dVfK9zM3
    6s29SMtlWNvvRNHpS+z0USsJ/MKO60gtHo+O5jnmYJtL8WgdKt7LlmIxzgX2kc0j
    hkI+g42dy4y0+aPsw01Nw+htYfIp24sYv7GiouYRMel1zdHMQtMnA3p6ScU/asMJ
    UfGMWxo8s1rBoUNA5q0R0nXIe9EqDmg0TeSEUwOGEahDVy/3w6tj4JhKKrg+Cn4P
    PnPGil8ctA2+3HxRRTYsQhfg8S9v54oN5VxlT8R+tAzA6I8vRNvZGT80NfSRg2UY
    HaRhG8I+IZsJlIDeiKr3Ly2mf0bBFcnjSecaLuYp1Kh9AgMBAAGjUzBRMB0GA1Ud
    DgQWBBSCTmDMlhAdffJom0d51PJiXNNjPzAfBgNVHSMEGDAWgBSCTmDMlhAdffJo
    m0d51PJiXNNjPzAPBgNVHRMBAf8ETADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAc
    Z94K2zG+slwPGQmu28RK7q7sN5zHgfBnAUJy4SUp7Rl3RgDB+n9GxuvCwcoCnPA3
    z3LTJLoV/YVV1gzsfNRn3XQE0qUzmqPb+0jgpNvf+1tw5JCVdKtjzjWP6PBxTGVW
    EzpdQGZDfc3/nlacHRSE5Aj9vHyXdobGKI4h/y/jgkoslUXEKY3j2wTSYtwzACEX
    YX/1vDm/16sVCgAwLqocyfeKXZce7Mc+3hnM4fgsLVIayY7tHjYC/4MPnJixVTtC
    T858gQ6vpGNpv9qYsFBMWkoQIpBH2fjFr4iJ0UO/3J79A+Bn/kDvvWRZXpeH51zq
    LK63VBO9x+2wI1aDeu4zdrS4iDlDmxy3CXke6QzT1faafan0PwiI7B1FFUVIgNR/
    P7Pmawr8T73FmTo7rfBIkKzTa6A66KhScpz3h0ctJ8HKmG005k/T4WBUlZB8a9on
    fo1r1IgeoOjKg86NMRHJKsyHo8GWn7QmLsxD+LNIz9OLqxm3UiB/+EeIYyyFccET
    YzMyT90GI7jXOg6g1y+p1pqYWuQBvkizgV8QTZgrKFA3KxfX4YfhyjjOm6OhlKlx
    M9nEfgq8xoha51clgWrUVWtUnPS6MRWsAIg7jKq3lOPIThBwuH/V4MkLukIvqkFr
    j4Kpgx9lYMfp1QPbWCaVLS94r26h+oHHzk8au8K9RA==
    END CERTIFICATE

    .key file:
    BEGIN PRIVATE KEY
    MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDEVkPlXpKEsRxI
    Sfd60oLwKS1tqbxYp2+jdYYqRyASMCT3ZQLJxAMApANNPc6I7DMbHL7KbFCb7HbF
    J9kQo8OInT+NU2tGRbFZWutzSKEyPN2aU6BNtJaYCazNGstWb662iyc6Fwo9zwz+
    icqpYV7ZfwEkV7TpTsH/ii9lwX5K8LUV7DMEm14fwPFeAI80zTNUMlHX4h5yJs8N
    OB30tpz2lGyeExHL68ObPajBnXbJnjLETx+eMwjvSVXbd3pl4JebAXW8w8adZ8JH
    EerCqGIhMu5P6N/gg1mJE39RVERIspVZeOifOZx5dzLMNabcAJHjMNWi+lPiRtOx
    Dqv0YUXLSIXVqkeNCZFLKXlXe9LeIYKlGkC/1KKb+nVXyvczN+rNvUjLZVjb70TR
    6Uvs9FErCfzCjutILR6PjuY55mCbS/FoHSrey5ZiMc4F9pHNI4ZCPoONncuMtPmj
    7MNNTcPobWHyKduLGL+xoqLmETHpdc3RzELTJwN6eknFP2rDCVHxjFsaPLNawaFD
    QOatEdJ1yHvRKg5oN3khFMDhhGoQ1cv98OrY+CYSiq4Pgp+Dz5zxopfHLQNvtx8
    UUU2LEIX4PEvb+eKDeVcZU/EfrQMwOiPL0Tb2Rk/NDX0kYNlGB2kYRvCPiGbCZSA
    3oiq9y8tpn9GwRXJ40nnGi7mKdSofQIDAQABAoICAQC20FhSF7g4A64BBZaBb8hq
    FP1u0hBFQEqsGj892JJdPST+kriA5JmjHBTS9Ez+o2iGw0JHu4lnVkvVEmCEpOfp
    qfnF/zmw6i3TtNvtsWAfJht1mo52LEPY95FGPb++ESnOYU26Qj/QA53m2KizBK5L
    uH14uI4Ee8gZyDKP/hY5c146Nn/et0hyKrbUP5MYqEU2DdC1Qp/0zHwYo/sIpI0M
    8HEe00TL6xBs2YHsHlHANCSzM7WOGZklLdTbEKoQeIrR0w8tH+ItKLL2eBFvBVix
    7vmFwKHNLKDPCS+Qq/UU9+wmrnVz5TH0y++pw/9FdOZidFNIeOxokmiEwdONLpHL
    sD0ovxKSNkknZoQfjtyZJ0iUkUrjixDGrfCeMb/Q3LOuDRgGB2id5A4Z+e+Zx8nM
    ZHHv4KQXY+DdY7yod4U1/BKWP3syfQX5DN78WC4wRnyA+0Cxhi8GNzS9gdpRtNVB
    4AByK8NE1ZVL2ytp1ZsfZkff19hl1psBwUGG9DkFAjtFgnsTq+fE7NBxHbyJMOXG
    58mbIIoAUmiJpUA6gZo6JKEOYH0sbKhvz8nKUy/QZolquSCixzUqpIGJZellC+4W
    Hd5Hkl6je/VkVfC17Hs+pxKMRCjICvFI3J4Ef1a3Lr7j2f8maendHsjFTjqBAg2R
    mH5s03+kgoIY5UJ1bga7IQKCAQEA6R56/w9UBb0woeSXI+T7ql5zURtmvOmF2SsR
    28D+lWoaCHbd+6lxXzrT6XZztWW40eI0Z3WNVClDdfaTrWofPrzHot3nKQPgnvt1
    LDSa6HLmZUWRGHz2mPZccxnxwjJev+fr8O8JRb//i1wMGwO8yJwF252ZxZIQgYVB
    SSzMyaMSeZYkdhvnUErfKUd9djB+TydMQaeOHPnhFls7DuDne0onV2zjUkElH6pg
    GVege/0g4isUqHNYoBYpIqPw7C78GNQetQeifrq6wrS8bAAnUSlIXuROsLIhd/Ml
    eGvA/3B2Mc+Rjj9WPQT4LIhAHyKvZnGpZMAtk5lKPN8RmCKQeQKCAQEA15uSNiT/
    2B0XjFpZueoZvbV9VADK0aM9PhWV+vdrKCYzhliQ0N7PyvFpqLgp0l9LT/oVY/Mh
    f5z9CqsTH5Z49WVQdquEe1MnsGo16RUzlk/8J3/n052HYRtglbk73fckH/PIhxtY
    +PoTl6fBQrVSJ3tPzpi9oNHUTx1xcyTfvrcGDBWEyK/0majb/RW3OxTo/5Ogg/LY
    JJKkdOlQpzJQkPa1BwmzTKYn6rdGZeP890n+erl6dJ9GZBCotOI5WfzKSX+VCJfI
    RPaitkFj7uemry1FkboLo2Psqk5odmIKJCdx+54gv9uYGWdMSh0utEufg2GB+8gE
    JhR3zIegg4g/JQKCAQA0Uwkcct5TI3HlBKAACIeMaALOM65NvMS0R/yMLLd35gbN
    25Bbyl6OF3A1OMcj8h8XzQQiLLp6J4Di22OuSuGUfV756YDXLe2fAaX9NBmJDzEz
    jffRXUskbje2Bh7DjfbCcFX/EEguhbfgGdsFvUMEbDDMaIV5WR2nVLegqxOUNqwQ
    6mhosj6rQQLyCv/YJW5Uaeet3OQDEPs6v2N0JXsPq0dFUkV70u94Og+z4H0/F0Po
    P+81GB7OX+r/wXh0Kt+e2w3BaGNKurLsvRCF1Ur95pw94FThSDpG6CaC7vy02RNO
    ft6W5RSAQbtKk5KA6pIgFmcFHDWeqYuGOjOCyE9RAoIBAQCLXKJoXwgEL+G9tdTT
    Z+7Vgc8NkimG0cXPMHKuMmjQHckmKG8Ko0qauep6xPc7ZJ8whcx3u3rGmrmwwJ1u
    yHtM2vzkh77tW/WGgVBxZWPf37lz6qf1T5hm+yQ2AvIgahOul4vhUJr06+foGeXA
    caU1oe4W8wF3Rsm9jaF8NLRu+Kxu+SXH9nvbKptvfi7egIiOUmTphPmSwjqM2xZn
    zAzpdp3Se8GqZKfefjKBv5kWoSj3Om7IgyEt4Pkz2kUsmIqmc3CLSGk+ep4ddHb
    ZV6HUnLqW+AT743VEzNQedRmRBzX8ADpIk6w9OUJ7sz2ev8TE97J2SJdXtOEn5Hw
    EwwFAoIBAEfD4QJlT1llPJM5r1Xtjq5tmPNuwNfUAG6497qlEdaHK37TFtdS0C9m
    ubp2VuCE+H4QfMdhmqzLgWaR0IUlLF8fmEChbUjw1fcjHJkYVZDMMmpf4LGzEXEj
    BcCTOnUqqYt4wNGBE+FulGPjDLsqPmYOsQApxCGG1Vo90ApfiR/lhsQrdWP+Wq7C
    CF8DxWtRQ1ZkWXhvoy1gSVCfSkIZrFIebvn8eqLbewuE3kgfbpZQX+D7tqPAtCZ9
    emHiwmIk09/Qs4HYU+sGXDRyLs0Qe6u60Tf693IAZYwe7IVobasYT0R2ThbawGrS
    gj12OIBan8VryRt0eIuQKPp06ARzEzs=
    END PRIVATE KEY

    In Postman I add these 2 files to the certificate setup and I can connect. But in BC cloud I have no idea how to use them. I assume that I stream the certificate to the client using Client.AddCertificate(Cert)...

    The response to this Client.Get should be a OAuth2 token that allows me to get the data needed
  • ftorneroftornero Member Posts: 459
    Answer ✓
    Hello @garth68,

    You need to convert the .crt and the .key to a .pfx and this new certificate is the one that you use with Client.AddCertificate(Cert).

    For this conversion you can use openssl.
    openssl pkcs12 -export -out NewCertificate.pfx -inkey PrivateKeyCommercial.key -in CertificateCommercial.crt
    

    Regards.
  • garth68garth68 Member Posts: 5
    Thanks @ftornero! I appreciate the help!!
  • garth68garth68 Member Posts: 5
    Hi @ftornero,

    Thanks, created without a problem. How do I actually use the certificate? The functions in the Certificate Management codeunit are marked as OnPrem, and when I use the isolatedstorage.Get I get an error:

    Certificate.Get('CERT0000000002');
    //CertificateMgt.GetCertAsBase64String(Certificate); //marked as OnPrem
    ISOLATEDSTORAGE.Get(Certificate.Code, DATASCOPE::CompanyAndUser, Cert); //error here
    ISOLATEDSTORAGE.Get(Certificate.Code + 'Password', DATASCOPE::CompanyAndUser, StoredPassword);

    The Isolated Storage does not exist. Identification fields and values: App Id='{56368753-DB13-4133-8BF0-6F24NNNA7A4A}',Scope='CompanyAndUser',Company Name='TestDB',User Id='{026716F0-DBEB-4417-A3E0-9FA440277933}',Key='CERT0000000002'

    I'm really not sure how this functionality works because the code on the Certificate page to save the file in isolated storage calls the following function in cert management:

    [Scope('OnPrem')]
    procedure SaveCertToIsolatedStorage(IsolatedCertificate: Record "Isolated Certificate")

    Am I missing something? I don't get an error, but I don't see how this can work....
  • ftorneroftornero Member Posts: 459
    Answer ✓
    Hello @garth68,

    You could save the pfx certificate in a BLOB field and the password in a text field, for the test, later you could elaborate a little more for security purposes.

    And use Client.AddCertificate(Cert, Password)

    The Cert in the Client.AddCertificate must be in Base64 format, so you can save in the BLOB field the certificate in Base64 o convert to Base64 if is in pfx format.

    Regards.
  • garth68garth68 Member Posts: 5
    Thanks @ftornero . That makes sense!
Sign In or Register to comment.