Direct request to api responds properly but wso2 apim gateway doesn't - wso2-api-manager

I am using wso2 apim 4.0.0. The issue that I am stuck with is when I send a direct request to an api (http://localhost:7743/api/products) itself it response back properly (i.e. It returns list of products).
[
{
"id":1,
"name":"a"
},
{
"id":2,
"name":"b"
}
]
But after publishing that api to apim, when I invoke that api (http://localhost:8243/api/products/v1) it keeps giving back not found which is incorrect.
{
"statusCode": "404",
"statusDescription": "Not found"
}
The response above is coming from my api itself not from gateway.
I unchecked response caching in publisher, restarted the server. But nothing has changed.
Any hint to overcome the issue is welcomed

The gateway port is by default 8243. But you have tried to invoke it using port 9443. Change the port value and try it again. Also, ensure that the relevant API is deployed in the gateway. If not, even if the API is published it will not be available in the gateway and you won't be able to get the correct response.

Related

How to call an ASP.NET endpoint locally but from another device on the same network? The certificate for this server is invalid

I have an ASP.NET API running locally. On the MacBook Pro, I can access the endpoints with Swagger, Postman and in the frontend (running on LiveServer) using Axios/JavaScript.
I have successfully loaded the frontend webpage on an iPhone (192.168.0.10:5500/index.html), however the Axios call to the endpoint is failing with the following error message logged to the console Failed to load resource: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.0.10”, which could put your confidential information at risk.
Running the command dotnet dev-certs https --trust generates the message Successfully trusted the existing HTTPS certificate. but does not resolve the issue.
Am I missing something?
#Lex Li's comment worked.
Steps
Remove or comment out app.UseHttpsRedirection(); in program.cs file.
In the launchSettings.json file, "applicationUrl": "https://localhost:7139;http://localhost:5171", generates a http and https url for the API endpoints. Edit the http route to the IP of the computer/local server, e.g., "applicationUrl": "https://localhost:7139;http://192.168.0.10:5171"
use the http endpoint

Ocelot gives 404 and warning UnableToFindDownstreamRouteError for all routes with no route defined

tl;dr; WebApplication with Ocelot added gives an error for any url of
itself (as in, that doesn't have a (re)route defined)
I'm trying out Ocelot for the first time. I'm successful in proxying to another host, but Ocelot blocks the server of rendering any page of its own (UnableToFindDownstreamRouteError)...
I have to stick with .net core 3.1 so I'm using Ocelot version 15.0.7
(I also tried v16.0.1)
I have used the following very basic ocelot.json which, according to the documentation, shouldn't do anything except getting Ocelot starting. I read this as "your site should work as is withouth anything being proxied to another server"
{
"Routes": [
],
"GlobalConfiguration": {
"BaseUrl": "https://localhost:44310"
}
}
In Startup I also added AddOcelot() to ConfigureServices and UseOcelot().Wait() to Configure
Unfortunately when I now go to https://localhost:44310 I no longer see my site but a 404 for EVERY page. In the output I find the following warning :
warn: Ocelot.DownstreamRouteFinder.Middleware.DownstreamRouteFinderMiddleware[0]
requestId: 8000001d-0006-ff00-b63f-84710c7967bb, previousRequestId: no previous request id,
message: DownstreamRouteFinderMiddleware setting pipeline errors. IDownstreamRouteFinder returned Error Code: UnableToFindDownstreamRouteError
Message: Failed to match Route configuration for upstream path: /, verb: GET.
I believe it's save to ignore the warning on the requestId (if I read the documentation on requestId correct). The UnableToFindDownstreamRouteError on the other hand does smell like it could be the issue... Is this the reason for the 404?
Just for the record, when I give a fallback route in the routes array to proxy ALL trafic to another server downstream, this works. So Ocelot DOES work. But why does Ocelot block the upstream server of rendering any page?
(The above example is without any route, but same happens when you give a route that only mathches some routes. The rerouted url than works, all others fail)

Postman keycloack issuedFor

I'm trying to make a request from postman to keycloack for authorization test and still getting this error:
{
"error": "invalid_request",
"error_description": "You must provide the issuedFor"
}
PostMan request parameters:
Postman bearer token header:
I know you've already picked an answer, but for the ones landing here from a web search on the Keycloak's issuedFor problem.
The root cause of the error message shown is the typo in the parameter name "audience" (not "audiance)". That nowadays would make Keycloak to fail fetching the client ID at https://github.com/keycloak/keycloak/blob/3631618b245fa768bff7009b9e87d01dd4387fe3/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java#L330. Just fix the spelling and you should be fine.
For the record, the "audience" parameter is required in the requests to evaluate permissions as stated in the Keycloak's documentation for the Authorization Services: https://www.keycloak.org/docs/latest/authorization_services/index.html#_service_obtaining_permissions.
Ook i found the problem and resolved it. Keycloak does not give access to some type of requests when going out of the network. You must put it in https. When on your local machine, it does work but as soon as you go out of localhost to the network to reach keycloak, you must pass to https.
So what i did is, in my request url, i changed the link to keycloak from http to https and hence changed the port from 8080 to 8443 (the port for https serving). Hope it would help someone. Special thanks to #RossPresser :)

Swagger UI - TypeError: Failed to fetch - on endpoint request (ASPNET Core API)

When trying to run a request through swagger UI, I receive the following response on Swagger
TypeError: Failed to fetch
After searching around, I found that a possible cause of this error is because of a CORS issue, where the origin is changed in the request (as you can see at this other post here). However, in my case, this is not running through some other proxy, it is hosted on a locally hosted server and that server is not changing any of the headers. I realized this when I tried to allow the API to just accept any CORS headers to test if this was the issue; sadly it was not and the issue persisted.
The API is running on IIS hosted on a server that is hosted locally. The API is running as an application on the default website and is accessed via the following url:
http://servername/application-name/swagger/index.html
Can anyone help with this issue?
After further investigation, I found that when I looked at the requests being sent to the server through the dev tools on the browser, that the URL was being changed from http to https on the request of the endpoint through swagger.
HTTPS, has not been set up on the server and returns a 404 (as seen in the dev tools).
It turns out, that even though the server has not been setup to serve content via HTTPS, the requests where still redirected to HTTPS and this was the reason
app.UseHttpsRedirection();
So, even though swagger was able to be loaded on HTTP, when the request was made to the API, the API responded with a 307 - for redirection and the request was redirected to HTTPS - which in turn returned 404. This 404 response was the cause the TypeError: Failed to fetch
The recommended fix for this is to turn off https redirection (ONLY FOR TESTING PURPOSES) and the other is to enable the server to serve the content correctly over HTTPS, so that when a call is made, it is not redirected, but rather sent straight to the correct API address on HTTPS - which should not return the data correctly, since the server can serve HTTPS content

Setting webhook results in 'Unauthorized WebHook callback channel' . Everything should be fine

Time to go to SE, since this has cost me more then 4 hours now.
I'm trying to setup a webhook (https://app.example.com/notications) for Push Notifications coming from Google Drive API.
After having set-up everything I'm getting error:
...
errors": [
{
"domain": "global",
"reason": "push.webhookUrlUnauthorized",
"message": "Unauthorized WebHook callback channel: https://app.example.com"
}
],
...
There are a couple of results on google (most of which are here on SE) that talk about this issue. None of the solutions presented seem to work for me. Needless to say, I would be pretty much tearing my hair out if I had some.
This I what I've tried:
As explained here there are some requirements:
Step 1: Verify that you own the domain. (Complete the site verification process using Webmaster Tools)
Registered app.example.com, through Webmaster Tools. Separately also verified example.com although this should not matter. Check!
Step 2: Register your domain:
Go to the Google Developers Console.
Choose or create a project.
In the sidebar on the left, click APIs & auth, then click Push.
Click Add domains.
Fill in the form, then again click Add domains.
Done for app.example.com. Check!
Note that the Drive API will be able to send notifications to this HTTPS address only if there is a valid SSL certificate installed on your web server. Invalid certificates include:
Self-signed certificates.
Certificates signed by an untrusted source.
Certificates that have been revoked.
Certificates that have a subject that doesn't match the target hostname.
What I've done:
I've setup app.example.com with an SSL certificate.
Moreover the endpoint is reachable and everything checks out.
SSL checker has verified that everything is okay (5 ticks). Even the SSL-chain is setup correctly. Check!
constructing a POST query
to the simple https://www.googleapis.com/drive/v2/changes/watch endpoint
containing a Authorization: Bearer x header
containing a Content-Type:application/json header
Post contains a body as follows
{
"id": "someIdThatDoesntMatter",
"type":"web_hook",
"address": "https://app.example.com/notifications"
}
Check!
I'm running all this through Postman (a Chrome extensions to test http requests) so there's no app at my side that can be interfering.
What on earth could be the problem?
It was very weird but somehow it works.
When adding domain use complete URL with https://app.example.com/notifications
try the complete URL with a trailing slash when making calendar API call
{
"id": "someIdThatDoesntMatter",
"type":"web_hook",
"address": "https://app.example.com/notifications/"
}
Step 4's POST body address: "https://app.captured.io/notifications" should be "https://app.example.com/notications". Or the other way around. Either way, they should all match so we can understand whether that's merely a typo in your post or truly the answer to your question. :)
Oh; and in "https://app.example.com/notications", "notications" is misspelled. It should be: "https://app.example.com/notifications". ... Or the other way around if that's your thing :)
It's also worth noting, per their documentation:
A watch request will not be successful unless the current user or service account owns or has permission to access this resource.

Resources