KB Article #179679
MailGate API calls for Secure Collaboration (5.6.0)
Problem
How the API calls should look like to be able to send secure messages through the API.
Resolution
Here is the input and the expected (normal) output examples when CSRF is enabled. If it is disabled just remove all the “?te=
Autherntication:
Auth step 1:
Input:
bb560:~ # curl -v "https://10.232.24.199/api/myself" -k
Output:
* About to connect() to 10.232.24.199 port 443 (#0)
* Trying 10.232.24.199... connected
* Connected to 10.232.24.199 (10.232.24.199) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA
* Server certificate:
* subject: C=--; ST=SomeState; L=SomeCity; O=SomeOrganization; OU=SomeOrganizationalUnit; CN=api; emailAddress=support@axway.com
* start date: 2018-07-26 19:23:02 GMT
* expire date: 2038-07-25 19:23:02 GMT
* issuer: C=--; ST=SomeState; L=SomeCity; O=SomeOrganization; OU=SomeOrganizationalUnit; CN=api; emailAddress=support@axway.com
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET /api/myself HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.7 libidn/1.10
> Host: 10.232.24.199
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Date: Mon, 30 Jul 2018 18:52:38 GMT
< Server: Apache
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Content-Encoding: UTF-8
< Expires: 0
< Cache-Control: no-cache, no-store
< Pragma: no-store
< Content-Length: 82
< Set-Cookie: te=CF55DFB54E597EB602F9F62294967614B2CE95462FA0187F47B2389F21D2ED64;Path=/;Secure
< Set-Cookie: JSESSIONID=vgjkh6o9x3onTOMbW4BYTCsMmHdAaL3w2QsCyHz7.localhost; path=/api;Secure;HttpOnly
< Content-Type: application/json
<
* Connection #0 to host 10.232.24.199 left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
{"error":"Unauthorized","errorCode":"unauthorized","permissions":["CreateDrafts"]}
Auth step 2:
Input:
bb560:~ # curl -v -d 'j_username=rado@sofia-support.org&j_password=1' --dump-header headers 'https://10.232.24.199/api/j_security_check' -H 'Cookie: JSESSIONID=vgjkh6o9x3onTOMbW4BYTCsMmHdAaL3w2QsCyHz7.localhost;te=CF55DFB54E597EB602F9F62294967614B2CE95462FA0187F47B2389F21D2ED64;' -k
Output
* About to connect() to 10.232.24.199 port 443 (#0)
* Trying 10.232.24.199... connected
* Connected to 10.232.24.199 (10.232.24.199) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA
* Server certificate:
* subject: C=--; ST=SomeState; L=SomeCity; O=SomeOrganization; OU=SomeOrganizationalUnit; CN=api; emailAddress=support@axway.com
* start date: 2018-07-26 19:23:02 GMT
* expire date: 2038-07-25 19:23:02 GMT
* issuer: C=--; ST=SomeState; L=SomeCity; O=SomeOrganization; OU=SomeOrganizationalUnit; CN=api; emailAddress=support@axway.com
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> POST /api/j_security_check HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.7 libidn/1.10
> Host: 10.232.24.199
> Accept: */*
> Cookie: JSESSIONID=vgjkh6o9x3onTOMbW4BYTCsMmHdAaL3w2QsCyHz7.localhost;te=CF55DFB54E597EB602F9F62294967614B2CE95462FA0187F47B2389F21D2ED64;
> Content-Length: 46
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 302 Found
< Date: Mon, 30 Jul 2018 18:53:20 GMT
< Server: Apache
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Expires: 0
< Cache-Control: no-cache, no-store, must-revalidate
< Pragma: no-cache
< Location: https://10.232.24.199/enduser?te=CF55DFB54E597EB60...
< Content-Length: 0
< Set-Cookie: JSESSIONID=4PXi_rJuQREZorx1uH14URQVAVueUinE8h05ZPl6.localhost; path=/api;Secure;HttpOnly
<
* Connection #0 to host 10.232.24.199 left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
Auth step 3:
Input:
bb560:~ # curl -v "https://10.232.24.199/api/5.0/preferences?te=CF55DFB54E597EB602F9F62294967614B2CE95462FA0187F47B2389F21D2ED64" -H 'Cookie:JSESSIONID=4PXi_rJuQREZorx1uH14URQVAVueUinE8h05ZPl6.localhost;te=CF55DFB54E597EB602F9F62294967614B2CE95462FA0187F47B2389F21D2ED64' -k
Output:
* About to connect() to 10.232.24.199 port 443 (#0)
* Trying 10.232.24.199... connected
* Connected to 10.232.24.199 (10.232.24.199) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA
* Server certificate:
* subject: C=--; ST=SomeState; L=SomeCity; O=SomeOrganization; OU=SomeOrganizationalUnit; CN=api; emailAddress=support@axway.com
* start date: 2018-07-26 19:23:02 GMT
* expire date: 2038-07-25 19:23:02 GMT
* issuer: C=--; ST=SomeState; L=SomeCity; O=SomeOrganization; OU=SomeOrganizationalUnit; CN=api; emailAddress=support@axway.com
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET /api/5.0/preferences?te=CF55DFB54E597EB602F9F62294967614B2CE95462FA0187F47B2389F21D2ED64 HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.7 libidn/1.10
> Host: 10.232.24.199
> Accept: */*
> Cookie:JSESSIONID=4PXi_rJuQREZorx1uH14URQVAVueUinE8h05ZPl6.localhost;te=CF55DFB54E597EB602F9F62294967614B2CE95462FA0187F47B2389F21D2ED64
>
< HTTP/1.1 200 OK
< Date: Mon, 30 Jul 2018 18:54:17 GMT
< Server: Apache
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Content-Encoding: UTF-8
< Expires: 0
< Cache-Control: no-cache, no-store
< Pragma: no-store
< Content-Length: 199
< Content-Type: application/json
<
* Connection #0 to host 10.232.24.199 left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
{"brand":"def","firstName":"Radoslav","lastName":"Vasilev","language":"en","junkAction":"default","bulkAction":"default","showSendConfirmation":false,"emailFormat":"html","notifyOnPackageView":false}
At this point the Authentication is successful and it is equivalent as being passed through login page on enduser UI.
Create message:
Input:
bb560:~ # curl -v -d "to=user@sofia-support.org" https://10.232.24.199/api/messages?te=CF55DFB54E59... -H 'Cookie:JSESSIONID=4PXi_rJuQREZorx1uH14URQVAVueUinE8h05ZPl6.localhost;te=CF55DFB54E597EB602F9F62294967614B2CE95462FA0187F47B2389F21D2ED64' -k
Output:
* About to connect() to 10.232.24.199 port 443 (#0)
* Trying 10.232.24.199... connected
* Connected to 10.232.24.199 (10.232.24.199) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA
* Server certificate:
* subject: C=--; ST=SomeState; L=SomeCity; O=SomeOrganization; OU=SomeOrganizationalUnit; CN=api; emailAddress=support@axway.com
* start date: 2018-07-26 19:23:02 GMT
* expire date: 2038-07-25 19:23:02 GMT
* issuer: C=--; ST=SomeState; L=SomeCity; O=SomeOrganization; OU=SomeOrganizationalUnit; CN=api; emailAddress=support@axway.com
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> POST /api/messages?te=CF55DFB54E597EB602F9F62294967614B2CE95462FA0187F47B2389F21D2ED64 HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.7 libidn/1.10
> Host: 10.232.24.199
> Accept: */*
> Cookie:JSESSIONID=4PXi_rJuQREZorx1uH14URQVAVueUinE8h05ZPl6.localhost;te=CF55DFB54E597EB602F9F62294967614B2CE95462FA0187F47B2389F21D2ED64
> Content-Length: 25
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
< Date: Mon, 30 Jul 2018 18:55:14 GMT
< Server: Apache
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Content-Encoding: UTF-8
< Expires: 0
< Cache-Control: no-cache, no-store
< Pragma: no-store
< Content-Length: 184
< Content-Type: application/json
<
* Connection #0 to host 10.232.24.199 left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
{"info":"Draft was successfully created","messageId":"481f02bb4a5c814eb48b757ebb7f7c3db205dffe2d36a5ac0ecf6989a3991b46a1bdba8d25a64b9dbf5c5ed65795847cace790e973174b7ba530cb5bc83429e8"}