Discussions

I am trying to find the simplest way to use an externally hosted API that will process requests that a user has insufficient rights to do using the passthrough API. I have a process working that uses the SSO to get a bearer token that the external API can then use to query the scheduler endpoint to verify a user is authenticated. I'm looking for a simpler way to allow the external API to verify that a user is authenticated and who they are. It seems like I should be able to use the passthrough API to get a bearer token that could be passed to the external API without all the overhead of using the SSO functionality, but I can't get the syntax of the call correct. Here is a call that works and return a bearer token from the API but it uses the "password" as a grant_type which I won't have. I want to make the same call, but use the requestverificationtoken for authentication. Is this possible, and can you post a raw request as an example so I can get the syntax of the call correct. Here is a call that return a bearer token from the passthrough API but it requires username and password instead of the requestverificationtoken. You can see that it has the required cookie and request verification token in the header already. It just needs the correct grant type and any other required fields in the body.

POST https://redacted.com/web/Token HTTP/1.1

Origin: https://redacted.com
Referer: https://redacted.com/web/iSamples/Member/MemberHome.aspx?WebsiteKey=48014db4-df2a-4281-8f1d-89be8482f7a7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134
Content-Type: application/x-www-form-urlencoded
Accept: /
RequestVerificationToken: TFQQ19FDAUvG75qEouRPw3du7aZI10hN4nbd6IqyxGjAT7qtQdmReHTWVqLyf5AjB-8sY36eIMcWyQdRQuaW2qKUkZIWrsvbQmBBJ6fcUQE1
X-Requested-With: XMLHttpRequest
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Host: redacted.com
Content-Length: 59
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ASP.NET_SessionId=deowstk5htgfqmgkxw2ky1yg; __RequestVerificationToken_L3dlYg2=gOaXQNn1yuLn89DDVQ6o5ZFaXCtWnqrPXB5DM1DvO30u4LEK7wU9URKL4McX4022DGVcOWsLKwYnqSEimrHOPV0Ld2ez0VN4UnVF7NfXKCE1; Asi.Web.Browser.CookiesEnabled=true; Login=EC44F0C0B275DAEDD8AA2686FC10359378FD46C23E2F4A71570555EAFA896322459BBCE2003E81293179DEC15F6301854DC81A5745F7CF4FD1FEE0147DC7F48C112E2F4775DA4BD8465B0C7203FE176D1B095DFF015F4291EC93A39241EC1B67EABA0ADBD42E6293F9C6DA12BC9E3D531D6E386AF13B29A0357DC1E16CEBB4CCB225702AF0C2C8BE20FC8F685E9C6B24C1D4194A68A6437E65559E2BA88D8BC4ACB8D36DE243F087D69C3D27D0F1953C0EF8F4F86C79E6776638B544B4C1FC409DF52C0B728EA67FA476617CF9B72FBBA693DFC05FFD28FC47C2FE32B4E02BF5; .AspNet.Cookies=KdzzuFy03RitWo1jDlIMguv4Jh3GHiWs5yNn-LqZhhBLYQXVlsBT0wBct-b_xP-Tmrxq8nUdyhu_08p5dLwpEQTQwlHcLrB-IK2le-IMVm6aZYPWdhT3dPcLhBuL4TRFMACBHKfEMB0Zl_mZ5rLlYm_NzVU4REgIl5Qbf-KeYkxOSdMs8FcfChBLpO9dRsmq4s_PuPl4djtagei1CG_yJ0p7bC5NE4B5SJ-h1JKn1Y5ZDzYATVfxW1fhH42Enw2QSaCnCyYYMHJZZahM-zMC2Ye-M_DpwBJpAJk3oTW6ss6fPDzlDUsO9SVP1BxZMxJ2uAte7wHG19-fhDtRwfCLFB-FwiRbkGq_aE4Tgji_klZYtyFD2usS712rhMk3t44WG0C1lik7HWaHYdE9ZPXWUc_4daM8WAED-9uBpWB5cPib-xU0Qhh56V6tfbk9UbxdwTpDzTBvqWU2WnlaXsJCq1Bge1lW_mPQvBi8M9dGp20hv--Lqbyt_sV2s0DN_P_HWSnGuPFDKoUKayAnFYoiBcnjFKzQ1QWhIYbIOAKUfPwMw3jClFM48GWf2VT6XuL7vIKw1vQ6D6btOotiJpaHiUDhRICirtQpvu-mTyVl_iuPMpoQwaP1Jc9JixoxnbNY5jnYYhc0sCULArM6xuumPTvOZqmkhqNiVlQ4QMUL4CC4mMGFqjWxNAYhj4lUcrOaPI4XEVmCDEbu_abPKxFS7ja2B_x8uq6P8VMpOkcoEfz4dt0ps0oPe9IIBYTnz6jZmf6EKIwNKGAnmzxAzXdmxhRqwCj9cwJ-7dOX87513NbQuQe2RKADnS5eLoN0eS57RENOUKziNxJEV643bXAm9WCoXNWMmCP_8uCid9n9cLNRzBTU-5XUCeVO57f8kC8aLrD5wfOZYOTbvLQANXxjG2nMYrCtnS5PI11EWiTmDcxDt9pphNdp_X6gwGYr3ZCNA1iJzIl0ILoj9dRzfErEybflDoQuLbgwRl-ZBtPXN2nrPsGpFiMRK2t80q2dJ-UkGyLt5a7r-9d7AP_H4vHddw; AnonymousCartId=

grant_type=password&username=redactedusername&password=redactedpassword