This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

REST API call with client certificate

Posted on 09-13-2023 03:15 AM
MarcoNoordam
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi,

How do I make a REST call which needs a client certificate (crt + key)?
I have it working in Postman, but can't figure out how to do this within AppSheet. 

Help much appreciated!

Solved Solved
0 5 3,747
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
WillowMobileSys
Platinum 1
Platinum 1
In response to MarcoNoordam
Reply posted on --/--/---- --:-- AM

I see.  These are connection certificates.  They establish a secure communication channel between two entities, basically a VPN - Virtual Private Network.  Because it's private, it requires its own encryption/decryption keys which are provided by the certificate.

Unfortunately, AppSheet does not support this style of secured communications at this time. 

However, I believe you could implement Google App Scripts to handle this. Your app calls a script, passing the necessary arguments and the script in turn builds the JSON payload and calls the API.

View solution in original post

Jump to Solution
5 REPLIES 5

Posted on --/--/---- --:-- AM
WillowMobileSys
Platinum 1
Platinum 1
Reply posted on --/--/---- --:-- AM

If you are calling an external service FROM AppSheet, then you may want to refer to the articles below.  The terms "cert" and "key" may be referred to differently.

Introduction to webhooks 

Call a webhook from automation

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
MarcoNoordam
Bronze 2
Bronze 2
In response to WillowMobileSys
Reply posted on --/--/---- --:-- AM

Thank you for your reply and links.
The only authentication mentioned in the documentation is related to Header-authentication, but my source demands a client-certificate/key.

Or do you suggest pasting the certificate-strings as http-header?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
WillowMobileSys
Platinum 1
Platinum 1
Reply posted on --/--/---- --:-- AM
@MarcoNoordam wrote:

Or do you suggest pasting the certificate-strings as http-header?

I think this depends on the external API service you are calling.  They must have some guidance on how you are expected to pass the authentication details.

 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
MarcoNoordam
Bronze 2
Bronze 2
In response to WillowMobileSys
Reply posted on --/--/---- --:-- AM

Calls to the API must be signed with a certificate.
https://ons-api.nl/nieuwe_koppeling/Ontwikkelen.html

Translated:
All calls to our APIs must be signed with the certificate that corresponds to the environment, in this case, your development certificate. How to set this up correctly will vary depending on the framework or platform; we cannot assist you with this.

Within postman I followed this guide
https://learning.postman.com/docs/sending-requests/certificates/

 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
WillowMobileSys
Platinum 1
Platinum 1
In response to MarcoNoordam
Reply posted on --/--/---- --:-- AM

I see.  These are connection certificates.  They establish a secure communication channel between two entities, basically a VPN - Virtual Private Network.  Because it's private, it requires its own encryption/decryption keys which are provided by the certificate.

Unfortunately, AppSheet does not support this style of secured communications at this time. 

However, I believe you could implement Google App Scripts to handle this. Your app calls a script, passing the necessary arguments and the script in turn builds the JSON payload and calls the API.

Jump to Solution
Top Labels in this Space