CURLMBS

is CURLMBS plugin advisable to interact with Rest or Soap WebService in a Xojo WebApp?
are there examples?

thank you

Absolutely! It provides much more functionality and logging (esp important) and we use it for interacting with govt agency services - in fact we seldom use the built-in http for anything more complex than a simple GET.

There are a load of examples but it’s a bit hard to figure out CURL to CURLSMBS mapping - you’ll get it with a bit of experimentation.

You’d generally create a subclass (e.g. XeroCurl as CURLSMBS) and init:

me.OptionSSLVersion=me.kSSLVersionTLSv12
me.OptionPost=true
me.YieldTime=true

// logging stuff...VERY useful
me.CollectDebugData=true
me.CollectHeaderData=true
me.CollectOutputData=true
me.OptionVerbose=true
me.OptionTimeOut=30

so far it’s very similar to using xojo http

Then you need to make it do something, like get an oAuth token:

dim header, url, token, secret, verifier, nonce, epoch, sigbase, hash, response as String=""
url=kURLAccessToken
token=jToken.Lookup("oauth_token", "")
secret=jToken.Lookup("oauth_token_secret", "")
verifier=jToken.Lookup("oauth_verifier", "")
nonce=UUIDMBS.randomUUID.ValueHexString
epoch=format(now.TimestampEpochTime, "#0")
sigbase="POST&"+EncodeURLComponent(url)+"&"+EncodeURLComponent("oauth_consumer_key="+consumerKey+"&oauth_nonce="+nonce+"&oauth_signature_method=HMAC-SHA1&oauth_timestamp="+epoch+"&oauth_token="+token+"&oauth_verifier="+verifier+"&oauth_version=1.0")
hash=EncodeURLComponent(EncodeBase64(Crypto.HMAC(consumerSecret+"&"+secret, sigbase, Crypto.Algorithm.SHA1), 0))

header="OAuth oauth_consumer_key="+quote+consumerKey+quote _
+", oauth_token="+quote+token+quote _
+", oauth_verifier="+quote+verifier+quote _
+", oauth_nonce="+quote+nonce+quote _
+", oauth_signature="+quote+hash+quote _
+", oauth_signature_method="+quote+"HMAC-SHA1"+quote _
+", oauth_timestamp="+quote+epoch+quote _
+", oauth_version="+quote+"1.0"+quote

dim header2() as String
header2.Append("Content-Type: application/x-www-form-urlencoded; charset=utf-8")
header2.Append("Content-Length: 0")
header2.Append("Authorization: "+header)

me.SetOptionHTTPHeader(header2)
me.OptionURL=url
me.OptionPost=true

dim e as integer=me.Perform

dim OK as Boolean=(e=0)

if OK then
  response=me.OutputData
  
  // expect: oauth_token=U3TQME0XB1PDDCZGHX5K99LXR6TUJB&oauth_token_secret=NMAXTO1LHM7VNDCFLYZLJ7H8CSSWN5&oauth_callback_confirmed=true
 // and do something with the response
end

or talk directly to a soap service (another getToken example):

irCurl=new cIRCurl
irCurl.OptionTimeOut=5

dim header() as String
header.Append("Authorization: Basic "+EncodeBase64(clientid+":"+clientSecret, 0))
header.Append("Content-Type: application/x-www-form-urlencoded;charset=UTF-8")
irCurl.SetOptionHTTPHeader(header)

dim params() as String
params.Append("redirect_uri="+EncodeURLComponent(kRedirectUri))
params.Append("grant_type="+EncodeURLComponent("authorization_code"))
params.Append("code="+EncodeURLComponent(oAuthCode))
irCurl.OptionPostFields=join(params, "&")

// sync send, wait for response or timeout
irCurl.OptionURL=kURLProdToken

e=irCurl.Perform
...

Hope that helps.

If you have a lot of requests, please use CURLSMultiMBS and run them async with Finished event.

seems to me all the examples are for Desktop Apps.
same use of CURLS plugin (Multi or not) even in Web Apps?
no problems with sessions etc?

For events, you may need WebSessionContext class to find the session.

You can usually just copy and paste from desktop to web.
But for web it may be better to use PerformMT for better threading.

[quote=411569:@Christian Schmitz]For events, you may need WebSessionContext class to find the session.

You can usually just copy and paste from desktop to web.
But for web it may be better to use PerformMT for better threading.[/quote]

in which cases do you think you can use CURLSMBS (sync) even in a web app?

can you post an example of using WebSessionContext with CURLSMultiMBS?

thank you! I’m studying your code[h][/h]

Even the sync version can yield time to other threads, so for short queries, it may be okay.

how can I call a Web Service, providing parameters (and receiving results) via json?

e.g. look at GetCustomer method in http://developer.xojo.com/eddies-electronics-web-service

Please check CURL examples.

e.g. like this one
https://www.monkeybreadsoftware.net/example-curl-webservices-tincheck.shtml

thank you all.
I’ve adapted tincheck example for Rest and it works well.

but, how can I provide to a Rest WS an authorization key in the request header?

see sample code in http://documentation.xojo.com/api/deprecated/xojo.net.httpsocket.html#xojo-net-httpsocket-requestheader

from the example above:

c.SetOptionHTTPHeader array("Content-Type: application/soap+xml; charset=utf-8")

Please pass array with all headers.

it works well if I set:
c.SetOptionHTTPHeader array(“Authorization: xxxxxx”)

and (in HandleSpecialURL of called webapp):
// only answer to request with right Authorization header
Dim Authorization As String = Request.GetRequestHeader(“Authorization”)
If Authorization.Trim <> “xxxxxx” Then
Request.Print “Unauthorized”
Return True
End If

if I add other params in c.SetOptionHTTPHeader, GetRequestHeader method return “Unauthorized”

how can I pass array with all headers?

What do you do exactly? c.SetOptionHTTPHeader can take an array with several values.

I think GetRequestHeader method doesn’t accept array as param, in the HandleSpecialURL event of the called Xojo webapp.

GetRequestHeader is no tin my plugin!?

Please check documentation on what you use.

the calling webapp use CURLSMBS plugin.
the called webapp use Xojo native methods, specifically GetRequestHeader in the HandleSpecialURL event.
I have read the Xojo documentation. it seems to me GetRequestHeader accepts only string as param.

And that is fine.

When you use CURL*MBS classes, you can set header with SetOptionHTTPHeader method and pass several items.

Than in HandleSpecialURL you can use GetRequestHeader with various headers.