Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error during Web API HTTP Request

COS
Level 3

‎05-12-23 09:52 AM

Hi all,

While trying to make a GET request to a (private) Web API via the Web API Services, we're getting a status code 500 along with a status code 403 from the backend. An error we don't get when making the request via Postman.

Internal : Unexpected error Error during Web API HTTP Request
HTTP Status Code: 500
HTTP Response Content: 
{
    "title":"Fout opgetreden bij de aanroep van de `(redacted)` WebAPI op de (redacted) backend",
    "status":"500",
    "instance":"98f38134-74c2-47a3-8cb7-b94d01beec98",
    "backendResponse":
    {
        "url":"(redacted)",
        "statusCode":403,
        "statusReason":"Forbidden",
        "headers":
        {
            "Server":"Server",
            "Date":"Tue, 05 Dec 2023 09:44:22 GMT",
            "Content-Type":"application/json",
            "Content-Length":"23",
            "Connection":"keep-alive",
            "x-amzn-RequestId":"ded21dfc-9f20-4163-8519-7c91747d7075",
            "x-amzn-ErrorType":"ForbiddenException",
            "x-amz-apigw-id":"(redacted)"
            },
            "body":"{\"message\":\"Forbidden\"}"
            }
        }


We also get a status 500 error, only less detailed, when using the HTTP Request action in the VBO Utility - HTTP:
"The remote server returned an error: (500) Internal Server Error."

The expected headers are X-Api-Key, Host, version and one other custom header for the query. 

We've double and triple checked every input, making sure everything is exactly the same as what we use in Postman. All authentication related flags (ex. Force Pre Authorization and Use Bearer Token) are set to false.

The only difference in response we get is when we add/remove the "Host" header in de HTTP Request action. If removed, we get the above server error. If added, we get the following error, making us believe the Host header might already be auto-generated by Blue Prism:
"Internal : Could not execute code stage because exception thrown by code stage: The 'Host' header must be modified using the appropriate property or method. Parameter name: name"

There's no difference in response concerning the Host header when using the Web API Services.

Our first guess, given that all inputs are indeed correct, is that Blue Prism is somehow modifying the request (either adding or characters), if that's the case, is my question: is there any way we can intercept outgoing requests from Blue Prism?

And our second guess/question is that Blue Prism's security protocols maybe are too outdated for the API? We're currently using version 6.6.

What else can we check?

0 Likes
1 REPLY 1

ewilson
Staff
Staff

‎02-02-24 04:34 PM

@COS,

My recommendation would be to deploy Fiddler on the dev machine you're testing from in order to capture the raw request from BP. Then compare it to the request from Postman.

Cheers,

Eric 

0 Likes