Authentication requests using HTTPS to an API in Java

Question

I am looking to use an API called HookTheory. I am making the HTTPS calls in Java, and since its my first time using HTTP or HTTPS clients I am running into a few road blocks.

Here are the document's details on User Authentication:

You authenticate to the Hooktheory API by providing an HTTP Bearer Token, according to the OAuth 2 protocol. Your HTTP Bearer Token is retrieved through the API with your www.hooktheory.com username and password. To retrieve your HTTP Bearer Token, make the following request:

POST users/auth

The body of the request must contain your www.hooktheory.com username and password:

{  
      "username": "Hooktheory",
      "password": "0123456789"
}

The response will contain three fields, as shown below:

{  
      "id": 1234,
      "username": "Hooktheory",
      "activkey": "aoa6jjacz34kcta3aomeqwuz89"
}

The "activkey" property contains your HTTP Bearer Token; include it as an authorization header in all future requests to the API.

Can someone explain in better detail how I would go about doing this in Java? My starter code is the following:

String url = "https://api.hooktheory.com/v1/users/auth";
    URL obj = new URL(url);
    HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();

    //add request header
    con.setRequestMethod("POST");
    con.setRequestProperty("username", username);
    con.setRequestProperty("password", password);

    String urlParameters = "sn=C02G8416DRJM&cn=&locale=&caller=&num=12345";

    // Send post request
    con.setDoOutput(true);
    DataOutputStream wr = new DataOutputStream(con.getOutputStream());
    wr.writeBytes(urlParameters);
    wr.flush();
    wr.close();

    int responseCode = con.getResponseCode();
    System.out.println("
Sending 'POST' request to URL : " + url);
    System.out.println("Post parameters : " + urlParameters);
    System.out.println("Response Code : " + responseCode);

    BufferedReader in = new BufferedReader(
            new InputStreamReader(con.getInputStream()));
    String inputLine;
    StringBuffer response = new StringBuffer();

    while ((inputLine = in.readLine()) != null) {
        response.append(inputLine);
    }
    in.close();

    //print result
    System.out.println(response.toString());

This code is basically a copy of the code here.

I get a 401 error (authentication) when I run the post code above. I'm guessing its because I haven't formatted the get/post requests correctly.

Can somebody point me in the right direction?

Will Hogan · Accepted Answer

You've set username and password as request properties, which are HTTP headers. Per the HookTheory docs, you need to send these on the request body.

Specifically, you need to send the JSON request on the body like this:

DataOutputStream wr = new DataOutputStream(con.getOutputStream());
String requestBody = String.format("{  \"username\": \"%s\", \"password\": \"%s\" }", username, password);
wr.writeBytes(requestBody);

Also, per their docs you should indicate that this is JSON by setting the Accept and Content-Type headers. This is done prior to sending the post request data through calls like this:

con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("Content-Type", "application/json");

So the entire block looks like:

String url = "https://api.hooktheory.com/v1/users/auth";
URL obj = new URL(url);
HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();

con.setRequestMethod("POST");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("Content-Type", "application/json");

// Send post request
con.setDoOutput(true);
DataOutputStream wr = new DataOutputStream(con.getOutputStream());
String requestBody = String.format("{  \"username\": \"%s\", \"password\": \"%s\" }", username, password);
wr.writeBytes(requestBody);
wr.flush();
wr.close();

Authentication requests using HTTPS to an API in Java

Answers (2)

Related Questions