Calling REST APIs by using HTTP client

IBM Sterling® Order Management System supports basic and standard authentication for calling the REST APIs. By default, the REST authentication is set to standard authentication. To define the authentication style that you want to use, complete the following steps:

Configure authentication style properties.
Restart application servers.
Start REST API by configuring the HTTP authentication style.

Configure authentication style properties

By default, the servlet.authstyle is set to STANDARD. IBM recommends standard authentication in a higher environment. You can use the authentication style as BASIC or STANDARD based on your business needs.

Configure the xapirest.properties for your current environment type. Set the servlet.authstyle property to BASIC or STANDARD. Based on your environment type, you can set the properties in the customer_overrides.properties file in the development toolkit or by using the System Management Administrator in the Sterling™ Order Management System cloud instance.

For more information about xapirest.properties, see xapirest.properties.

If you want to use the HTTP REST XAPI Tester for development and testing, see Setting up HTTP REST XAPI Tester.

Restart application servers

You must restart all application servers when you change the authentication style.

For more information, see Managing server processes on the next-generation platform.

Call REST API by configuring the HTTP authentication style

STANDARD authentication

To set the STANDARD authentication style, perform the following steps:

Call the login API through REST by using the following URL:
```
http://<ip-address>:<port>//smcfs/restapi/invoke/login
```
Method - POST

Media Type - application/json

Provide the payload to the login:

{                                                                      
"LoginID" : "yourUserLogin",                                                  
"Password" : "UserPassword"                                                
}

API returns the following results:

"UserGroupID": "ItemAdministratorGroup",                              
"UserToken":                                                            
"mXffVPKgo9HUoftxg0HsyX3uQQP6o4LmAG3HHnfiVTrtQvx3dyYUX8n6793wggmU15",
"UserName": "Administrator",

Use the UserToken that is generated during the login call in subsequent calls. The user includes _loginid and _token as query parameters to the REST API URL.
For example, to start the server (GET) API, use the following URL:
```
http://localhost:<port>/smcfs/restapi/server?_loginid=admin&_token=mXffVPKgo9HUoftxg0HsyX3uQQP6o4LmAG3HHnfiVTrtQvx3dyYUX8n6793wggmU15
```

Note: You must use the HTTP client such as Postman for STANDARD authentication. The HTTP REST XAPI tester supports only the BASIC authentication.

BASIC authentication

HTTP REST XAPI tester supports only the BASIC authentication. However, if you want to use your own HTTP client, perform the following steps: To set up the BASIC authentication style, you must provide a header and must perform the following base64 encoding:

Get a base64 encoded token that consists of the user login name and the user secret. Concatenate these values by using a colon. For example, if the username is testuser and password is testsecret, then by using a base64 encoder, you can perform the following command:
```
echo -n "testuser:testsecret"|openssl base64
```
Results:
```
dGVzdHVzZXI6dGVzdHNlY3JldA==
```
Use this token as your basic token for authentication during a REST API call.

Call the REST API by using the basic base64 token.

Include the following value in the HTTP request header:

Authorization: BASIC

For example,

curl --location --request GET 'http://localhost:/smcfs/restapi/server'

--header 'Authorization: Basic dGVzdHVzZXI6dGVzdHNlY3JldA=='

--header 'Content-Type: application/json'

For more information about calling the REST API service, see Invoking REST services.

For more information, see API security.