Search code examples
authenticationheadermarklogichttp-get

how to pass bearer token authentication as part of http:get method in MarkLogic?

Trying to fetch the details through xdmp:http:get function using below code but while executing, getting following error:

Socket connect error: SSL_connect 127.0.0.1:65238-127.0.0.1:5001: certificate verify failed (0x14090086)

This is the code that I am executing:

let $url  := "https://localhost:5001/api/content/region/id"                 
    return 
        xdmp:http-get
            ($url,
                <options xmlns="xdmp:http">
                    <headers>
                        <access-token>Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6InB6MGxYdWFwaUpaQWc5RjJXcFJLM2ciLCJ0eXAiOiJhdCtqd3QifQ.eyJuYmYiOjE2NTE4MzEwNjQsImV4cCI6MTY1NDQyMzA2NCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMS9pZGVudGl0eS1zZXJ2ZXIiLCJjbGllbnRfaWQiOiJpZGRuLW5ld3M6ZGVmYXVsdCIsImp0aSI6IjM5MkM2NkU0NDUzQzgwOEJBMUQxMTA3ODVBN0JDRDE2IiwiaWF0IjoxNjUxODMxMDY0LCJzY29wZSI6WyJzcXVpZGV4LWFwaSJdfQ.V-Ju-CLbYNt-nwFsqeFkrh7jOStGUiX7LdSLtqKu70MuRPXzn_ceVi7neRdbOkd81a_y9gThJmwUd1X8xysEAtilhJ1kPHk_V--AivZl21Ws9QM2_NO3CcZg1oilUqm2CcKgLU2LNLdjSEPHYgeY6lvVwpne-_kx3uy7UexTJP_GUzH4QxYxX9f_ps7zYkx4I7Mg7UTJtQ-b_OSmAfyAaQN9NW89sP5XHaLUpRW9hTjMUWhsno5iMgphQQd0uw7rEZy7LYxRJvlC_JdDr_i92PUDViDLSDO7wIPSEFD22XRYu2B-Wz_Rpu-ItSuDm0j1jC2_4osya3ddN87qlg</access-token>
                        <content-type>application/json</content-type>
                    </headers>
                </options>           
        )

However, using postman I am able to fetch the details using same bearer token.

So what http-options should I use to make this work?

Solution

  • Socket connect error: SSL_connect 127.0.0.1:65238-127.0.0.1:5001: certificate verify failed (0x14090086)

    That exception is telling you that it doesn't trust the SSL/TLS cert presented by the server you are connecting to.

    You need to ensure that you have the necessary certs loaded into the MarkLogic Certificate Authorities, so that MarkLogic can validate the cert and ensure that the hostname you are connecting to matches what is presented in the cert.

    Another option, for testing, would be to bypass any certificate validation and apply the <verify-cert>false</verify-cert> option:

    let $url  := "https://localhost:5001/api/content/region/id"                 
    return 
        xdmp:http-get
            ($url,
                <options xmlns="xdmp:http">
                    <headers>
                        <access-token>Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6InB6MGxYdWFwaUpaQWc5RjJXcFJLM2ciLCJ0eXAiOiJhdCtqd3QifQ.eyJuYmYiOjE2NTE4MzEwNjQsImV4cCI6MTY1NDQyMzA2NCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMS9pZGVudGl0eS1zZXJ2ZXIiLCJjbGllbnRfaWQiOiJpZGRuLW5ld3M6ZGVmYXVsdCIsImp0aSI6IjM5MkM2NkU0NDUzQzgwOEJBMUQxMTA3ODVBN0JDRDE2IiwiaWF0IjoxNjUxODMxMDY0LCJzY29wZSI6WyJzcXVpZGV4LWFwaSJdfQ.V-Ju-CLbYNt-nwFsqeFkrh7jOStGUiX7LdSLtqKu70MuRPXzn_ceVi7neRdbOkd81a_y9gThJmwUd1X8xysEAtilhJ1kPHk_V--AivZl21Ws9QM2_NO3CcZg1oilUqm2CcKgLU2LNLdjSEPHYgeY6lvVwpne-_kx3uy7UexTJP_GUzH4QxYxX9f_ps7zYkx4I7Mg7UTJtQ-b_OSmAfyAaQN9NW89sP5XHaLUpRW9hTjMUWhsno5iMgphQQd0uw7rEZy7LYxRJvlC_JdDr_i92PUDViDLSDO7wIPSEFD22XRYu2B-Wz_Rpu-ItSuDm0j1jC2_4osya3ddN87qlg</access-token>
                        <content-type>application/json</content-type>
                    </headers>
                    <verify-cert>false</verify-cert>
                </options>           
        )