Widget REST API Requests

lmahoney · February 26, 2024, 7:39pm

Hello,

I’m hoping to create a widget that will display data about referenced records from a reference field.

I see a couple of examples of widgets here Swimlane Platform Custom Widgets that appear to lookup reference records and display data about them. For example, the Reference Records Table.

Looking at the code for that widget it looks like there are two ways that the widget is authenticating a request to the Swimlane API to retrieve the record data:

  getReferencedApp() {
    const appId = this.contextData.application.fields.find(f => f.key === referenceFieldKey).targetId;
    return fetch(`${location.origin}/api/app/${appId}`, {
      method: 'GET',
      headers: {
        **Authorization: `Bearer ${this.contextData.token}`,**
        'Content-Type': 'application/json'
      }
    }).then(res => {
      return res.json();
    });
  }

and

  getReferences(fieldIds) {
    if (this.referencedApp && !fieldIds.includes(this.referencedApp.trackingFieldId)) {
      fieldIds = [...fieldIds, this.referencedApp.trackingFieldId];
    }

    const body = {
      fieldIds: fieldIds,
      recordIds: this.record[referenceFieldKey]
    };
    **const token = localStorage.getItem('jwt_token');**
    return fetch(`${location.origin}/api/app/${this.contextData.application.id}/record/${this.record.id}/references`, {
      headers: {
        Authorization: `Bearer ${token}`,
        Accept: 'application/json, text/plain, */*',
        'Content-Type': 'application/json;charset=UTF-8'
      },
      method: 'POST',
      body: JSON.stringify(body)
    }).then(res => {
      return res.json();
    });
  }

I have tried both of these in my widget editor and neither are working. It appears that this.contextData.token has been replaced with "<<deprecated>>" and there isn’t a jwt entry in local storage. It does appear that the jwt is stored in the cookies, but when trying to reference document.cookie in the widget it is returning an empty string for me.

Does anyone know how to properly authenticate to the Swimlane REST API within a widget?

Thank you

lmahoney · February 26, 2024, 7:59pm

According to this stackoverflow cookies marked with ‘HTTPOnly’ cannot be read by JavaScript. I confirmed that the jwt cookie I’m seeing is marked as ‘HTTPOnly’. So the empty cookie string is expected.

I’ve also observed that the web request being made is sending the cookies with it, but I’m still getting a 401 unauthorized response.

lmahoney · February 26, 2024, 9:35pm

Noticed the observable widget included in the SOC solution extends the SwimlaneEnhancedElement class instead of just the SwimlaneElement class. The enhanced class appears to make a this.api object available. I downloaded the @swimlane/swimlane-widgets npm package (which contains the SwimlaneEnhancedElement class) and started going through the code but I wasn’t making much sense of it. However, utilizing the this.api object appears to be making successful API calls.

for example (from the observable widget):

  async apiReady() {
    let api = await this.api;
    let refField = await api.record.getField(THREAT_INTEL_REF_FIELD);
    let TIApp = await refField.targetApp();
    let TIRecords = await refField.cursor.toArray();
    ...
}

I’m hoping there’s some documentation on this package somewhere, or that someone knows how to make requests to the API itself from within the widget.

elishanettie · March 18, 2024, 7:32am

Hey I am new on the forum!
Thanks for sharing!

lmahoney · April 2, 2024, 10:55pm

For what it’s worth still struggling with this.

Appears the SwimlaneEnhancedElement method I posted above does not update properly when the record’s reference field value is updated.

lmahoney · April 3, 2024, 9:45pm

Turns out you don’t need to supply authentication to the Swimlane API when making a request within a widget. I believe the JWT stored in the cookies I pointed out earlier is supplied with the request.

For example the following code can be supplied as a class method to get an application definition.

  async getApplication(application_id) {
    const response = await 
    fetch(`${this.contextData.origin}/api/${this.contextData.tenantPath}app/${application_id}`);

    if (!response.ok) {
      throw Error(`status: ${response.status}\nurl: ${response.url}\nbody: ${await response.text()}`);
    }

Topic		Replies	Views
How to execute task with user input independent of a record Use cases	2	1478	August 26, 2021
Creating Swimlane Dashboard that has basic data analysis Knowledge base help	1	1033	September 16, 2022
Hi I'm new to this forum and have some questions :) Welcome & announcements	4	1326	November 26, 2018
Python integration - Insert a record Integrations	3	2367	November 5, 2020
Making data more useful with SOAR tools Tools	0	1105	December 7, 2018

Widget REST API Requests

Related topics