NPrinting: How to configure and call APIs with JWT authentication

Damien_V — Thu, 21 Mar 2024 09:37:11 GMT

This explains how to set up JWT authentication to call the NPrinting API.

This customization is provided as is. Qlik Support cannot provide continued support of the solution. For assistance, reach out to our Professional Services or engage in our active Integrations forum.

If you do not have a certificate, for testing purposes, it is possible to use certificates generated by default by NPrinting in C:\ProgramData\NPrinting\certificates:

cert.pem
key.pem

For production environments, for security purposes, we recommend that you use a certificate you have purchased or generated yourself.

Setting up JWT authentication in the NPrinting Console

Go to Admin > Settings > Authentication
Select "Enabled" for JWT authentication
Open cert.pem in a text editor, copy the content and paste it in JWT certificate
Choose "Authenticate user by email" and input a value for the attributes name, such as "mailaddress" (Authenticate user by Domain\Name can also be used if the user has a domain account filled in in his user information)
Click on "Update authentication settings" in order to save.

Generate a JWT token

It is possible to use the debugger on https://jwt.io in order to generate a JWT token.

Select algorithm: RS256
In Payload, input the following:
```
{
  "mailaddress":"youremailaddress@email.com"
}
```
The email address should be the email address of an NPrinting user.
In "Verify signature", paste the content of cert.pem in the first field and the content of key.pem in the second field.
The JWT token is now ready to use and appear on the left.

Use the JWT token to call the NPrinting API:

Below is a PowerShell script that is calling the API using JWT authentication. The JWT token needs to be passed in the "Authorization" header and be preceded by the "Bearer" keyword, the same method can also be used in the Qlik Rest Connector or Postman.

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

$hdrs = @{}
$hdrs.Add("Authorization","Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...3TOMbQPF2gCb5xnzB9mKumqldotYBH_2OjKZakYHQzNTRzMNRoH5eG6UovkPBA")
$url = "https://nprinting01.domain.local:4993/api/v1/connections"
Invoke-RestMethod -Uri $url -Method Get -ContentType 'application/json' -Headers $hdrs | ConvertTo-Json -Depth 10

For information about running script in PowerShell see Qlik Sense QRS API using Xrfkey header in PowerShell

This custom solution is limited to NPrinting API's only and does not apply to Qlik Sense and NPrinting On Demand reporting (NPrinting On Demand with Qlik Sense support NTLM only. JWT is not supported for use with supported Qlik Sense NPrinting On Demand report objects)

Re: NPrinting: How to configure and call APIs with JWT authentication

petrus — Wed, 13 Mar 2024 16:36:27 GMT

Hi @Damien_V

any possibility to use AD groups instead of AD users?

Thank you!

article NPrinting: How to configure and call APIs with JWT authentication in Official Support Articles

NPrinting: How to configure and call APIs with JWT authentication

Setting up JWT authentication in the NPrinting Console

Generate a JWT token

Use the JWT token to call the NPrinting API:

Re: NPrinting: How to configure and call APIs with JWT authentication