Solved: Natural Language API and Section Access (SaaS) - Qlik Community

BogdanF · ‎2024-06-25

Hi, all. I want to use this API: https://qlik.dev/apis/rest/questions/.

But my apps have the "section access" and different users should get different answers.

How to do it?

alex_colombo · ‎2024-07-24

Did you initialize JWT auth flow using /login/jwt-session end point?

When you have generated your JWT token you have to:

Initialize login flow posting a request to /login/jwt-session
Get a Qlik CSRF token attaching JWT token to request headers. Note that Qlik CSRF token will be added to response headers.
Call /question end point attaching Qlik CSRF token and JWT token to headers.

Everything is explained here.

View solution in original post

alex_colombo · ‎2024-06-28

Hi @BogdanF , you have to authenticate using the correct user for leveraging section access rules for that particolar user. If you use a specific user, then section access will be applied and you will have answers with data filtered by section access.

BogdanF · ‎2024-07-08

Hello Alex. Thank you for your response.
According to the documentation, I use Api-key for authenticate "Authorization: Bearer <API-key>".
How can I authenticate a user? Can I use JWT? Do you have an example?

alex_colombo · ‎2024-07-08

If you will use API-Key, you cannot authenticate with your users and section access will not be applied.

You have to authenticate using OAuth with impersonation, or JWT. Here some info.

BogdanF · ‎2024-07-09

I know JWT. I use it to authenticate users in the Qlik Cloud.
But are you sure I can use it in "Natural Language API" (https://qlik.dev/apis/rest/questions/)?
"Authorization: Bearer <JWT-Token>"?
Here I found it:
"
The Natural Language API does not check section access controls in the app's load script. If an audit administrator has the Developer role and can open apps (as provided through the space permissions), they can view the app usage metrics.
"?

alex_colombo · ‎2024-07-09

Yes, you should be able to use it. Try to generate a JWT token and then attach it to the header of your REST API call. You should be able to authenticate.

BogdanF · ‎2024-07-09

It looks like it's not working.
I'm testing using curl.
When I used this: curl https://MyTenant.eu.qlikcloud.com/api/v1/questions/actions/ask -X POST -H "Authorization: Bearer <API-KEY>"....
I received the correct JSON response.

But when I used this: curl https://MyTenant.eu.qlikcloud.com/api/v1/questions/actions/ask -X POST -H "Authorization: Bearer <JWT-Token>"....
I received:
"
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx</center>
</body>
</html>
"
The JWT token is probably correct because it works outside the API.
What else can I check? Is there an example of using JWT with the Qlik API somewhere?

BogdanF · ‎2024-07-19

Hello Alex. Do you have any advice?

TcnCunha_M · ‎2024-07-19

Have you try this?

ChatGPT in Qlik Sense

As you think, so shall you become.

BogdanF · ‎2024-07-19

This is not an Qlik Natural Language API.
I want to use Natural Language API.