Skip to main content
Announcements
Global Transformation Awards! Applications are now open. Submit Entry

Qlik Sense: Generate a ticket with Qlik proxy API (Powershell)

No ratings
cancel
Showing results for 
Search instead for 
Did you mean: 
Damien_V
Support
Support

Qlik Sense: Generate a ticket with Qlik proxy API (Powershell)

Last Update:

Feb 23, 2021 4:12:54 AM

Updated By:

Sonja_Bauernfeind

Created date:

Dec 24, 2017 11:02:27 AM

This article explains how to request a ticket from Qlik proxy API in Powershell.

Requirements:
The following certificates need to be installed on the machine sending the API call: QlikClient.pfx (in the personal store for your user) and Root.crt (In the Trusted Root Certificates store)
This can be exported from the QMC. Please refer to Export client certificate and root certificate to make API calls with Postman.

Resolution:


Save the following code in a file with the .ps1 extension and run it in powershell:

$body = '{
  "UserDirectory": "DOMAIN",
  "UserId": "user1",
  "Attributes": [
    {
      "group": "value1a"
    },
    {
      "secondAtt": "value2b"
    }]
   }'
   $hdrs = @{}
   $hdrs.Add("X-Qlik-xrfkey","iX83QmNlvu87yyAB")
   $url = "https://qlikserver1.domain.local:4243/qps/vp_prefix/ticket?xrfkey=iX83QmNlvu87yyAB"
   $cert = Get-ChildItem -Path "Cert:\CurrentUser\My" | Where {$_.Subject -like '*QlikClient*'}
   Invoke-RestMethod -Uri $url -Method Post -Body $body -ContentType 'application/json' -Headers $hdrs -Certificate $cert


In the above script, you need to replace the following:
- Your server name in the following place providing prefix [vp_prefix] of virtual proxy you plan to use the released ticket : $url = ' https://qlikserver1.domain.local:4243/qps/vp_prefix
- Your user name for a Root Admin allowed to call the API in the following places: ("X-Qlik-User","UserDirectory=DOMAIN;UserId=Administrator")
- Your user name for the user you want a ticket for: $body = '{ "UserDirectory": "DOMAIN", "UserId": "user1",...

You can also use the thumbprint directly, using the CertificateThumbprint flag:

Invoke-RestMethod -Uri $url -Method Post -Body $body -ContentType 'application/json' -Headers $hdrs -CertificateThumbprint "838A1C18C19FF0D921847CC21071A0F220617466"


You should get the following response:

UserDirectory : DOMAIN
UserId        : user1
Attributes    : {@{group=value1a},@{secondAtt=value2b}}
Ticket        : sZrcq4SbM_eRvKbN
TargetUri     :


?If you experience an error, you can elaborate more on that error by printing the value in the $Error variable. 
For example, consider the case where the below request is made with a PS hash (dictionary) object instead of a JSON string for the body:

$body = @{
    UserDirectory = "DOMAIN"
    UserId = "user1"
    Attributes = @(
        @{
          group = "value1a"
        }
    )
}

Invoke-RestMethod -Uri "https://qlikserver1.domain.local:4243/qps/vp_prefix/ticket?xrfkey=12345678qwertyui" -Method Post -Body $body -ContentType 'application/json' -Headers $hdrs -CertificateThumbprint $cert
Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
At line:1 char:1
+ Invoke-RestMethod -Uri "https://qlikserver1.domain.local:4243/qps/vp_prfix/ticket?xrfkey= ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], Web
   eption
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand


You can elaborate on the error like below:

PS C:\> $Error[0].Exception.Response

IsMutuallyAuthenticated : False
Cookies                 : {}
Headers                 : {Transfer-Encoding, Cache-Control, Content-Type, Date...}
SupportsHeaders         : True
ContentLength           : -1
ContentEncoding         :
ContentType             : text/html; charset=utf-8
CharacterSet            : utf-8
Server                  : Microsoft-HTTPAPI/2.0
LastModified            : 2018-01-04 10:17:31
StatusCode              : BadRequest
StatusDescription       : Bad Request
ProtocolVersion         : 1.1
ResponseUri             : https://qlikserver1.domain.local:4243/qps/vp_prefix/ticket?xrfkey=12345678qwertyui
Method                  : POST
IsFromCache             : False

And in this particular example, we know the request is not properly formed because the body was not properly converted to a JSON string. We remedy this by converting the PS object to a JSON string:

PS Cert:\LocalMachine> Invoke-RestMethod -Uri "https://qlikserver1.domain.local:4243/qps/vp_prefix/ticket?xrfkey=12345678qwertyui" -Method Post -Body $(ConvertTo-Json($body)) -ContentType 'application/json' -Headers $hdrs -CertificateThumbprint $cert


Connect with the generated ticket to the hub e.g:

https://qlikserver1.domain.local/vp_prefix/hub?QlikTicket=LltGyReYDgmuTCWX




 

Labels (1)
Comments
LMG_FACTORY
Contributor
Contributor

hello 

this is not clear 

may you put an exemple.

thank you

Damien_V
Support
Support

Hello @LMG_FACTORY ,

If you are unsure how to use the code sample in this article, please watch the video in 

 
This is the same principle.
LMG_FACTORY
Contributor
Contributor

hello 

thanks for your reply 

this part is not clear : " Your user name for a Root Admin allowed to call the API in the following places: ("X-Qlik-User","UserDirectory=DOMAIN;UserId=Administrator") "

thanks for your help

LMG_FACTORY
Contributor
Contributor

hello 

this Part is not clear : 

Your user name for a Root Admin allowed to call the API in the following places: ("X-Qlik-User","UserDirectory=DOMAIN;UserId=Administrator")

thanks for your help 

 

Damien_V
Support
Support

Hello,

This is the user id and user directory of a user that has the "RootAdmin" Role, you can check it in the QMC > Users.

However, this header is not needed for Qlik Proxy API ticket endpoint in this article.

VictorGonzalezFaria

Just tried with Qlik Sense August 2022, works like a charm! In my case I didn't include any attributes.

Thanks!

Contributors
Version history
Last update:
‎2021-02-23 04:12 AM
Updated by: