I currently have an ASP.NET app that uses tickets to authenticate users before redirecting them into an app. However, some of my users may not have a valid license or token assigned to their account. Rather than redirecting them to an error page, I'd rather check if the user 1) exists and 2) has a valid token / license. This article focuses on item 1, checking if the user exists.
In this example, Repository Service API Paths, we see a way to count the number of users of a certain name. What's left out of this article is how, exactly, to construct the web request with its appropriate headers. I personally use the free version of Postman to quickly test API requests before building anything in my application.
Here are the basics for setting up a request to count the number of users in your Qlik Sense deployment that have a certain name.
URL: https://[server name]/[auth prefix]/qrs/user/count?filter=Name%20eq%20%27[username]%27&Xrfkey=12ab34cd56ef78gh
1) X-Qlik-Xrfkey : 12ab34cd56ef78gh
2) [auth header name] : [domain]\[admin username]
The username in the URL does not need the domain. The username in the header should be a user that is allowed to access the QRS. The username in the URL parameter should be the user you want to check if exists. Assuming the admin user specified in the header has access to the QRS and the user you are check in the URL parameter exists, you will be returned, simply:
Here are a couple things I encountered while testing that bear explaining:
Here is pretty much the go-to document for setting up header authentication: Qlik Sense 1.1: Set Up Header Auth Virtual Proxy. The bracketed items in the example above will make a bit more sense after reading this if you are unfamiliar with the QRS.
The cross-site scripting parameter (Xrfkey) is necessary for all header requests. This is a 16 character alphanumeric string and should be randomly generated when performing header requests automatically from your application. The parameter filter=Name%20eq%20%27[username]%27 is interpreted as filter=Name eq '[username]' by the QRS as a three-element expression which states in plain English, filter the Name such that it is equal to exactly [username].
This document, QRS API URLs, explains that you can use either the machine name of the Qlik Sense server plus the port name, or you can specify the proxy machine name in which case you don't need the port. In my installation, I have a custom domain name and SSL for my server, so I just use that domain name as my [server name]. Also, I simply couldn't get the machine name:4242 to even work.
The admin username that you use in the header must be someone with permissions to use the QRS. Additionally, if you were to use the same username as in the URL parameter (the one you are trying to check) you will actually end up creating the user in Qlik Sense. So the first time you ran the request you would receive "value":0 and if you ran the exact same thing a second time, you would see "value":1 and if you checked your list of users (/qmc/users) you would see an entry for the username you were trying to check.
if you leave the path as .../qrs/user?... and everything else remains the same, if the user does not exist, you will receive a response of "". If the user does exist, you will receive details about the user.
Please leave feedback! Happy authenticating!
Perhaps if you are using certificate authentication this would work. My Postman rejects this request saying "Expected an authentication header."
Also, the path ...qrs/user/full... returns information for all users. The headers Accept-Charset, Accept, and Content-Type seem to be unnecessary in this context, too.