Re: Working with REST API to trigger reload tasks - Qlik Community

Anonymous · ‎2016-09-20

Hi Qlik Community, I'm hoping to shed some light on the best way of using the REST API to connect to the Qlik Engine.

Looking at the wonderful tool, QlikSenseTask, it appears that it should do exactly what I want it to do, and is a nice PC-friendly way of using the API.

Now it turns out that someone configured our proxies and virtual proxies a bit differently, and our proxy setup redirects users to a logon form rather than prioritizing AD authentication first. As a result, using QlikSenseTask (where the app assumes AD authentication first), returns an XML package containing the login page and nothing else, where the app at this point expects the current set of requests to be authenticated.

If I configure an alternative proxy/virtual proxy pair that uses pass through AD authentication (or indeed, any non-form authentication), that shouldn't affect anything else? Would anyone have the default settings for these that I could use?

Anonymous · ‎2016-09-26

OK so I couldn't get NTLM authentication working by adding another proxy/virtual proxy and logging in via those using Qlik Sense Task from Qlik Branch, but I got it working using Authentication from the Qlik Sense certificates using examples from the Qlik Help:

Example connecting to the API in C#:

https://help.qlik.com/en-US/sense-developer/3.1/Subsystems/ProxyServiceAPI/Content/ProxyServiceAPI/P...

Code showing how to start a job:

https://help.qlik.com/en-US/sense-developer/3.1/Subsystems/RepositoryServiceAPI/Content/RepositorySe...

Putting these two together (alongside figuring out what Qlik Sense Task does in Qlik Branch using POST requests), I was able to send a POST request to the API to trigger a reload task to start, using the exported Qlik certificates for Authentication instead of NTLM.

Prerequisites:

Exported the Qlik certificates and copy them locally as per https://help.qlik.com/en-US/sense/1.1/Subsystems/ManagementConsole/Content/QMC_Resources_Certificate...
I'm passing through and running as a user that has rootadmin permissions - unsure how low you could go in permissions but at least have the permission to run the task via QMC.

Code as follows:

public static void ConnectWithCertForTask(string strTaskName)
{
//User to fill in these
 string strCertificatePath = "<path to >\client.pfx";
 string strUserStringForQlik = "UserDirectory=<user domain>;UserId=<user id>";
 string strServerName = @"<URL of Qlik Server>";

// locate the client certificate and accept it as trusted
 X509Certificate2 SenseCert = new X509Certificate2(strCertificatePath);
 ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

//Create the HTTP Request and add required headers and content in xrfkey
 string xrfkey = "0123456789abcdef";

///qrs/task/start/synchronous?name={name}
 HttpWebRequest request = (HttpWebRequest)WebRequest.Create(strServerName + @":4242/qrs/task/start/synchronous?name=" + strTaskName + "&xrfkey=" + xrfkey);
 
 request.Method = "POST";
 //request.Accept = "application/json";
 request.Headers.Add("X-Qlik-xrfkey", xrfkey);
 request.Headers.Add("name", strTaskName);

//required for POST
 request.ContentType = "application/json";
 request.ContentLength = 0;
 request.Expect = "application/json";

 // Add the certificate to the request and provide the user to execute as
 request.ClientCertificates.Add(SenseCert);
 request.Headers.Add("X-Qlik-User", strUserStringForQlik);

//Send the request
 request.GetRequestStream();
 HttpWebResponse response = request.GetResponse() as HttpWebResponse;
}

(note that if you are running this under ASP.NET, the line of code to load the certificate should be:

X509Certificate2 SenseCert = new X509Certificate2(strCertificatePath, "", X509KeyStorageFlags.MachineKeySet);

)

So calling the code with the name of the task should result in the task being executed, my task did not contain any spaces so you may have to use HTML formatting for those tasks in the URL you send to the API.