Qlik Sense: Generate a ticket with Qlik proxy API (Powershell)

Damien_V · Feb 23, 2021 4:12:54 AM

This article explains how to request a ticket from Qlik proxy API in Powershell.

Requirements:
The following certificates need to be installed on the machine sending the API call: QlikClient.pfx (in the personal store for your user) and Root.crt (In the Trusted Root Certificates store)
This can be exported from the QMC. Please refer to Export client certificate and root certificate to make API calls with Postman.

Resolution:

Save the following code in a file with the .ps1 extension and run it in powershell:

$body = '{
  "UserDirectory": "DOMAIN",
  "UserId": "user1",
  "Attributes": [
    {
      "group": "value1a"
    },
    {
      "secondAtt": "value2b"
    }]
   }'
   $hdrs = @{}
   $hdrs.Add("X-Qlik-xrfkey","iX83QmNlvu87yyAB")
   $url = "https://qlikserver1.domain.local:4243/qps/vp_prefix/ticket?xrfkey=iX83QmNlvu87yyAB"
   $cert = Get-ChildItem -Path "Cert:\CurrentUser\My" | Where {$_.Subject -like '*QlikClient*'}
   Invoke-RestMethod -Uri $url -Method Post -Body $body -ContentType 'application/json' -Headers $hdrs -Certificate $cert

In the above script, you need to replace the following:
- Your server name in the following place providing prefix [vp_prefix] of virtual proxy you plan to use the released ticket : $url = ' https://qlikserver1.domain.local:4243/qps/vp_prefix
- Your user name for a Root Admin allowed to call the API in the following places: ("X-Qlik-User","UserDirectory=DOMAIN;UserId=Administrator")
- Your user name for the user you want a ticket for: $body = '{ "UserDirectory": "DOMAIN", "UserId": "user1",...

You can also use the thumbprint directly, using the CertificateThumbprint flag:

Invoke-RestMethod -Uri $url -Method Post -Body $body -ContentType 'application/json' -Headers $hdrs -CertificateThumbprint "838A1C18C19FF0D921847CC21071A0F220617466"

You should get the following response:

UserDirectory : DOMAIN
UserId        : user1
Attributes    : {@{group=value1a},@{secondAtt=value2b}}
Ticket        : sZrcq4SbM_eRvKbN
TargetUri     :

?If you experience an error, you can elaborate more on that error by printing the value in the $Error variable.
For example, consider the case where the below request is made with a PS hash (dictionary) object instead of a JSON string for the body:

$body = @{
    UserDirectory = "DOMAIN"
    UserId = "user1"
    Attributes = @(
        @{
          group = "value1a"
        }
    )
}

Invoke-RestMethod -Uri "https://qlikserver1.domain.local:4243/qps/vp_prefix/ticket?xrfkey=12345678qwertyui" -Method Post -Body $body -ContentType 'application/json' -Headers $hdrs -CertificateThumbprint $cert
Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
At line:1 char:1
+ Invoke-RestMethod -Uri "https://qlikserver1.domain.local:4243/qps/vp_prfix/ticket?xrfkey= ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], Web
   eption
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

You can elaborate on the error like below:

PS C:\> $Error[0].Exception.Response

IsMutuallyAuthenticated : False
Cookies                 : {}
Headers                 : {Transfer-Encoding, Cache-Control, Content-Type, Date...}
SupportsHeaders         : True
ContentLength           : -1
ContentEncoding         :
ContentType             : text/html; charset=utf-8
CharacterSet            : utf-8
Server                  : Microsoft-HTTPAPI/2.0
LastModified            : 2018-01-04 10:17:31
StatusCode              : BadRequest
StatusDescription       : Bad Request
ProtocolVersion         : 1.1
ResponseUri             : https://qlikserver1.domain.local:4243/qps/vp_prefix/ticket?xrfkey=12345678qwertyui
Method                  : POST
IsFromCache             : False

And in this particular example, we know the request is not properly formed because the body was not properly converted to a JSON string. We remedy this by converting the PS object to a JSON string:

PS Cert:\LocalMachine> Invoke-RestMethod -Uri "https://qlikserver1.domain.local:4243/qps/vp_prefix/ticket?xrfkey=12345678qwertyui" -Method Post -Body $(ConvertTo-Json($body)) -ContentType 'application/json' -Headers $hdrs -CertificateThumbprint $cert

Connect with the generated ticket to the hub e.g:

https://qlikserver1.domain.local/vp_prefix/hub?QlikTicket=LltGyReYDgmuTCWX

LMG_FACTORY · ‎2020-08-13

hello

this is not clear

may you put an exemple.

thank you

Damien_V · ‎2020-08-13

Hello @LMG_FACTORY ,

If you are unsure how to use the code sample in this article, please watch the video in

https://support.qlik.com/articles/000067703

This is the same principle.

LMG_FACTORY · ‎2020-08-14

hello

thanks for your reply

this part is not clear : " Your user name for a Root Admin allowed to call the API in the following places: ("X-Qlik-User","UserDirectory=DOMAIN;UserId=Administrator") "

thanks for your help

LMG_FACTORY · ‎2020-08-14

hello

this Part is not clear :

Your user name for a Root Admin allowed to call the API in the following places: ("X-Qlik-User","UserDirectory=DOMAIN;UserId=Administrator")

thanks for your help

Damien_V · ‎2020-08-14

Hello,

This is the user id and user directory of a user that has the "RootAdmin" Role, you can check it in the QMC > Users.

However, this header is not needed for Qlik Proxy API ticket endpoint in this article.

VictorGonzalezFaria · ‎2022-11-17

Just tried with Qlik Sense August 2022, works like a charm! In my case I didn't include any attributes.

Thanks!

Qlik Sense: Generate a ticket with Qlik proxy API (Powershell)

Qlik Sense: Generate a ticket with Qlik proxy API (Powershell)

Integration and Embedding