Qlik Community

Knowledge

Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team

Announcements
WE ARE LISTENING! New Navigation for Qlik Community, Sept. 26: TELL ME MORE

QRS API using Xrfkey header in Postman Chrome Extension

cancel
Showing results for 
Search instead for 
Did you mean: 
Sonja_Bauernfeind
Digital Support
Digital Support

QRS API using Xrfkey header in Postman Chrome Extension




Qlik Sense Repository Service API (QRS API) contains all data and configuration information for a Qlik Sense site. The data is normally added and updated using the Qlik Management Console (QMC) or a Qlik Sense client, but it is also possible to communicate directly with the QRS using its API. This enables the automation of a range of tasks, for example:

  • Start tasks from an external scheduling tool
  • Change license configurations
  • Extract data about the system

Using Xrfkey header

A common vulnerability in web clients is cross-site request forgery, which lets an attacker impersonate a user when accessing a system. Thus we use the Xrfkey to prevent that, without Xrfkey being set in the URL the server will send back a message saying: XSRF prevention check failed. Possible XSRF discovered. Some users like to use Postman for API calls and testing purposes, for more details on this see https://www.getpostman.com/docs/

 

Resolution:



This procedure has been tested with Qlik Sense 2.x and Qlik Sense 3.x.

Method 1: Authenticating through Qlik Proxy Service

  1. In Postman click on the interceptor icon and let the extension install itself if needed. This is needed to pass authentication credentials from Chrome to Postman.
  2. Open the hub or the QMC in Chrome and authenticate to Qlik Sense.
  3. Go to Postman and in the URL section type https://<machine hostname>/qrs/About?Xrfkey=12345678qwertyui
  4. In this example we are sending a GET request with a header of Xrfkey=12345678qwertyui and we are addressing the endpoint of /about. For more details on all end points, please refer to https://help.qlik.com/en-US/sense-developer/3.0/Subsystems/RepositoryServiceAPI/Content/RepositorySe...

In summary a typical QRS API call using Xrfkey header, querying QMC at the end point of “/about” will look like this in Postman browser (given that the host machine name is qlikserver1):

https://qlikserver1/qrs/about?xrfkey=12345678qwertyui 

A possible response may look like this:

{"buildVersion":"2.2.4.0","buildDate":"9/20/2013 10:09:00 AM","databaseProvider":"Devart.Data.PostgreSql","nodeType":1,"schemaPath":"About"}


User-added image
 

Method 2:  Use certificate and send direct request to Repository API
  1. Open Qlik Management Console and export the certificate. Please refer to Export client certificate and root certificate to make API calls for procedure.
  2. Make sure that port 4242 is open between the machine making the API call and the Qlik Sense server.
  3. Import the certificate on the machine you will use to make API calls. This must be imported in the personal certificate store of your user in MMC.
  4. Go to Postman and in the URL section type https://<machine FQDN>:4242/qrs/About?Xrfkey=iX83QmNlvu87yyAB
  5. In Postman, specify the following headers: X-Qlik-Xrfkey, X-Qlik-User  as on the screenshot below:

User-added image

Execute the command.

A possible response may look like this:
{"buildVersion":"2.2.4.0","buildDate":"9/20/2013 10:09:00 AM","databaseProvider":"Devart.Data.PostgreSql","nodeType":1,"schemaPath":"About"}

 
Labels (1)
Comments
eduardo_dimperio
Specialist II
Specialist II

Very Nice video, but if I corretly understand, this is to retrieve information about an app. Can I retrive a result of  an app?. Like send a Id from postman and receive a table from my app?

Sonja_Bauernfeind
Digital Support
Digital Support

Hello @eduardo_dimperio !

I would recommend taking this question to the larger community over here: Qlik Sense Integration, Extensions, & APIs - but I've checked if one of our integration experts can give your question a look as well (I did see you also commented on Damien's post).

eduardo_dimperio
Specialist II
Specialist II

Hi, @Sonja_Bauernfeind  I already post on community without an answer, so I tried the Qlik Help, similar posts, videos on youtube  with no results, I start to  believe that's not possible, but very thanks for your time.

generalfinance
Contributor III
Contributor III

Hi, 

I am having this problem:

403 No client certificate supplied
 
what can it depend on?
 
Thanks
 
Sonja_Bauernfeind
Digital Support
Digital Support

Hello @generalfinance 

We recommend to follow the steps in this article: How to configure Postman (desktop app) to connect to Qlik Sense and make sure you are using the desktop version.

The extension used in this article has been deprecated and I will be archiving this article shortly.

All the best,
Sonja 

Version history
Last update:
‎2021-02-23 04:36 AM
Updated by:
Contributors