Acessing endpoints from personal cloud

Acessing endpoints from personal cloud

  

Good morning,

i've run into a bit of a snag, and maybe you guys can give me some more insight into it.

i currently have a personal environment in the outsystems cloud which i'm using to learn and run some tests. Now my company has an API which i should be able to call on, to return some information in JSON format. Since the API itself requires a kind of token generation for security reasons, i had to make some c# code and integrate it, creating an action which generates the token, makes the call to the server and in the output, there should be the JSON i want. Since the token itself takes the IP of the client into account, i access a third party website (http://icanhazip.com/) which returns the IP, with which then i create the token and perform the request. *Edit: the 3rd party access works perfectly, seems that the service is really the problem.

 Now i have put audits in my application to see what's going wrong because all i get, all the time, is connection timeout. i have considered that i made the integration wrong but if i assign a hardcoded JSON to the string that i'm actually returning, then i get the response so it's working as expected.

The problem seems to be either in the access of this third party, or in the access to the service itself. In any case, it seems, that maybe the cloud can't reach these endpoints for some reason. is there any constraint on the outsytems side, specifically on personal clouds, that would restrict access to websites or services?


i was also warned that the request IP, which the server then checks for security, could be under a subnet, which would make the IP that i generate on the client side and the one seen at server side different. if this is the case, how do you suggest i fix this? (removing the IP verification is not a possibility here).

Edit:30/05/2017 11:20 - since the API is in its early stages, it doesn't have a logger yet, so i cannot see the information that the server sees. the request IP is always perfectly obtained as the IP of my personal cloud. I am convinced, at this moment, that the server may be receiving the Mac Adress of the Outsystems network adapter (Cisco?) instead of the IP that i actually need it to see. Would greatly appreciate some more information. Will create a logger for the API in the meantime.


Thanks in Advance and Best Regards,

Bruno Gonçalves

Hello Bruno,

There aren't any restrictions for that kind of outgoing communications. 

Servers in the cloud have indeed an internal address and a public address but if you're using http://icanhazip.com/ you're definitely getting the public address right. The only problem you may get is if the server is, for any reason, trying to reverse lookup the IP address back to the DNS name of the caller. That will yield different results. 


Mac addresses don't travel that far. They're only visible on local networks. So if the service is seeing a mac address, it's definitely not an OutSystems network mac address. Anyway, mac addresses and IPs are completely different things so it would be very unusual for any application to mix up the two.


I'll try to replicate your configuration on my own personal environment and see how that goes. Meanwhile, you may try to learn if the service is trying to reverse lookup the IP address. I've seen some services do that in the past. That will not work.

Rui Covelo wrote:

Hello Bruno,

There aren't any restrictions for that kind of outgoing communications. 

Servers in the cloud have indeed an internal address and a public address but if you're using http://icanhazip.com/ you're definitely getting the public address right. The only problem you may get is if the server is, for any reason, trying to reverse lookup the IP address back to the DNS name of the caller. That will yield different results. 


Mac addresses don't travel that far. They're only visible on local networks. So if the service is seeing a mac address, it's definitely not an OutSystems network mac address. Anyway, mac addresses and IPs are completely different things so it would be very unusual for any application to mix up the two.


I'll try to replicate your configuration on my own personal environment and see how that goes. Meanwhile, you may try to learn if the service is trying to reverse lookup the IP address. I've seen some services do that in the past. That will not work.

Hi Rui, 

thanks for your reply!

i have since analyzed the service a little more and it is definitly receiving requests from my cloud, but it does not resolve the IP back to the DNS name. all it uses the IP for is for generating a token.

to give a little more insight, the server is supposed to receive a request with a token which is generated by the client using its IP. the server itself then sees the message and tries to generate a token too with the same parameters but with the IP of the requester. if the token ends up being different then it doesn't send any information, which is probably why i'm getting timeout. 

Also, i should have said before, i made a small console application which calls on the api for the data. it works perfectly. the code that i put on this small call, is the same that is run by outsystems when i ask it to run my action. the only difference, is where it is coming from. one is from my machine, and another from the outsystems cloud. 

i'm really at a loss as to what's happening here... 


public void MssGenerate(out string ssJson)
        {
            var a = OutSystems.NssGenerateToken.CssGenerateToken.LoadDataAsync();
            a.Wait();
            ssJson= a.Result;
        } 


this is the method that outsystems calls when trying to use the integrated action. these 3 lines, called in a console application from my computer work perfectly. to be clear LoadDataAsync() generates the token, sends it, and waits for the response.

i know that it's a very specific situation and very hard to help me with, especially with me being a little bound on the specifics that i can share... so if anyone has any opinion/info that could potentially help, i would greatly appreciate it! honestly at this point i don't know what to try or do anymore. i'm thinking maybe i'm missing some information that would allow me to understand this.


Best Regards,

Bruno Gonçalves