[HTTPS Consumer] How to use HTTPS Consumer
Forge component by João Barata

Initial Considerations

In order to be able to consume a Rest Endpoint that requires a client-side certificate, we will need to use the Rest Extensibility API

This component exposes 3 methods that already implement the needed .Net code.


Instructions for PaaS Infrastructures


For PaaS installations (Outsystems Cloud) you will need to open a Support Case requesting our support team to add the needed certificate to your infrastructure. You will then be provided the Certificate path needed to call this component actions. 

Make sure you send the certificate in a .pfx or .p12 format and that you provide the certificate password so that it can be added to the infrastructure.


Instructions for On-Premise Infrastructures

For On-prem installations, you will need to add the certificate into the Front-Ends trusted certificate stores.

Start by going to the server an place the .pfx or .p12 certificate into a folder. This folder will need to be the same across all the front-ends. 

Then follow the instructions to install the certificate on the front-end. Install a trusted root CA or self-signed certificate

You may also need to configure the TLS versions used on Integrations. Enable SSL Protocols for your Integrations


Available Methods


ConsumeWS_GET


This action will perform a GET request to the specified endpoint including the ClientSide Certificate

The component has a demo link that should let you make a Get request to test the API endpoint using a Client-Side Certificate


ConsumeWS_POST

This action will perform a POST request to the specified endpoint including the ClientSide Certificate

The component has a demo link that should let you make a Post request to test the API endpoint using a Client-Side Certificate


AddClientCertificate (Recommended)

This action will let you add the client-side certificate to a REST call using the platform built-in Rest mechanisms.

Go to the Rest Endpoint and add the OnBeforeRequestAdvanced action.


Add the AddClientCertificate action to the OnBeforeRequestAdvanced and pass in the certificate path configured on the previous step, password and TLS Version (Defaults to TLS1.2)


You can now use this endpoint as you would normally use any other Rest in Outsystems


For On-Premise Infrastructures, it might also be needed to do the following steps after following the instructions to install the certificate on the front-end. Install a trusted root CA or self-signed certificate

Grant access to the certificates to IIS

  • Right-click on the certificates you just imported and access All Tasks -> Manage Private keys ...
  • Add users/groups NETWORK SERVICE and IIS_IUSRS (Windows 2008R2) or IIS_WPG (Windows 2003) with at least Read access. 
  • Click Apply and close the dialog.

Hi Joao,


I see the above scenario targets consumed REST APIs.

In the case of exposed REST services, how would this component work? 


I have a case where all the exposed APIs from OutSystems (Cloud installation) should be protected by a certificate. I am a bit confused regarding how the certificate should be issued considering that OutSystems will be the server in this case and other apps the clients (we also use ESB for some integrations).


PS: I can't see the OnBeforeRequestAdvanced/OnAfterResponseAdvanced callbacks in my Service modules, what could be the problem here?


Kind regards,

Lorena Sabou


Hi Joao,


Don't mind my PS question. Actually for my exposed API I can only see the OnRequest callback, but for consumed APIs indeed I can see the OnBeforeRequest and OnBeforeRequestAdvanced callbacks. However, in our case we are talking about exposed web services..

Hi Sabou,

Unfortunately, this component is only for consume external Rest endpoints that require client certificates.

As for validating client certificates on exposed REST endpoints, I suggest you take a look at this forum post:

https://www.outsystems.com/forums/discussion/64876/validate-client-certificates-in-exposed-webservice-in-os-cloud/


Regards,

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.