Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Restful API call using IOS with authentication

I am working on an application that uses restful API call using prestashop API. I am new at IOS I coded the same method in android as:

    InputStream is = null;
try {

 DefaultHttpClient client = new DefaultHttpClient();  

    /* adding credentials as it is RESTful call */
    String username = "xyz";
    String password = "";
    client.getCredentialsProvider().setCredentials(new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT),new UsernamePasswordCredentials(username, password));  
// HTTP get request       
HttpGet get = new HttpGet("http://www.example.com/api/");
HttpResponse responseGet;
responseGet = client.execute(get);
is = responseGet.getEntity().getContent();
} catch (ClientProtocolException e) {
    Log.e("HTTP Request","Client Protocol exception" );
} catch (IOException e) {
    Log.e("HTTP Request","IO exception" );
}

It is working perfectly for Android. For IOS I used this coding but I am not getting data from the server.

NSString *userName = @"XYZ";
NSString *password = @"";
//setting the string of the url taking from appliance IP.

NSString *urlString = @"http://www.example.com/api/";

NSMutableURLRequest *request= [[NSMutableURLRequest alloc] init];

[request setURL:[NSURL URLWithString:urlString]];

[request setHTTPMethod:@"GET"];

NSString *str1 = [NSString stringWithFormat:@"%@:%@",userName,password];

NSLog(@" str1 %@", str1);

[request addValue:[NSString stringWithFormat:@"Basic %@",str1] forHTTPHeaderField:@"Authorization"];

NSData *returnData = [NSURLConnection sendSynchronousRequest:request returningResponse:nil error:nil];

NSString *str = [[NSString alloc] initWithData:returnData encoding:NSUTF8StringEncoding];
NSLog(@"str: %@", str);

please tell me what I am doing wrong and provide any solution.

Thanks!

like image 929
Shoaib Avatar asked Oct 03 '12 08:10

Shoaib


People also ask

How do I authenticate REST API calls?

Users of the REST API can authenticate by providing a user ID and password to the REST API login resource with the HTTP POST method. An LTPA token is generated that enables the user to authenticate future requests.

What type of authentication should I use for REST API?

One of the most common authentication methods used by REST APIs is username and password authentication. There are several different types that use a username and password but the most common one is HTTP Basic authentication.

What is technique in IOS to secure your API call in Swift?

The main key of SSL pinning that server certificate will be saved in app bundle. Then, when client receives certificate from server, it then compares 2 certificates to make sure that they are the same before establishing the connection. You can read more here and here about how to achieve SSL Pinning in your swift app.


2 Answers

You can build the URL string this way and it should work :-

NSString *str1 = [NSString stringWithFormat:@"http://%@:%@@www.example.com/api",userName,password];

No need to use the HTTP header fields I believe

like image 152
ilight Avatar answered Oct 10 '22 23:10

ilight


Username and password need to be encoded using Base64 encoding when using Basic HTTP authentication.

From Wikipedia's Article on that subject:

Client side

When the user agent wants to send the server authentication credentials it may use the Authorization header.

The Authorization header is constructed as follows:[6] Username and password are combined into a string "username:password"

The resulting string literal is then encoded using Base64

The authorization method and a space i.e. "Basic " is then put before the encoded string. For example, if the user agent uses 'Aladin' as the username and 'sesam open' as the password then the header is formed as follows:

Authorization: Basic QWxhZGluOnNlc2FtIG9wZW4=

See this corrected code:

[...]
NSString *str1 = [NSString stringWithFormat:@"%@:%@",userName,password];
NSString *encodedString = [self stringByBase64EncodingWithString:str1];
[request addValue:[NSString stringWithFormat:@"Basic %@",encodedString] forHTTPHeaderField:@"Authorization"];
[...]


- (NSString *)stringByBase64EncodingWithString:(NSString *)inString
{
    NSData *data = [NSData dataWithBytes:[inString UTF8String] 
                                  length:[inString lengthOfBytesUsingEncoding:NSUTF8StringEncoding]];
    NSUInteger length = [data length];
    NSMutableData *mutableData = [NSMutableData dataWithLength:((length + 2) / 3) * 4];

    uint8_t *input = (uint8_t *)[data bytes];
    uint8_t *output = (uint8_t *)[mutableData mutableBytes];

    for (NSUInteger i = 0; i < length; i += 3) 
    {
        NSUInteger value = 0;
        for (NSUInteger j = i; j < (i + 3); j++) 
        {
            value <<= 8;
            if (j < length) 
            {
                value |= (0xFF & input[j]); 
            }
        }

        static uint8_t const base64EncodingTable[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

        NSUInteger idx = (i / 3) * 4;
        output[idx + 0] = base64EncodingTable[(value >> 18) & 0x3F];
        output[idx + 1] = base64EncodingTable[(value >> 12) & 0x3F];
        output[idx + 2] = (i + 1) < length ? base64EncodingTable[(value >> 6)  & 0x3F] : '=';
        output[idx + 3] = (i + 2) < length ? base64EncodingTable[(value >> 0)  & 0x3F] : '=';
    }
    return [[NSString alloc] initWithData:mutableData encoding:NSASCIIStringEncoding];
}
like image 4
Till Avatar answered Oct 11 '22 00:10

Till