Hello Petrika,

It's possible if you create a webservice record where the POST method complete address will be {siteURL}/0/rest/FinAppSpecService/InheritSpecificationsForFinApp and in the request parameters specify the following header parameters:

BPMCSRF

ForceUseSession (default value set to true)

Connection (default value set to true)

and the following cookies parameters:

BPMSESSIONID

UserName

BPMLOADER

BPMCSRF

.ASPXAUTH

in the webservice settings (since the FinAppSpecService service is not anonymous). The most difficult part here is setting cookies parameters. I could only recommend the following scenario here:

1) Create a separate authentication service webservice request (to {siteURL}/ServiceModel/AuthService.svc/Login)

2) Specify UserName and UserPassword request body parameters:

3) Add the Set-Cookie response header parameter:

4) Validate the response by performing a test call. It should return the Set-Cookie header that will be then used in the process:

5) Create a separate business process and configure it to run once per hour or once per half a day (depending on the value of the "UserSessionTimeout" system setting). The set-Cookie response header should be parsed to extract values for the

BPMSESSIONID

UserName

BPMLOADER

BPMCSRF

.ASPXAUTH

headers. It can be done by means of the script-task. Extracted values should be set as values for the system settings created separately (one per each header).

6) In your process where you need to call the FinAppSpecService in the "Call webservice" element set the values for the cookie parameters as values from the system settings from step 5. And also specify the value for the BPMCSRF header parameter.

7) Add all other request body parameters and call the service.

This approach should work since we simulate the Postman call of the same service, but set cookie parameters and header parameters via the separate business process and system settings.

Best regards,

Oscar

Thank you very much for you response Oscar. It was very helpful.

Is there any article or example in the academy regarding point 5, parsing set-Cookie response header to extract values (inside a script task) ?

Petrika,

This is the task that should be covered by the C# code, using substring method for example. It's something as if you had a task to substring the "test" word from the "Hello test wordl!" string. Please find the way using the topics as the following:

https://stackoverflow.com/questions/9505400/extract-part-of-a-string-be…

Please also notice that the cookies values length is always constant and all of them start with the cookie name and the "=" character and end with the ";" symbol. This shouldn't be a difficult task.

Once string parts are extracted you can set them as parameter values (here is the Academy article that may be useful) and use these parameters in formulas to set parameter values to correspondent system settings.

Best regards,

Oscar

Oscar Dylan,

BPMSESSIONID is generated in the set-Cookie response header, because it seems that it's not found there ? I managed to extract everything else as required

Petrika,

Sorry, made a little mistake. BPMSESSIONID cookie is not returned as a response to the /AuthService.svc/Login call, but as a result of the first call to any other working endpoint like /0/odata/Account after authentication. Just try it in Postman and check the response headers in the next request that goes after AuthService request.

Best regards,

Oscar

Oscar ,

When i make a request from postman to another web-service the BPMSessionId is generated, I tested it.

Are you suggesting that i put the BPMSESSIONID as a reponse parameter to the InheritSpecificationsForFinApp, not as a request parameter ?

If i understand correctly.

Petrika,

If you're calling a configuration service, there's no need to actually use it as a service. It's simply a C# class that you can use directly.

For example, something like this: 

var svc = new Terrasoft.Configuration.FinAppSpecService();
svc.InheritSpecificationsForFinApp()

Depending on how the configuration service is implemented, you might need to also pass a UserConnection to it, which means you'd need to modify the service to allow this to be passed in.

You had mentioned: "I can not call it in a c# class because the the constructor of FinAppSpecService class does not accept UserConnection as e parameter. Which is the proper way to solve this problem?"

Why not just add two constructors to the class? One that is the default constructor and one that accepts a UserConnection? In the class you could add a method that either returns your private UserConnection variable (passed in by code consuming the class directly) or the one from the session (or BaseService) if being used as a service. I do it this way often and it is far more easy to consume the class directly than to call as a service when it's not needed to be used as a service (not to mention the extra overhead of using it as a service rather than consuming it directly)

Ryan

Ryan Farley,

FinAppSpecService() class constructor doesnt allow UserConnection as an argument. I can not modify the FinAppSpecService class because its part of the configuration. 

Ryan Farley,

Are you suggesting that i copy the 

FinAppSpecService  class to my package and make proper modifications to it ?

Petrika,

I was assuming this was your class, that you could modify, not a configuration one that was uneditable by you. 

I assume that FinAppSpecService inherits BaseService? If so, it has a UserConnection property that is protected (that does have a setter) as well as a protected constructor that accepts a UserConnection. Since they are protected you should be able to access them if your class is derived from it. 

it might work to just make a new class that inherits from the FinAppSpecService that allows a UserConnection to be passed? I've not tried that but it might work - just to throw out some ideas.

Something like this: 

public class UsrFinAppSpecServiceWrapper : FinAppSpecService
{
    public void SetUserConnection(UserConnection)
    {
        this.UserConnection = UserConnection;
    }
}

Then to use it:

var svc = new Terrasoft.Configuration.UsrFinAppSpecServiceWrapper();
svc.SetUserConnection(UserConnection);
svc.InheritSpecificationsForFinApp();

Again, I've not tested/tried that before, but I would assume something like this could work? If it does, still far easier route than calling it as a service IMO.

Ryan

Ryan Farley,

Ryan the response i get from the back-end 

is the same as the reponse i get from the front-end 

Still When i call this web-service from the back-end my goal isnt achieved. As you can see the detail of product terms isnt automaticalluy generated

Dont know if am missing something here

Thank you Petrika

Hello,

Thank you for your question.

Creatio does not include built-in DDoS protection for custom web services, including those with anonymous access. While you can implement basic logic to validate incoming requests, this will not protect against distributed denial-of-service (DDoS) attacks.

If you are exposing custom endpoints to external systems, especially anonymously, we recommend placing your Creatio instance behind a Web Application Firewall (WAF), such as Cloudflare, Azure Front Door, or AWS WAF.

A WAF can help with:

• Rate limiting
• IP filtering
• Bot protection
• DDoS mitigation at the network level

Additional notes:

• Anonymous endpoints are more vulnerable if their URLs become publicly known.
• Validation logic is helpful but not enough to stop large-scale traffic.
• If your Creatio instance is hosted in the cloud, some baseline protection may be in place, but it does not apply to custom web services exposed externally.

Best regards,
Malika

Hi Petrika,

This should be done directly in the code of the 3rd party endpoint to which the call is performed (in case we are discussing the 3rd party webservice call from the business process). Logs of the integration call on the Creatio side are accessible only via standard IIS logs. Or you can enable the process tracing to see the status of the call.

In case the webservice is stored in the Creatio configuration (standard anonymous or regular webservice) then you can either add a part of inserting a record to some specific table in Creatio (via InsertQuery class for example) and retrieve data from there.

Best regards,

Oscar

Thank you very much for your immediate response Oscar. I have got an idea now.  This is what i am trying to do. I have created a button in the Front-End (Get Sum Ws) which calls in the Back-End a basic web service that caculates the sum of the AmountHC in Details Rows.

This is the code in the back-end

namespace test1323.Files.cs
{
    [EntityEventListener(SchemaName = "PetrikaExpenseReport")]
    [ServiceContract]
    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
    class DemoService : BaseService
    {
 
        [OperationContract]
        [WebInvoke(Method = "POST", RequestFormat = WebMessageFormat.Json, BodyStyle = WebMessageBodyStyle.Wrapped,
ResponseFormat = WebMessageFormat.Json)]
 
        public decimal GetErSumSq(string name) 
        {
 
            EntitySchemaQuery entity = new EntitySchemaQuery(UserConnection.EntitySchemaManager, "PetrikaExpenseReport"); 
 
            entity.AddColumn("Id");
            entity.AddColumn("PetrikaTotalAmount");
            entity.AddColumn("PetrikaName");
            entity.PrimaryQueryColumn.IsVisible = true;                                                                   
 
            IEntitySchemaQueryFilterItem parentfilter =
            entity.CreateFilterWithParameters(FilterComparisonType.Equal,"PetrikaName",name);
            entity.Filters.Add(parentfilter);                                                                            
            EntityCollection records = entity.GetEntityCollection(UserConnection);                                      
            Guid parentId = records[0].GetTypedColumnValue<Guid>("Id");
 
           EntitySchemaQuery rows = new EntitySchemaQuery(UserConnection.EntitySchemaManager, 
           "PetrikaExpenseReportLines");
 
            rows.AddColumn("PetrikaAmountHC");
            rows.AddColumn("PetrikaAmountFC");
            rows.AddColumn("Id");
 
            IEntitySchemaQueryFilterItem childfilter =
            rows.CreateFilterWithParameters(FilterComparisonType.Equal, "PetrikaExpenseReport", parentId);
            rows.Filters.Add(childfilter);                                                                            
            EntityCollection lines = rows.GetEntityCollection(UserConnection);
 
            decimal sum = decimal.Zero;
 
            foreach (var r in lines) 
            {
                sum = sum + r.GetTypedColumnValue<decimal>("PetrikaAmountHC");
            }
            records[0].SetColumnValue("PetrikaTotalAmount", sum);                                             
            records[0].Save();
            return sum;
        }
}
}

I want to log in a separate file every communication (request , response time etc) with GetErSumSq.

Petrika,

Perfect, then additionally you can use the same approach with EntitySchemaQuery, but create record is some section and then use the standard "Export to excel" functionality to get the file with request calls. So each time something is calling the GetErSumSq method you can create a record in some separate section (for example called "Integration call" and add information like DateTime.Now (to get the date and time when the method was called and which value was returned (sum))). Also you can try looking into the HttpContext, HttpContextAccessor and AppConnection to see which information is available there that can be used to additionally log the method call.

Best regards,

Oscar

Oleg Drobina,

Hi , I can't find the whole solution for logging a web service , it seems some comments have been missed or deleted , any ways , how can i log a web service in creatio ? 

Hi Patrik,

To successfully upload an image you need to make sure that "WebDav publishing" feature is disabled in Windows features of the IIS server (can be found at "World wide web services" -> "Common HTTP Features" -> "WebDAVPublishing"):

Once done you need to perform the following steps:

1) Create a POST request to https://app_root_URL/0/odata/SysImage with the JSON raw body with the following content:

{
    "Name": "scr_NewContactPhoto.png",
    "Id": "330006E1-CA4E-4502-A9EC-E54D922D2C01",
    "MimeType": "image/png"
}

330006E1-CA4E-4502-A9EC-E54D922D2C01 should be a random unique identifier. This request will create a record in the SysImage table and the response should be similar to the below:

{
    "@odata.context": "https://app_root_URL/0/odata/$metadata#SysImage/$entity",
    "Id": "330006e1-ca4e-4502-a9ec-e54d922d2c01",
    "CreatedOn": "2021-09-30T10:24:26.830457Z",
    "CreatedById": "410006e1-ca4e-4502-a9ec-e54d922d2c00",
    "ModifiedOn": "2021-09-30T10:24:26.830457Z",
    "ModifiedById": "410006e1-ca4e-4502-a9ec-e54d922d2c00",
    "ProcessListeners": 0,
    "UploadedOn": "0001-01-01T00:00:00Z",
    "Name": "scr_NewContactPhoto.png",
    "Data@odata.mediaEditLink": "SysImage(330006e1-ca4e-4502-a9ec-e54d922d2c01)/Data",
    "Data@odata.mediaReadLink": "SysImage(330006e1-ca4e-4502-a9ec-e54d922d2c01)/Data",
    "Data@odata.mediaContentType": "application/octet-stream",
    "MimeType": "image/png",
    "HasRef": false,
    "PreviewData@odata.mediaEditLink": "SysImage(330006e1-ca4e-4502-a9ec-e54d922d2c01)/PreviewData",
    "PreviewData@odata.mediaReadLink": "SysImage(330006e1-ca4e-4502-a9ec-e54d922d2c01)/PreviewData",
    "PreviewData@odata.mediaContentType": "application/octet-stream"
}

2) Create a PUT request to https://app_root_URL/0/odata/SysImage(330006e1-ca4e-4502-a9ec-e54d922d2c01)/Data with the binary body and select an image there:

Once executed the response will be 200OK.

And after that we can perform a GET request to check the result:

Please also note that BPMCSRF cookie should be always in headers:

Best regards,

Oscar

Hi Oscar,

Thanks for the Guidance, But I want to make an API call from Creatio itself ( Using Web-Service / Script Task ), not from Postman. 

Could you guide me on that? 

Hi Pratik,

Please see examples here https://academy.creatio.com/docs/developer/integrations_and_api/data_se…

Best regards,

Oscar

Hello,

Unfortunately webservices in Creatio can process JSON body only, and we have a task for our core R&D team to make it possible to set the request body in X-WWW-FORM-URLENCODED type. Currently the request body should be formed separately via a script task and then passed to the webservice request body:

string Request = "From=" + System.Web.HttpUtility.UrlEncode(Get<string>("FromNumber")) + "&" + "Body=" + System.Web.HttpUtility.UrlEncode(Get<string>("Message")) + "&" +"To=" + System.Web.HttpUtility.UrlEncode(Get<string>("ToNumber"));
Set<string>("twilioRequest", Request);
return true;

twilioRequest is the process parameter of the text datatype that should be then used in the webservice body.

Oscar Dylan,

which Parameter type must I use in the request as body 

Moheman,

Since twilioRequest is a string then parameter type should be also string.

Oscar Dylan,

How's it going with the x-www-form support? When can we expect it?

Hi Oscar,

The solution you gave did  not work for us. May be we are missing something. Can you please share the request body from Test Request feature in webservice so that we can compare and check from our side?

Hello Solem, 

There is a need to double-check the set oauth2 settings, based on the information from the provided screenshots it seems that some of them might be incorrect. 

Please refer to the below article for more detailed information and examples of how the corresponding URLs and Scopes should be set:

https://academy.creatio.com/docs/user/no-code_customization/web_service…

Thank you!

Best regards, 

Anastasiia

Hi Raz,

First of all you need to check the application logs and see the actual server error that is received upon calling the Products object via OData. Secondly you need to check if there are no errors with any of the "Products" objects in the system configurations (maybe the system asks to update the database structure for any "Product" object in any package or source code update is required). Also try publishing all the replaced "Product" objects in configurations.

Best regards,

Oscar

Oscar Dylan,

Hi Oscar,

I didn't understand your answer at all.

I will elaborate:

1. The error 500 occurs even when querying the product section.

2. Which application logs? the application runs in the cloud.

3. what do you mean by "errors with any of the products objects"? again, the issue occurs even when querying the section.

Thanks,

Raz

Oscar Dylan,

Hi Oscar,

I have a new update on the issue.

I don't know what happen, but now the Get Request works, the Post request for creating a new product works too.

But, Once I enter the product in the system and "Close" button changes to "Save". It looks like something in the creation of the product didn't finish correctly.

Can you point me to what to check?

Thanks,

Raz

Raz Guille Rosman,

Hi Raz,

Regarding your remarks:

1) "1. The error 500 occurs even when querying the product section." - I did understand that and that's why asked you to go to system configurations and check if any of the "Products" objects has "Database update is required" or "Source code update is required" error flag. The situation you described looks like the issue with an object in configurations and that's why it had to be checked.

2) "2. Which application logs? the application runs in the cloud." - you should've mentioned that the application is running in the cloud. You can contact us directly at support@creatio.com to get the application logs if needed. If this was an onsite app the logs could be found at C:\Windows\Temp\Creatio folder in the machine where the IIS-server is deployed.

3) "what do you mean by "errors with any of the products objects?" - again, the issue occurs even when querying the section." - I meant the actual error on the object, something like this:

And yes I understood that you received the error when performing OData requests and everything is simple: if there is a problem with an object OData requests to this object can fail.

As for your last remark that the button becomes "Close", but not "Save": it means that there was some modification on the page that should be saved. It can be rather the method on the product page that wasn't executed (or was executed) completely or you've clicked on some field when the page was opened. No error here.

Best regards,

Oscar

Oscar Dylan,

H Oscar,

Thank you very much for your very detailed response.

1. The error 500 stopped, I don't know why. It just stopped and both the get and post requests are working correctly.

2. Thanks for the explanation. I'll keep that in mind for the next time.

3. I checked and there are no processes or other js code that runs in the background for a new record.

Do you have an idea where to start looking?

Thanks,

Raz

Hello,

This feature is available starting from 7.17.4 version. The simplest way to achieve it is just to upgrade your website to 7.17.4 or even better to 7.18.0 which is the latest actual version of the app.

Regards,

Dean

Hello, 

There are a few possible root causes of the issue and it's hard to tell the exact one only with the information provided and with no access to the instance. 

Please contact our support team via an email: support@creatio.com and submit the support request so we could check all the needed details. 



Thank you in advance!

Best regards, 

Anastasiia

Anastasiia Zhuravel,

Thanks Anastasiia. I have already done that

M Shrikanth,

I have the same issue. Did you find any solution?

Thanks

Mohamed

Mohamed Ouederni,

No yet Mohammed. I have written to Creatio support and the issue is yet to be resolved. 

Hello,

I'm having the same issue, too...did you or creatio support find something out?

Thanks,

Robert

Hello together,

I have successfully configured OAuth 2.0 authorization on my localhost. I had the same error as you, to check ClientId and ClientSecret. After checking with Creatio support, the problem was in appsettings.json with Clients part of configuration. I have copied Client block of code from Step 10 of this article into appsettings.json (\"AllowedScopes\": part was missing) and after that successfully Generated default resource. Please try that and let us know if it worked. Thanks.

Getting the below error ,could you please help on this.

We are able to integrate.Just need a small change need to give  Authorization server Url for OAuth 2.0 integrations http://localhost:5000/
need to go to root dirctory of identityService and run dotnet IdentityService.dll in cmd or terminal

Hi,

Try SBLServiceId instead and also take a look in the database and check how is this column called there.

Best regards,

Oscar

Oscar Dylan,

Hi Oscar,

Thank you for the reply. How do I provide the value of Id of SBLService lookup? In the database, it is just 'Id' for the lookup id. I tried to access by doing SBLService.Id but it didn't help.

entity.SetColumnValue("SBLService.Id", debitCardData.ServiceId);

Roman Raj Bajracharya,

the value should be passed as an actual Id and also the column name shouldn't contain the . separator:

entity.SetColumnValue("SBLServiceId", Id here);

For example see this post https://community.creatio.com/questions/how-create-or-update-record-usi… where Dmytro provided an example of working with GUID columns.

Best regards,

Oscar

Oscar Dylan,

Hi Oscar,

Thank you very much. The record is now inserted. But I am having problem on the execution of a process that should occur when a record on this entity is created. This process is executing well when I create a new record from frontend(UI). Any ideas on this?