Important Update: Archer Community Scheduled Maintenance on November 23–24 - New Community Launching Soon! Learn More..
2020-01-22 02:25 PM
I need to take an email address that is entered on a web form and find the Archer user ID number in order to update a user field. In testing, I can update the field with a hard coded value for the user ID 3166:
"27654": {
"Type": 8,
"Tag": "director",
"Value":{
"UserList":
[{"ID":3166}],
"GroupList":
[{"ID":1}]},
"FieldID": 27654"
The web form will capture an email address that matches the user, and I think I may have to use the "usercontact" API endpoint? But am not clear on how to find the user ID value?
I looked through PowerShell REST API Get User Info -Body?? but I'm not going to have the value for UserName.
TIA
2020-01-22 04:27 PM
Because the Contacts property is a JSON array of objects, the filter is a little more complex. Using trial-and-error and the below links, I came up with the following API call. NOTE: the equal operator is case sensitive.
/api/core/system/usercontact?$filter=Contacts/any(s:tolower(s/Value) eq 'jeff.letterman@rsa.com')
Instead of passing the $filter in the URL, it can be passed in the body too.
{ "Value": "?$filter=Contacts/any(s:tolower(s/Value) eq 'jeff.letterman@rsa.com')" }
Results
[
{
"Links": [],
"RequestedObject": {
"UserId": 6720,
"Contacts": [
{
"ContactType": 7,
"ContactSubType": 2,
"IsDefault": true,
"Value": "Jeff.Letterman@rsa.com",
"Id": 41218
}
]
},
"IsSuccessful": true,
"ValidationMessages": []
}
]
The following links are helpful, but Archer doesn't support all ODATA functionality like $expand.
2020-01-22 03:28 PM
You should be able to pull that out of the Archer REST API using the "Get All User Contacts" call documented on page 86 of the RSA Archer 6.5 RESTful API Reference Guide.
This call returns an array of contact information for every user in the system. You could then parse this response to find your email match, and then extract the corresponding UserId value to pass into your field update call.
[
{
"Links":[],
"RequestedObject":
{
"UserId":1470,
"Contacts"
[
{
"ContactType":7,
"ContactSubType":2,
"IsDefault":true,
"Value":"example@domain.com",
"Id":1135
}
]
},
{
"UserId":2163,
"Contacts"
[
{
"ContactType":7,
"ContactSubType":2,
"IsDefault":true,
"Value":"example@mycompany.com",
"Id":6412
}
]
},
"IsSuccessful":true,
"ValidationMessages":[]
}
]
2020-01-22 03:49 PM
Yes, that is the API that I thought would apply. However, is it possible to use an OData filter with this API on the email address value?
While using the API Template tool I can set the body with:
{
"Value": "?$filter=UserId eq 3166"
}
I can't use:
{
"Value": "?$filter=Value eq 'email@business.com'"
}
2020-01-22 04:27 PM
Because the Contacts property is a JSON array of objects, the filter is a little more complex. Using trial-and-error and the below links, I came up with the following API call. NOTE: the equal operator is case sensitive.
/api/core/system/usercontact?$filter=Contacts/any(s:tolower(s/Value) eq 'jeff.letterman@rsa.com')
Instead of passing the $filter in the URL, it can be passed in the body too.
{ "Value": "?$filter=Contacts/any(s:tolower(s/Value) eq 'jeff.letterman@rsa.com')" }
Results
[
{
"Links": [],
"RequestedObject": {
"UserId": 6720,
"Contacts": [
{
"ContactType": 7,
"ContactSubType": 2,
"IsDefault": true,
"Value": "Jeff.Letterman@rsa.com",
"Id": 41218
}
]
},
"IsSuccessful": true,
"ValidationMessages": []
}
]
The following links are helpful, but Archer doesn't support all ODATA functionality like $expand.
2020-01-22 05:18 PM
Using the URL example, how would this translate into power shell? I've tried:
try
{
$api_url = $base_url + "/api/core/system/usercontact?$filter=Contacts/any(s:tolower(s/value) eq 'scott.ness@sabre.com')"
$results = Invoke-RestMethod -Method Post -Uri $api_url -Headers $headers -Body "" -ContentType "application/json" -WebSession $sess
if ($results.IsSuccessful -and $results.ValidationMessages.count -eq 0) {
$results.RequestedObject
$user_id = $results.RequestedObject.UserId
"User ID = " + $user_id
}
else {
$results.ValidationMessages
}
}
catch {
$_.Exception | Format-List -Force
}
finally {
$results = $null
}
I set the body to blank, assuming it is not needed with the content in the URL. And then attempting to have a variable to capture the UserID value from the result.
The result is a "405 method not allowed" error.
2020-01-22 05:25 PM
Instead of using POST, use GET.
If you want to use POST verb, the header needs the X-Http-Method-Override too...see Secure Use of HTTP Verbs.
$headers = @{"Authorization" = "Archer session-id=$sessionToken"; "X-Http-Method-Override" = "GET"}
I like to create different headers for use with different API calls because the override can fail for some calls.
$archer = [PSCustomObject]@{
BaseUrl = $baseUrl
ApiBaseUrl = "/api"
InstanceName = $instanceName
SessionToken = $sessionToken
Headers = @{"Authorization" = "Archer session-id=$sessionToken"}
OverrideGet = @{"Authorization" = "Archer session-id=$sessionToken"; "X-Http-Method-Override" = "GET"}
OverrideDelete = @{"Authorization" = "Archer session-id=$sessionToken"; "X-Http-Method-Override" = "DELETE"}
Version = ""
}
2020-01-22 05:39 PM
I do have this already:
$headersGET = @{}
$headersGET.Add("Authorization", "Archer session-id=" + $session_token)
$headersGET.Add("X-Http-Method-Override", "GET")
$headers = @{}
$headers.Add("Authorization", "Archer session-id=" + $session_token)
Which is just after the login that creates the session ID. Not sure if it matters, my starting point with examples is from the https://community.rsa.com/community/products/archer-grc/archer-customer-partner-community/api-users/blog/2017/07/24/hello-world-at-charge-2017 so I may be starting from an older reference.
2020-01-22 05:43 PM
Yeah, those PowerShell examples were in my early stages of learning PowerShell.
In your example, change line 5 to use the override header $headersGET with POST verb.
$results = Invoke-RestMethod -Method Post -Uri $api_url -Headers $headersGET -ContentType "application/json"
2020-01-22 05:55 PM
The "Hello, World" API lab series continued on at both RSA Charge 2018 and 2019. You can find the guides, slides, code, and app installers on the below pages for your reference:
2020-01-22 05:59 PM
That did allow the API to complete without any error. But I'm not seeing a value returned
SessionToken : xxxxxxxxxxxxxxxxxxxxxxx
InstanceName : cert
UserId : 19449
ContextType : 0
UserConfig : @{TimeZoneId=Central Standard Time; TimeZoneIdSource=1; LocaleId=en-US; LocaleIdSource=2; LanguageId=1; DefaultHomeDashboardId=128; DefaultHomeWorkspaceId=70; LanguageIdSource=1;
PlatformLanguageId=1; PlatformLanguagePath=en-US; PlatformLanguageIdSource=1}
Translate : False
IsAuthenticatedViaRestApi : True
Session Token = xxxxxxxxxxxxxxxxxxxxxxxxxxx
Links : {}
RequestedObject : True
IsSuccessful : True
ValidationMessages : {}
I get the login result, session token and then logout, but not seeing the result of the usercontact?