Re: New SQL HTTP_POST question

On 7/22/2024 1:36 PM, Jay Vaughn wrote:

but that is the exact format I'm using and it is not working

sql sate 38501
vendor code -443

axis error :httpTransportException: Cannot initialize a channel to the
remote end.

Depending on the rest of the error message in the job log, this is probably an SSL handshake problem rather than an issue with the SQL.

The following works with a public web site and a generic token.
IBM i 7.4.

select
response_message,
response_http_header
from table(qsys2.http_get_verbose(
URL => 'https://authenticationtest.com',
OPTIONS => '{
"sslTolerate":"true",
"headers":{
"Accept":"*",
"Authorization":"Bearer t0k3nId"
}
}'
)
);

If you run this, copy the response_message to a decent editor, page to the bottom and see if the token is set. Mine looks like:

<h5 class="card-title">Bearer Token</h5>
<p class="card-text">Set the
<code>Authorization: Bearer t0k3nId</code>
and see if it succeeds below.</p>
<div class="alert alert-success">Token Set</div>


My certs are in /QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB. I had to make sure that my user profile has RX to all of the directories, and to the KDB file. I found this by reading the docs for HTTP Functions Overview https://www.ibm.com/docs/en/i/7.4?topic=programming-http-functions-overview - I had to sit down and pay attention to the whole thing, especially the SSL Considerations paragraphs. Your group might choose to give *PUBLIC *RX authority to the cert file (and directory tree.) If the certs in there are in the public domain anyway, then it doesn't much matter who can read them...

Bear in mind that your cert file might be elsewhere (see the docs for one possibility), but you noted that http_get works for other sites, so authority to the cert file is just a guess on my part.