Data provisioning
If you select the REST connector (Template) when enabling provisioning, enter a unique name for the connector. You will configure and save a copy of the template connector (this version is stored in Omada Identity). When new updates are introduced to the template connectors, your configuration remains intact.
Due to a vast number of supported authorization options in the REST provisioning, one of the public extension points has been modified. The modification means that any custom REST connector that used this extension point must be updated. The modified extension point is Omada.OPS.Connector.REST.Services.Authorization.AbstractTokenService. This extension point can be used to implement custom authorization flows.
The protected abstract method abstract string getPayloadAsString() has been replaced with protected abstract Dictionary\<string, string\> getTokenPayload().
Provisioning configuration
| Parameter | Description |
|---|---|
| Base address | Specify the server address. |
| Entity root | This is optional and is a fragment of the URL that points to provisioned entities (e.g. v1/IdentityData). |
| Content-type header | Choose the format of the content. The default value is application/json. If you need to use other content types for specific HTTP verbs, provide a JSON object with properties in the verb:content type format (you can also specify a default content type for all requests). Example: { "default": "application/json", "patch": "application/json-patch+json" } |
| Accept header | The default value is application/json. |
| Headers | This field is optional. Here, you can provide JSON document specifying custom headers, for example: {"Request": {"Accept": " text/html","content-type": "application/json","SomeCustomHeaderWithValue": "custom value", "SomeCustomHeaderWithoutValue": null}} Headers defined in this JSON document override the value set in the Content-type header field. |
| Include certificate | If selected, a client certificate will be attached to the HTTP requests. Three additional parameters are required: - Certificate (in the PEM format) -----BEGIN CERTIFICATE----- <contents> -----END CERTIFICATE----- - Private Key (in the PEM format) -----BEGIN PRIVATE KEY----- .... -----END PRIVATE KEY----- - Passphrase for private key (optional, use it if the private key was created with the passphrase ) |
| Authentication type | The type of authentication to use for the REST system. Depending on the type of authentication that you choose to use, you may see more or fewer settings. The available options are: API Key – uses API Key keywords AWS Signature – adds authentication information to the HTTP header of Amazon Web Services request. All AWS mandatory fields must be completed. None – there are no authentication headers. Basic – username and password are required. OAuth2 – all OAuth mandatory fields must be completed with proper value. These values can be found in your external vendor’s documentation of your REST system. |
| Security protocol | Security protocol of your REST system. |
| Use numeric values | Setting this to true will ensure that intType, longType, and referenceType values in the JSON payload are sent as numeric values and not strings. For referenceType properties the value is only set as a numeric value when the resolved value can be converted to a numeric value. |
| Test connection | This field is optional. You can check this field to force the collector to test the defined connection before moving forward. |
| Timeout in seconds | Specify the timeout value in seconds. |
| responsesFilter | Applies JsonPaths to a successful response allowing to select nodes included in the OPS task result values. |
| errorResponsesFilter | Applies JsonPaths, when server returns error, allowing to limit the response to information required to identify the cause of the error. |
| Test query | This field only appears if the Test connection field is enabled. Here you can enter an optional test query used to verify the connection.The query must be relative to the base address, e.g., 'Users.' Entering a test query is important for a proper test for authentication methods which doesn't access the target system, e.g., basic authentication or static bearer token. |
Defining behavior in case of the lookup failure
You can choose the lookup failure strategy, giving you the option to define the connector behavior in such scenarios. From the Lookup failure strategy drop-down list, choose one of the following options:
- Skip property in request payload -
{ "name" : "ABC" } - Stop processing with failure - requests are not sent, the provisioning task fails
- Use NULL -
{ "name": "ABC", "ref" : null } - Use empty value (default behavior) -
{ "name" : "ABC", "ref" : "" } - Use value used for lookup -
{ "name" : "ABC", "ref" : "DEF" }
Configuring authentication
Basic authentication
| Parameter | Description |
|---|---|
| Service Name | Mandatory field.Enter the name of the AWS API service that the authentication request will be sent to. |
| Secret Key | Mandatory field.Enter your IAM user secret key to authenticate your requests. |
| Access Key | Mandatory field.Enter your IAM user access key to authenticate your requests. |
| Region | Optional field. Enter the AWS region for the authentication request.For the IAM service, it is recommended that you leave the field empty. |
Password credentials grant
| Parameter | Description |
|---|---|
| Username | The username for the user to authenticate with the service. |
| Password | The password for the user to authenticate with the service. |
API Key authentication
| Parameter | Description |
|---|---|
| Username | The username for the user to authenticate with the service. |
| Password | The password for the user to authenticate with the service. |
| API Key | Define the API Key keyword, for example, for DataDog environment: “DD-API-KEY”. |
| API Key Value | Define the API Key value, for example, for DataDog environment: “…” |
| Application Key | Define the associated Application Key keyword, for example, for DataDog environment: “DD-APPLICATION-KEY”. |
| Application Key Value | Define the associated Application Key value, for example, for DataDog environment “…” |
OAuth2 authentication
| Parameter | Description |
|---|---|
| URL for Authorization token | The URL address for the Authorization token.It can be taken from the environment. |
| OAuth Grant Type | The type of OAuth2 Grant used for authorization.Possible grants: - Client credentials, Password credentials, JWT bearer, Static token, SAP username and password, SAML |
| OAuth Client ID | The Client ID, can be taken from the environment. |
| OAuth Client Secret | OAuth Client Secret, can be taken from the environment. |
| OAuth Audience | Optional field. When set, it will be added to the list of post parameters sent in the Authentication token request. This parameter is shared between collector and connector so if it is set for the collector then same value will be used for the connector if it is empty. |
| OAuth Resource | OAuth Resource Owner. |
| OAuth Token RevokeURL | URL address for the Token Revoke. |
| Token cache policy | Token cache policy, it determines whether we should not cache – Never cache, get once and store always – Always cache, or expire after some time interval (sec) – Expiration interval. |
Password credentials grant
| Parameter | Description |
|---|---|
| Username | The username for the user to authenticate with the service. |
| Password | The password for the user to authenticate with the service. |
SAP username and password grant
| Parameter | Description |
|---|---|
| Username | Provide the SAP username for a SAP Cloud system like SAP Cloud Identity Authentication Service (IAS). |
| Password | Provide the SAP password for a SAP Cloud system like SAP Cloud Identity Authentication Service (IAS). |
Custom
| Parameter | Description |
|---|---|
| Auth request body | Raw body of the request sent to authentication server to get the access token. Sensitive values should be replaced with the placeholders starting with #SECURE. |
| Auth request content type | Content type of the request sent to authentication server to get the access token. |
| Authentication server response format | The available options are: Access token only, JSON, Other, XML |
| Access token Location | Required field if the Authentication server response format setting has value other than Access token only configured. Location of the access token in the response. Depending on the format, different kind of information is expected in this field: property name if it is JSON, XPath if it is XML, * regular expression with group if it is other*, unknown format. |
| Authorization header | Name of the authorization header, where access token will be stored. |
JWT bearer grant
| Parameter | Description |
|---|---|
| JWT Issuer | JWT Issuer claim |
| JWT Subject | JWT Subject claim |
| JWT Audience | JWT Audience claim |
| JWT Private key (PEM format) | JWT Private key is in PEM format:-----BEGIN PRIVATE KEY----- .... -----END PRIVATE KEY----- or -----BEGINENCRYPTED PRIVATE KEY----- .... -----END ENCRYPTED PRIVATE KEY-----and thenPassphrase for Private Key needs to be provided |
| JWT Passphrase for private key | Passphrase for the providedPrivate key |
| JWT Encryption algorithm | Encryption algorithm used when signing the token, for example, RSASSA-PKCS1-v1_5 using SHA-256 (RS256) |
| JWT Public key ID | Public key ID for signing the JWT(Header parameter) |
| JWT Type | JWT Type (Header parameter) |
| JWT Additional claims | Enter a JWT Additional claims in the JSON format (for text type, value enclosed in double quotes). Legacy format is also supported: key1,value1;key2,value2;... |
| JWT Token Parameter | This setting stores the JWT token parameter name. |
SAML 2.0
| Parameter | Description |
|---|---|
| SAML IDP Endpoint | This field applies only to OAuth 2.0 SAMLauthentication option. Enter the URL where SAML requests are posted. |
| User ID | This field applies only to OAuth 2.0 SAML authentication options. Enter the user identifier issued to the user during the registration process in the service. |
| Company ID | This field applies only to OAuth 2.0 SAML authentication options. Enter the company identifier issued to the company during the registration process in the service. |
Static token grant
| Parameter | Description |
|---|---|
| OAuth Static Token | Provide your OAuth Static Token.This token is required for the Static token grant. |
| OAuth Static Token Type | Provide a custom keyword that will be supplied in front of the static token. If the field is left blank, the default Bearer value is used. |
The data model for REST is extensible and consists of two sections: <properties> and <objects>.
Properties
The <properties> section serves as a repository of properties of all <objects> in the remote system that is subject to provisioning. A single property consists of the following attributes:
| Name | Description |
|---|---|
| name | Unique name of the property. This name must match the property name in the target system. |
| required | Here, you can specify if the property is required or not. |
| dataType | The data type of the property. By default, the type is a string. If this value is set to referenceType, the property will be used to either calculate reference properties or to calculate the object ID value. |
XML configuration for properties
<connectorDataModel xmlns="http://s
chemas.omada.net/ops/2015/ConnectorDataModelML" xmlns:xsi="http://ww
w.w3.org/2001/XMLSchema-instance" modelNamespace="RemoteRESTSystem">
<properties>
<property name="LastName" requried="true"/>
<property name="FirstName" requried="true"/>
<property name="Username" requried="true"/>
<property name="Email" requried="true"/>
<property name="Alias" requried="true"/>
<property name="CommunityNickname" requried="true"/>
<property name="TimeZoneSidKey" requried="true"/>
<property name="LocaleSidKey" requried="true"/>
<property name="EmailEncodingKey" requried="true" />
<property name="ProfileId" requried="true" dataType="referenceType" />
<property name="LanguageLocaleKey" requried="true"/>
<property name="userIdRef" dataType="referenceType" />
<property name="IsActive" requried="false"/>
<property name="AssigneeId" dataType="referenceType"/>
<property name="PermissionSetId" dataType="referenceType"/>
<property name="permissionSetAssignmentAssigneeIdIdRef" dataType="referenceType"/>
<property name="permissionSetAssignmentPermissionSetIdIdRef" dataType="referenceType"/>
</properties>
JSONPath property names
You can use the JSONPath to update existing field values in the request. This feature is useful for reconciliation or when utilizing request template object details. The JSONPath properties can be utilized with appropriate fields present in the JSON file path. The JSONPath can't create new fields.
If you don't use reconciliation, add other properties to build localization of this JSON Path.
The property names starting with $. are interpreted by the connector as a JSON path. The values of those properties can be either text or JSON format. In the
latter instance, the connector adds an appropriate structure in the designated location. The JSONPath properties can be combined with the existing properties and they are applied on top of the prepared request.
<properties>
<property name="$.added[0].loginId" />
<property name="$.added[0].roles" multiValued="true" />
<property name="$.added[0].sampleArray" muliValued="true" />
</properties>
Request templates
You can provide the JSON request template in the object details with the request template being defined per operation. The following convention should be followed when naming a detail:
{Operation}Request,
As shown in the example below values should be stored within the <largeDataField> element.
<object name="SampleUser">
<objectDetails>
<objectDetail name="CreateRequest">
<largeDataField>
{
"added":[
{
"organization":{
"name":"my comapny",
"type":"Comapny"
},
"roles":[
{
"name":"Role 1"
},
{
"name":"Role 2"
}
],
"sampleArray":[],
"loginId":"myLogin"
}
]
}
</largeDataField>
</objectDetail>
You can also use a JSON array. In this scenario, you can only use properties (JSON paths) to modify the template. Other properties can still be used for other purposes.
<objectDetail name="UpdateRequest">
<largeDataField>
[
{
"path": "/contactPoints/0/additionalContactInfo/eMail",
"op": "replace",
"value": "USER_EMAIL"
},
{
"path": "/contactPoints/0/phoneNumbers/telephone3",
"op": "replace",
"value": "USER_NAME"
}
]
</largeDataField>
</objectDetail>
Objects
Here, <objects> refers to a set of objects. Each object has a name property that must match one of the names in task mappings. Inside an object, there are two sub nodes: <objectDetails> and <objectProperties>.
objectDetails
ObjectDetails are used to provide details about how an object is treated. Each property can also have a reference property as part of their value. The name of the reference property must be in curly brackets, for example:
<objectProperty referenceObject="Profile" referenceKeyProperty="Id" referenceLookupProperty="Name">ProfileId</objectProperty>
When a property is used as part of an objectDetail, the property is removed from the JSON body of the HTTP request. If the property is needed for both the object detail and the JSON body, you must make another reference property with a different name.
The REST Connector issues HTTP requests to the REST endpoints of the remote system. These endpoints are defined/calculated relatively and appended to a single baseAddress following the REST standards.If the remote system has a custom REST implementation, you can use the objectDetails to define the custom properties in the REST connector:
| Name | Description |
|---|---|
EndpointAddress | Used to provide a different endpoint, in case a specific object in the remote system requires HTTP calls to be issued to another individual baseAddress. |
ResourcePathCreate | The path to be appended to the EndPointAddress for create operations. |
ResourcePathUpdate | The path to be appended to the EndPointAddress for update operations. |
ResourcePathDelete | The path to be appended to the EndPointAddress for delete operations. |
ResourcePathGet | If the path is specified, it is used to verify object existence for the createOrUpdate and deleteIfExists operations and reconciliation. |
ResourcePath | Use this property if the path is the same for all the create, update and delete options. This setting will override these properties, even if they are specified. |
VerbForCreate | Use this property if the remote system requires another verb for create operations where the default is POST. |
VerbForUpdate | Use this property if the remote system requires another verb for update operations where the default is POST. |
VerbForDelete | Use this property if the remote system requires another delete for update operations where the default is POST. |
AnchorProperty | Provides name of the property in the result storing the anchor |
ResultValuesJsonPath | Used when the target system provides response, where the root object is not a main focus or it is stored within another property. The value of object detail should then point to the relevant object. |
AllowBodyOnDelete | If set to false, body will not be sent for DELETE operations. |
objectProperty
The objectProperty element is used to determine a set of properties for an object. When a property has the data type referenceType, it must have the following attributes:
| Name | Description |
|---|---|
| propertyName | The name of the objectProperty for the object. This name must match the unique Name mentioned in subchapter 5.9.2 Properties. |
| isKey | When set to true, this property will be used to lookup objectId for update and delete. isKey can be set to true for multiple properties at the same time. |
| referenceObject | The object to query. |
| referenceKeyProperty | The property of an object that is the result of the query. |
| referenceLookupProperty | The property that you are checking against. |
Sending full JSON body as an array
To send the request body as an array, indicate that by using the object type in the task mappings. In the Source field, add the square brackets [] at the end of the name.
Support for reference lookup with returned arrays
The REST Connector supports reference property lookups if values are stored in a specific place in the response. The lookup path is specified in the referenceLookupProperty attribute in the data model, for example:
"users?query=%22{value}%22"
Note that {value} should be replaced with the actual property value. The connector will automatically return the root object if the response is a single object or the first entry if it is an array. If the response has other structures, the path to the result can be specified in the following way:
"users?query=%22{value}%22#path=$.users[0]"
See Querying JSON with SelectToken for information on how to specify the path.
If the lookup URL requires multiple dynamic values (for example: resources?name=ABC&type=reader), provide the address with all dynamic parameters in curly brackets: resources?name={resource_name}&type={resource_type}. The value for this property should be then provided in the following format: key=value;key2=value2 (example: resource_name=ABC;resource_type=reader). Use the expression mapping type and the string.Format function to build the value in this format.
Provisioning root properties and elements
In order to correctly provision root properties or elements for custom schemas they need to be correctly specified in the data model. Root properties must be specified in the following way:
urn:scim:schemas:extension:enterprise:1.0:.employeeNumber
Root elements must be specified in the following way:
urn:scim:schemas:extension:enterprise:1.0:.manager.managerId
Code example of data model configuration
This is an example of the connector data model for REST, where you can see the elements objects, objectDetails and objectProperties:
<objects>
<object name="RemoteRESTSystemUser">
<objectDetails>
<objectDetail name="VerbForUpdate" value="PATCH" />
<objectDetail name="VerbForDelete" value="PATCH" />
</objectDetails>
<objectProperties>
<objectProperty>LastName</objectProperty>
<objectProperty>FirstName</objectProperty>
<objectProperty>Username</objectProperty>
<objectProperty>Email</objectProperty>
<objectProperty>Alias</objectProperty>
<objectProperty>CommunityNickname</objectProperty>
<objectProperty>TimeZoneSidKey</objectProperty>
<objectProperty>LocaleSidKey</objectProperty>
<objectProperty>EmailEncodingKey</objectProperty>
<objectProperty referenceObject="Profile" referenceKeyProperty="Id" referenceLookupProperty="Name">ProfileId</objectProperty>
<objectProperty>LanguageLocaleKey</objectProperty>
<objectProperty>IsActive</objectProperty>
<objectProperty isKey="true" referenceObject="User" referenceKeyProperty="Id" referenceLookupProperty="Alias">userIdRef</objectProperty>
</objectProperties>
</object>
<object name="RemoteRESTSystemPermissionSetAssignment">
<objectDetails>
<objectDetail name="VerbForUpdate" value="DELETE" />
</objectDetails>
<objectProperties>
<objectProperty isKey="true" referenceObject="PermissionSetAssignment" referenceKeyProperty="Id" referenceLookupProperty="PermissionSetAssignment.Assignee.Alias">permissionSetAssignmentAssigneeIdIdRef</objectProperty>
<objectProperty isKey="true" referenceObject="PermissionSetAssignment" referenceKeyProperty="Id" referenceLookupProperty="PermissionSetAssignment.PermissionSet.Name">permissionSetAssignmentPermissionSetIdIdRef</objectProperty>
<objectProperty referenceObject="User" referenceKeyProperty="Id" referenceLookupProperty="Alias">AssigneeId</objectProperty>
<objectProperty referenceObject="PermissionSet" referenceKeyProperty="Id" referenceLookupProperty="Name">PermissionSetId</objectProperty>
</objectProperties>
</object>
</objects>
</connectorDataModel>
Converting JSON format input into data model
In the Data Model dialog box, there is an option Convert from JSON format allowing to convert the JSON format input into a data model.
To convert JSON input for data model, perform the following steps:
-
Click Convert from JSON format and open a separate dialog box.
-
Introduce input for a single object in JSON format and click Convert.
-
Copy the default data model for the used JSON input to a clipboard and click Cancel.
-
In the Data Model dialog box, paste the content from the clipboard. If no additional changes are required, click OK.
Any required modifications that are not indicated by the JSON input can be applied before saving.
The functionality is available for REST and REST-based connectors. If the target API documentation contains sample JSON requests, they can be used as an input for the conversion feature.
Reconciliation
The REST connector has a feature called Object Reconciliation which is triggered in the data model by setting objectDetails with names ReconcileOnUpdate or ReconcileOnDelete to have the value True, for example:
<objectDetail name="ReconcileOnUpdate" value="True"/>
<objectDetail name="ReconcileOnDelete" value="True"/>
This setting works on a per object basis, so it is possible to have it enabled for certain objects and disabled for others. If the operation is Update or Delete, and the relevant property is set to True, the connector merges between the current object in the external system and operations defined in Task Mapping.
When Reconciliation is turned off, a request is created based on task mapping alone. Each task mapping rule is converted to a JSON property, or array entry. The request is then sent out to a server. When Reconciliation is turned on, the first step is taking the object or entity that is being read from an external system. Then, each task mapping rule is merged into this object based on the action and multivalue attributes.
The result of this operation is then sent to the external system. If there are complex objects in the data model that are contained in an array, the property name should include condition in square brackets.
If you have an array of emails, with each email represented by value and type, the property name should have following structure:
emails.value[type=work]
To handle multi-value structures, the REST connector allows creating a JSON payload utilizing the advanced reconciliation feature. The connector uses the same algorithm as when it merges new properties with an existing object (but for creating a new object). It will merge properties with an empty json object "{ }" as an existing object. Add the following <objectDetail> to your data model:
<objectDetails>
<objectDetailname="UseReconcileJSON"value="true"/>
</objectDetails>
To enable the multi-value feature, set the multiValued properties to true in the data model:
<propertyname="items[].itemValue"dataType="stringType"multiValued="true"/>
<propertyname="items[].fieldName"dataType="stringType"multiValued="true"/>
For the multi-value properties, ensure that in the task mappings the action field is set to add. Do not use remove as there is no data in the existing object. For single value properties, use modify.
<fieldMappingname="items[].fieldName"mappingType="Constant"action="add"clearExisting="false"mapNull="false"enabled="true"dataType="stringType"multiValued="true">Username</fieldMapping><fieldMappingname="items[].itemValue"mappingType="Constant"action="add"clearExisting="false"mapNull="false"enabled="true"dataType="stringType"multiValued="true">SomeUsername</fieldMapping><fieldMappingname="items[].fieldName"mappingType="Constant"action="add"clearExisting="false"mapNull="false"enabled="true"dataType="stringType"multiValued="true">Password</fieldMapping><fieldMappingname="items[].itemValue"mappingType="Constant"action="add"clearExisting="false"mapNull="false"enabled="true"dataType="stringType"multiValued="true">SomePassword</fieldMapping><fieldMappingname="items[].fieldName"mappingType="Constant"action="add"clearExisting="false"mapNull="false"enabled="true"dataType="stringType"multiValued="true">Domain</fieldMapping><fieldMappingname="items[].itemValue"mappingType="Constant"action="add"clearExisting="false"mapNull="false"enabled="true"dataType="stringType"multiValued="true">SomeDomain.com</fieldMapping>
Task mapping attributes
You can apply the following action attributes to task mappings: add, modify, delete. The multivalue attribute can be set to true or false. In the entity taken from an external system, the task mapping name attribute points to a JSON property. The dot character (".") indicates a child of a parent's property. In the following example, the name attribute performs an operation on the members array item and in the value property.
<fieldMapping name="members[].value"
- Add
- Modify
- Delete
In this action attribute, the REST Connector searches for a property on an existing structure. If the parent property is an array, it adds elements to it. If the parent property is an object, it adds the property to this object.
The property is only added when there is no property of that name and it does not add duplicates. If the multivalue attribute is set to true, the REST Connector does not gather all the properties, which also has the multivalue attribute set to true and has the same parent path.
The addition of properties to the multivalue attribute works only on array.
When you add properties, they create an entry based on all the multivalue fields that have the same parent path. If there is a duplicate entry, a new one is not added.
This is the additional action attribute: action=”add”.
In this action attribute, the REST Connector searches for a property on the existing structure and modifies it accordingly.
Modification works only on objects, not on array. This is the modification action attribute: action=”modify”.
In this action attribute, the REST Connector searches for a property on the existing structure. If the parent property is array, it searches for an array element with the property that matches the value.
If the REST Connector finds the array element, it removes the entire entry. If the parent property is an object, it removes the property if it exists in the object.
This is the deletion action attribute: action=”remove”.
Additional configuration
JobAnchor property
With the Anchor feature a JobAnchor property is introduced to OPS tasks. When performing a provisioning job consisting of multiple tasks, the first task, when completed, returns an anchor. The anchor is then available for a consecutive task triggering the task processing.
A provisioning job consisting of the following tasks:
- Create a new account
- Add the account to a group
The first task returns the anchor that is then available as a JobAnchor property in the second task allowing to avoid complex reference property lookup.
To properly utilize the anchor feature, recommends using the expression helper function Extensions.GetFirstValue(params string[] values).
Running the function returns the first of the provided arguments that has a value neither null nor empty.
Extensions.GetFirstValue(ROPE_DistinguisedName, ROPE_AccountExternalAnchor, JobAnchor)
The function firstly attempts to retrieve value from the Import, if it's not set, then from provisioning claim and finally from the current job anchor. This ensures that a single mapping is valid regardless if an imported value or anchor is used.
Object detail
There are two object details used in the data model:
-
ResultValuesJsonPath - used when the target system provides a response, where the root object is not a main focus or it is stored within another property. The value of object detail should then point to the relevant object.
You can define the object detail to receive additional message in the Execution log details.
exampleExecution log details before defining ResultValuesJsonPath:
Execution log details after it was defined:
-
AnchorProperty - provides the name of the property in the result storing the anchor, an id of a new object that was generated in the target system.
This value can be used later in the other tasks from the same provisioning job and saved in the provisioning claim.
Extended request logging
To analyze which requests the OPS REST Connector is sending to the target system, you can enable extended logging of the requests. To enable request logging:
- Go to Setup --> Administration --> Connectivity --> Connectors.
- Locate and edit the REST connector in use for the target system. Add
logRequests=truevalue pair to the Connector configuration field (the requested logging is only performed if OPS is configured to use the debug logging):
- To verify or enable debug logging, go to Setup --> Administration --> More --> Configuration.
- Locate and edit the Log configuration object. In the Configuration data field, verify that the OPSEventLog filter has logLevel="debug" value.
- To finalize, click Commit settings from the system or the Operations dashboard.
The OPS REST Connector will now log all requests and responses to the configured log sources. To better locate the log entries, each entry is prefixed with Request trace.
The number in the parentheses, Request trace(1), can be used to correlate the request and the response. The above example is the response from request number 1. Filtering or searching for Request trace(1) will list the request as well. The entire request body is logged, including passwords, client secrets, etc., in clear text, so you should only use this setting for troubleshooting.
Task status verification
The task status verification allows you to verify the status in a situation when the API is returning a response code indicating that the task was successful, but the content of the response body contains more information within itself.
To retrieve detailed information you can perform the following additional configuration:
-
Add the ResponseHttpCodePath object detail in the data model.
This object detail provides a JSON path to a response value with an actual HTTP response code.
{
"code": 500
} -
Set the ReponseMatchPath and ReponseMatchExpression (as object details) to match the HTTP response code with a regular expression.
If you receive the following response:
{
"result" : "The service failed to add/update user"
}you can search for the failed value by setting the following configuration:
ReponseMatchPath=$.resultResponseMatchExpression=\bfailed\b
-
Set the ResponseMessagePath (as object details).
This allows to specify a JSON path to a response value from where the error message is read. When not specified the returned message is generic.