How to fetch the Ticket after calling API_Authenticate in javascript

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered

Want to fetch the ticket after using :

$.getScript("https://myDomain/db/main?act=API_Authenticate&username=USER&password=@PassWord...;


Ia a javascript code page.

Want to use the ticket to process some data, and then invoque again to return to another role.

Don't know how to parse the results.

Photo of eduardo

eduardo

  • 40 Points

Posted 3 years ago

  • 0
  • 1
Photo of Ⲇanom the ultimate (Dan Diebolt)

Ⲇanom the ultimate (Dan Diebolt), Champion

  • 29,924 Points 20k badge 2x thumb
You don't need to worry about capturing the ticket if the user is logged in as it will be sent by the browser automatically as an httponly cookie.
Photo of eduardo

eduardo

  • 40 Points
Dan let me explain.

1.- I am sending a survey link (that directs to other program) to my customers. That survey link carries some variables of my quickbase record, so that I can identify back the record.

2. - On completion they are redirected to an “everyone on the internet” enabled app, to a redirection.html code page. The link has a couple of variables related to the answers of my customer, and related quickbase records.

3. - In this redirection.html, I want to:

a. - Log the respondent in a specific role.
b. - Create a new quickbase record, in a table using the forwarded variables. This record will be related to the record that originated the survey link on first instance.
c. - Log the respondent in another role.
d. - Redirect to another quickbase HTML code Page, thanksResponding.html

4. - thanksResponding .html will show a personalized Thanks message, and in a near future a voucher or special offer.

I have achieved to 3.a (included), but I am not able of creating the record or redirecting to 4

Thought I needed to include the ticket in the api call that why I asked to be able to pick it
Photo of Ⲇanom the ultimate (Dan Diebolt)

Ⲇanom the ultimate (Dan Diebolt), Champion

  • 29,924 Points 20k badge 2x thumb
I would have to see the detail URLs to make sense out of this.

The only place to grab the ticket is immediately after the API_Authenticate call. Once you are authenticated the ticket is sent automatically via an httponly cookie. This new ticket will wind up replacing the current ticket you obtained via the web login page.

Generally passing the ticket around to other systems is a security issue because the ticket is all that is needed to access your QuickBase session. Also, "ticket sharing" may violate QuickBase's terms and conditions if the purpose was to give multiple users access using one ticket (it is no different than two people gaining access to a physical event by reusing a single physical ticket). I doubt this applies to your scenario but I thought I would mention it.

Code like the following will give you access to the ticket:

var url = "https://subdomain.quickbase.com/db/main";
var username = "";
var password = "";

$.post(url, {
  act: "API_Authenticate",
  username: username,
  password: password
}).then(fun tion(xml) {
  var ticket = $("ticket", xml).text();
  //your code here
});
Photo of eduardo

eduardo

  • 40 Points
1.- I send:

https://otherAPPService.com/r/camacaritim?cpfVendedor=05167764521&gsm=71991250619&nomeVendedor=MARCELA%20ARAUJO&nomeCliente=GILLIARD%20RODRIGUES%20DOS%20SANTOS&numeroPedido=SV0042321&filial=03-%20INOVAINFO%20CAMACARI


2.- When Customer answers survey it is redirected to:

https://myDomain.com/db/dbid?a=dbpage&pagename=obrigadoSimples.html&gsm=71991250619&nomeVendedor=MARCELA+ARAUJO&cpfVendedor=05167764521&filial=03-+INOVAINFO+CAMACARI&nomeCliente=GILLIARD+RODRIGUES+DOS+SANTOS&numeroPedido=SV0042321


3.- in code page obrigadoSimples.html

I want to:

1.- Grab the variables:

  var dbidSurvey = "xxxxx";
  var apptoken = "yyyyy";
  $.ajaxSetup({data: {apptoken: apptoken}});

var getQueryString = function ( field, url ) {
    var href = url ? url : window.location.href;
    var reg = new RegExp( '[?&]' + field + '=([^&#]*)', 'i' );
    var string = reg.exec(href);
    return string ? string[1] : null;
};
var nomeCliente = getQueryString('nomeCliente');
var numeroPedido = getQueryString('numeroPedido');



2.- Autenticate to be able to:
create a record in the background...

... and redirect to another page.


//a.- Creates the record

var url = "https://subdomain.quickbase.com/db/main";
var username = "";
var password = "";

$.post(url, {
  act: "API_Authenticate",
  username: username,
  password: password
}).then(function(xml) {
  var ticket = $("ticket", xml).text();

  $.post(dbidSurvey, {
  act: "API_AddRecord",
  _fid_6: numeroPedido,
ticket: ticket

}).then(function(xml1) {

//b.- redirects

var newUrl = "https://myDomain.com/App/Dbid?a=dbpage&pagename=obrigado.html&nomeCliente="+nomeCliente+"&numeroPedido="+numeroPedido;
$.getScript(newUrl);
});
});