- Qlik NPrinting June2017 and higher
In the following example, POSTMAN Desktop
(Chrome App was deprecated) is used as a test tool, in order to demonstrate how the 'caller' can authenticate using NTLM authentication.
Nprinting authenticates via the cookie provided from the NTLM request.
- This must be a domain user in Nprinting
- This cookie needs to be included in all requests.
- If making a POST request, you need to also include the X-XSRF-TOKEN header with the value of the cookie, otherwise you will receive the error REVEL_CSRF: tokens mismatch.
In the Postman Chrome app, it was possible to use the Interceptor extension in-tandem to get the cookie from the Nprinting Console session open in the browser. However, in Desktop it is necessary to get this cookie by making the GET request to the /api/v1/login/ntlm
endpoint.Follow the following steps:
1. Install and launch Postman Desktop
2. Under Settings, disable SSL certificate verification
(otherwise Postman will say it "Could not get any response" because Nprinting uses self-signed certs)
3. Under the Authorization tab, select NTLM as the authentication Type
, and then enter your credentials. Note that domain needs to be in the Domain
field (do not enter an username such as domain\username; put domain in the Domain
field, and only put the username in the Username
4. Make a GET request to the NTLM endpoint:
This API call produces the following media types according to the request header; the media type will be conveyed by the Content-Type
application/json (Responses are usually 200 (User is authenticated
)or 403 (User is not authenticated. User may not be in the system, not bound to a windows domain or not authorized to use the APIs.
- In case of a 200 response you’ll get a response like the one in the following image:
- You can verify the cookie was set properly (and get the XSRF value) in Postman by clicking on Cookies to view the NPWEBCONSOLE_XSRF-TOKEN cookie. Postman sends this cookie with subsequent requests.
At this point, it is now possible to make GET requests via the Nprinting API. For example, viewing available reports:
You'll get a response like this with the list of your reports:
However, if one needs to make a POST
request then the X-XSRF-TOKEN
header and corresponding cookie value needs to be present in the request; otherwise, the error REVEL_CSRF: tokens mismatch.
will be thrown.