E9.2 General Design Question - External REST call and token

[Stank1964]

I need to create a few orchestrations that will dip my feet into calling outbound from JDE. To date, I have only worked on inbound orchestrations. Now, the orchestrations will require a token, a valid token, that will expire at some frequent interval. Can someone share we me how this is generally designed in Orchestrator?

I do apologize if this topic has been already covered here, I cannot figure out how to get around the search functionality being disabled on this site.

Thanks!

 

[DaveWagoner]

so you're calling an API external to JDE, and that API requires that you obtain access token that expires from time to time?

i've figured this out in one specific case, with DocuSign's API. This is the most complicated thing I've done yet in Orch, it's a bit crazy since I'm not working every day with java code. I think as with most things in Orchestrator there's not a standard pattern for this. It's down to your own comfort level, etc.

Here's a quick rundown of the steps I take with that. This is tricky stuff and can be api-by-api. I generate the JWT (the access token request) and gain a fresh access token EACH TIME the orchestration runs, since this is a semi-frequent run, not something I need to "keep alive" over the course of the day. I'll be presenting this at conference on a 500' level, tossed a relevent slide at the end of this post.


1) Generate a JWT to send to DocuSign to gain the access token. This is literally crazy, I needed to work with a CNC to install additional libraries on our server. Here are the includes for that, and a list of helpful articles I used to figure this stuff out.:

import java.security.KeyFactory;
import java.security.Signature;
import java.security.interfaces.*;
import java.security.spec.EncodedKeySpec
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTCreationException;
import java.security.PrivateKey;
import java.security.*;
// https://stackoverflow.com/questions/45189859/java-simpledateformat-formatter-to-return-epoch-time-with-milliseconds
// https://stackoverflow.com/questions/1459656/how-to-get-the-current-time-in-yyyy-mm-dd-hhmisec-millisecond-format-in-java
// https://blog.mrhaki.com/2018/06/groovy-goodness-base64-url-and-filename.html
// https://www.quickprogrammingtips.com/java/how-to-create-sha256-rsa-signature-using-java.html
// https://groovyconsole.appspot.com/script/5127435238506496
// https://groovy-lang.org/syntax.html#_triple_double_quoted_string
// https://github.com/auth0/java-jwt/blob/master/README.md#available-algorithms
// https://jwt.io/libraries
// https://www.cryptool.org/en/cto/openssl
// https://stackoverflow.com/questions/29412354/rsa-public-and-private-key-as-string-variables-in-java
// https://github.com/docusign/docusign-esign-java-client/blob/5dc8c9106e03e4b5e2ba797af300c9aee18417d9/src/main/java/com/docusign/esign/client/auth/JWTUtils.java

2) To generate the JWT you need to generate a SSH Keypair, store it properly, save it, etc etc. It's a PITA.
3) Send the JWT to the DocuSign Token Generator endpoint, and if everything is correct it will accept your credentials and send back an access token. Use that in subsequent API calls in the header. Here's what my header looks like in Orch: