Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 7 Next »

The Connexion api service should not be exposed to the public internet.

The Connexion service includes an API which allows you to programmatically modify the Connexion configuration. This API is subject to change as Connexion functionality is updated.

To enable the Connexion api service, run the configuration wizard and check the 'Enable the Connexion API' checkbox. Optionally change the API port (cannot be the same port as other Connexion services):

In order to provide authentication (and TLS traffic encryption), each client which will access this API must provide a certificate. This certificate must be installed within the “Trusted People” folder of the Connexion host machine.

The recommended approach is to create a unique self-signed certificate for each distinct API client. See https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate for information on creating self-signed certificates in Windows. We recommend setting the subject name of the certificate to a value which can identify the consumer (user name, machine name, etc.).

Once you have run the Powershell command, you will find the new certificate in your Personal folder of the Local machine store.

Export this certificate to a file using the default export settings (do not include the private key). Copy this file over to the Connexion host and install it into the “Trusted People” store of the Local Computer. This can be achieved by right clicking the certificate file (on the Connexion host) and choosing the “install certificate” option.

Choose the Local Machine store. Then select the ‘Trusted People’ store as the target.

You have now completed the requirements for the client API to create a tunnel with the API service. Verify that the certificate installed correctly on the Connexion host by looking in the ‘Trusted People’ store.

Deleting an API client certificate from this store will revoke access to the Connexion API.

Next, reference the Connexion Core library (Connexion.Core.dll) and create a proxy to Connexion.

using System;
using System.Security.Cryptography.X509Certificates;
using Connexion.Core.WebApi;

namespace CxnApiClient
{
    class Program
    {
        static async Task Main(string[] args)
        {
            // load the certificate to pass to the cxn api
            var certificate = new X509Certificate2(@"c:\cxnApi\apiCertificate.cer");

            // create a proxy to the api
            using (var proxy = ConnexionApiProxyFactory.CreateProxy("127.0.0.1", 8087, certificate))
            {
                // test the connection
                var result = await proxy.ServiceMethods.GetGroupsAndTabsAsync(new GetGroupsAndTabsRequest(true));
                foreach (var group in result.Groups)
                {
                    foreach (var tab in group.Tabs)
                    {
                        Console.WriteLine($"{group.Name} ({group.GroupKey}) / {tab.Name} ({tab.TabKey})");
                    }
                }
            }

            Console.ReadLine();
        }
    }
}

At this point, you can now make API calls. Please use the async/await pattern (the above code is a contrived example only).

  • No labels