Connect REST API

dpena1 · July 28, 2025, 9:32am

Hi,

I have found is possible to bypass SSL certificate validation in scripting using this syntax of httpPost : system.net.httpPost | Ignition User Manual but I am not able to use it, has anybody any sample of it?

The issue is that I have a REST API with self-signed certificate and I am not able to connect it and getting this error message:Error retrieving token: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Thanks

pturmel · July 28, 2025, 10:39am

Show us what you tried.

dpena1 · July 28, 2025, 10:57am

I tried the standard call this way:

# URL
url = "https://localhost/identitymanager/connect/token"

# Form data as a URL-encoded string
postParams = {"grant_type":"client_credentials","client_id":"Ignition","client_secret":"DefaultPassword"}

# Send the POST request
try:
    response = system.net.httpPost(url,postParams)
    event.source.parent.getComponent('Text Area').text = "Token response:\n" + response

    # Optionally decode JSON
    #tokenData = system.util.jsonDecode(response)
    #accessToken = tokenData["access_token"]
    #system.perspective.print("Access token:\n" + accessToken)

except Exception as e:
    event.source.parent.getComponent('Text Area').text = "Error retrieving token: " + str(e)

And getting the PKIX error, then I found the other call and tried this way:

url = "https://localhost/identitymanager/connect/token"
contentType = "application/x-www-form-urlencoded"
postParams = "grant_type=client_credentials,client_id=Ignition,client_secret=DefaultPassword"

try:
    response = system.net.httpPost(url, contentType, postParams, 50000, 50000, bypassCertValidation=True)
    json = system.util.jsonDecode(response)
    event.source.parent.getComponent('Text Area').text = "Access Token: " + json["access_token"]
except Exception as e:
    event.source.parent.getComponent('Text Area').text = "Error: " + str(e)

And I am getting a 400 error from the server so I assume I am not using it in the right way because Postman is able to connect (with SSL certification validation disabled)

pturmel · July 28, 2025, 11:13am

That will only catch jython errors, not java errors.

Add another except clause with except Throwable, t: with from java.lang import Throwable outside your library function.

Consider also using system.net.httpClient, as it has numerous foundational improvements over the other system.net.http* functions.

clifford.ayer · July 28, 2025, 1:45pm

@dpena1 -- in the past, I needed to include 'headers' as part of the token retrieval process; usually provided by the API provider.

@pturmel --I read somewhere on this forum, maybe in the user manual, that creating an httpClient() is very heavyweight. Is there a best practice when implementing these? In the past I have used these when running longer SFCs but have always wondered if that was the best use of them.

pturmel · July 28, 2025, 2:29pm

They are heavyweight if you create a new one for every request. Don't do that. Create a client in a project library script, outside any function, and you can use it and re-use.

(This kind of code should always be in the project library, not directly in events or transforms.)

clifford.ayer · July 28, 2025, 2:34pm

I feel better. I called once per SFC call and reused throughout until the block chain completed. Now, sometimes there were several different SFC running simultaneously, each with their own httpClient but, based on what you're saying that should be okay.

pturmel · July 28, 2025, 2:35pm

Likely, but still heavier than necessary. They could all share just one httpClient instance.