Try OpenEdge Now
skip to main content
Programming Interfaces
Input/Output Processes : Making HTTP(S) requests from ABL applications : Security considerations
 

Security considerations

HTTPS/SSL and client-side certificates

The HTTP client can make requests to HTTPS URLs as long as the correct client-side certificates are installed in the OpenEdge certificate store. The HTTP client does not automatically install client certificates.
See the OpenEdge Getting Started: Installation and Configuration guide for more information on installing and managing certificates.
Probably the easiest way to retrieve the relevant certificates is to navigate to the URL you're interested in using your browser. Modern browsers indicate that they're connected via SSL with a padlock or some other visual affordance. This is usually clickable and includes a means to inspect and export the certificates for that site. Make sure you export all of the certificates for the site (there's usually a tree or chain of them) and import them into the OpenEdge certificate store.

HTTP Authentication

The HTTP Client supports HTTP Basic and Digest authentication, either pre-emptively (ie set by the developer in advance) or on request (using a 401/Unauthorized status and the WWW-Authenticate header).

Credentials

Credentials are not persistently stored in the HTTP client library. Credentials can be added to a request or URI using an OpenEdge.Net.HTTP.Credentials object, which is a simple set of properties for user domains, names and passwords. These credentials are used to provide authentication to a request.