:orphan: HTTP Bridge Caller ================== Introduction ------------ The *HTTP Caller* feature is available starting with Crossbar **0.10.3**. The *HTTP Caller* is a service that allows clients to perform WAMP calls via HTTP/POST requests. Crossbar will forward the call to the performing server and return the result. Try it ------ Clone the `Crossbar.io examples repository `__, and go to the ``rest/caller`` subdirectory. Now start Crossbar: .. code:: console crossbar start This will register a simple procedure that takes two integers, adds them together, and returns the result. To test this out, you can use `curl `__: .. code:: console curl -H "Content-Type: application/json" \ -d '{"procedure": "com.example.add2", "args": [1, 2]}' \ http://127.0.0.1:8080/call ...or any other HTTP/POST capable tool or library. Configuration ------------- The *HTTP Caller* is configured on a path of a Web transport - here is part of a Crossbar configuration: .. code:: javascript { "workers": [ { "type": "router", ... "transports": [ { "type": "web", ... "paths": { ... "call": { "type": "caller", "realm": "realm1", "role": "anonymous" } } } ] } ] } The service dictionary has the following parameters: +---------+----------------------------------------------------------------------------------------------------------------------------------------+ | option | description | +=========+========================================================================================================================================+ | type | MUST be "caller" (required) | +---------+----------------------------------------------------------------------------------------------------------------------------------------+ | realm | The realm to which the forwarding session is attached that will inject the submitted events, e.g. "realm1"(required) | +---------+----------------------------------------------------------------------------------------------------------------------------------------+ | role | The fixed (authentication) role the forwarding session is authenticated as when attaching to the router-realm, e.g. "role1" (required) | +---------+----------------------------------------------------------------------------------------------------------------------------------------+ | options | A dictionary of options (optional, see below). | +---------+----------------------------------------------------------------------------------------------------------------------------------------+ The ``options`` dictionary has the following configuration parameters: +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | option | description | +=========================+====================================================================================================================================================================================================================================+ | key | A string that when present provides the key from which request signatures are computed. If present, the secret must also be provided. E.g. "myapp1". | +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | secret | A string with the secret from which request signatures are computed. If present, the keymust also be provided. E.g. "kkjH68GiuUZ"). | +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | post_body_limit | An integer when present limits the length (in bytes) of a HTTP/POST body that will be accepted. If the request body exceed this limit, the request is rejected. If 0, accept unlimited length. (default: 0) | +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | timestamp_delta_limit | An integer when present limits the difference (in seconds) between a signature's timestamp and current time. If 0, allow any divergence. (default: 0). | +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | require_ip | A list of strings with single IP addresses or IP networks. When given, only clients with an IP from the designated list are accepted. Otherwise a request is denied. E.g. ["192.168.1.1/255.255.255.0", "127.0.0.1"] (default: -). | +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | require_tls | A flag that indicates if only requests running over TLS are accepted. (default: false). | +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | debug | A boolean that activates debug output for this service. (default: false). | +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ Making Requests --------------- To call WAMP procedures through Crossbar, issue a HTTP/POST request to the URL of the Crossbar HTTP Caller service with: 1. Content type ``application/json`` 2. Body containing a JSON object 3. Two query parameters: ``timestamp`` and ``seq`` For a call to a HTTP Caller service, the body MUST be a JSON object with the following attributes: - ``procedure``: A string with the URI of the procedure to call. - ``args``: An (optional) list of positional event payload arguments. - ``kwargs``: An (optional) dictionary of keyword event payload arguments. Signed Requests ~~~~~~~~~~~~~~~ Signed requests work like unsigned requests, but have the following additional query parameters. All query parameters (below and above) are mandatory for signed requests. - ``key``: The key to be used for computing the signature. - ``nonce``: A random integer from [0, 2^53] - ``signature``: See below. The signature computed as the Base64 encoding of the following value: :: HMAC[SHA256]_{secret} (key | timestamp | seq | nonce | body) Here, ``secret`` is the secret shared between the publishing application and Crossbar. This value will never travel over the wire. The **HMAC[SHA256]** is computed w.r.t. the ``secret``, and over the concatenation :: key | timestamp | seq | nonce | body The ``body`` is the JSON serialized event. You can look at working code `here `__.