AnsweredAssumed Answered

Using the REST API, how do I authenticate and properly request an image URL which is stored in a container field?

Question asked by teewuane on Feb 20, 2018
Latest reply on Jun 6, 2018 by FMCostaRica

I am using the REST API to retrieve a list of records from our FileMaker server 16 database.

 

Here are the docs I've been following: FileMaker 16 Data API Guide

 

A record has a container field where we store an image.

 

According to the documentation, (

FileMaker 16 Data API Guide > Write FileMaker Data API Calls > Data Format Notes > Last bullet...

) "For container field data, the FileMaker Data API returns a URL with the path reference to the container data object."

 

That URL does come back correctly and it looks like this...

https://our-ip-address/Streaming_SSL/MainDB/0497C03F3545F04FE7F7288B5DD714B5914F405F002ACF30F8AD605A6447FBBB.jpg?RCType=EmbeddedRCFileProcessor

 

If I try to navigate to that url via a web browser, 99% of the time the server will respond with "401 Unauthorized".

 

1% of the time, somehow, a "X-FMS-Session-Key" cookie is set in my browser for the domain of the url. When that happens, the server will respond with the actual image.

 

If I delete that cookie so it is no longer in the request header, then it will go back to returning a 401 response.

 

Okay, so I think I've found the problem, I need the "X-FMS-Session-Key" cookie included in the request.

 

I try to recreate the exact same request to the image url with curl or python requests. I set the same headers as the browser is using to make the request. In the browser it will load, in python or in curl it will respond with a 401.

 

How do I properly authenticate and create a session (or whatever is needed) so that I can request images?

 

I do not intend to load the images directly into a web browser, I have a script that temporarily downloads the images to a local disk.

 

Also, for what it is worth, the domain my application uses and the domain our filemaker server exists at are different domains.

Outcomes