Invoking script through Automation Script Handler
The REST API can support most customer use cases for retrieving or processing data, through simple configuration. Occasionally, there are scenarios where that is difficult to do with existing APIs. In those cases you can create a script and not a launch point and call it with either a GET or POST like:
|request||OslcRequest representation of the request being made. This exposes important methods such as request.getQueryParam(“parameter”) and request.getHeader(“header”) to retrieve values provided as a query parameter or header respectively. You can also access the UserInfo by calling request.getUserInfo().|
|requestBody||A string representation of the data submitted on request (for POST/PATCH/PUT)|
|httpMethod||Whether this was a GET, POST, PUT, etc. Can also be retrieved by calling request.getHttpMethod().|
|responseBody||The script sets this as either a byte or String to return in the response. This is not required if you do not intend to return a response.|
|responseHeaders||The script can provide additional headers to this HashMap to return to the calling application.|
# This example will change the user's default insert site based on the query parameter.# This is different than setting it on the MAXUSER record because this updates for the current session.from psdi.server import MXServermaxServer=MXServer.getMXServer()siteid=request.getQueryParam("siteid")if siteid and maxServer.isValidSite(siteid):userInfo=request.getUserInfo()userSet=maxServer.getMboSet("MAXUSER",userInfo)userSet.setQbeExactMatch(True)
Call with a GET/POST request like:
Out of the box, any automation script can be called by an authenticated user via the REST API. There are two ways that this can be secured to restrict who can call these automation scripts.
Restrict the Script Handler
In the Object Structures application, under the More Actions open the “Add/Modify API Route” dialog. Filter for the name “script” and you should see two results (one for POST and one for GET requests). For each entry you can tie an application and option name that will require the user to have that specific permission to be able to use the script handler via the REST API. This will apply to all automation scripts.
Restrict individual automation script
If you need more granular security (IE specific authorization for specific scripts) you can create two variables (authapp & authsigoption) on the automation script. These need to be a variable type of IN (or INOUT) with a binding type of LITERAL.