Professional Documents
Culture Documents
OVERVIEW
The EBMX HTTP/S interface to the EBMX allows trading partners to securely
deliver/access information to/from the EBMX through a client-side application.
This interface is explored in this document as a potential application
programming interface, called the EBMX HTTP/S API. This API uses the
HTTP/S protocol, over which a supplier can login to the EBMX environment,
and upload/retrieve documents to/from the EBMX. This information is
presented in this manner as it is presumed that accessing the EBMX HTTP/S will
be part of a larger application.
1
EBMX HTTP/S Architecture
INTERNET
Trading Partners
Reverse Proxy
Firewall
EBMX
Usage Example
This example describes the steps required to upload two files to the EBMX
environment and retrieve any documents currently available for the given
supplier. Note that the EBMX_LOGIN_Request, EBMX_DOWNLOAD_Request,
EBMX_DOWNLOAD_CONFIRMATION_Request, and
EBMX_SUBMIT_Request used in this example are discussed further in the EBMX
HTTP/S ‘API’ section later in this document. They are addressed here to
provide a general description of the functionality required.
1. The client application must provide a valid EBMX userid and password
by executing the EBMX_LOGIN_Request.
2. Next, the client can download documents by executing the
EBMX_DOWNLOAD_Request. Once the download request is complete,
proceed with a confirmation,
EBMX_DOWNLOAD_CONFIMTION_Request, of the documents
actually received.
3. To upload a file, the client side application would use the
EBMX_SUBMIT_Request that will allow the upload and submission of a
single document into the EBMX.
2
4. To upload a Zip file, the client side application would use the
EBMX_SUBMIT_Request that will allow the upload and submission of a
single zipped document into the EBMX.
Commentary: Since HTTP is a stateless protocol, each call to the EBMX Servlet is
independent. Thus, you will have to create a new URLConnection for each
call/request. Web browsers behave in a similar fashion: they send a request,
obtain a response and that is the end of that particular connection.
Sample Syntax:
// open the connection
url = new URL(pUrlAddress);
urlConn = (HttpsURLConnection)url.openConnection();
// set the connection properties.
urlConn.setDoInput (true);
urlConn.setDoOutput (true);
urlConn.setUseCaches (false);
urlConn.setRequestMethod("POST");
urlConn.setRequestProperty("Content-Type","application/x-www-form-urlencoded");
Commentary: The Web Server maintains a single session across your multiple
requests by embedding the session ID in the HTTP request. If developing your
own interface, make sure that the session ID is in each request. Subsequent
requests use this ID; therefore, if it is not present, future request will fail. Web
browsers maintain sessions by encoding the sessionID in each request “URL” or
with the help of cookies.
3
Sample Syntax:
String sessionCookie;
// If this is not the first call, a session must
// already have been established. Therefore, continue
// in that session.
if (sessionCookie != null) {
urlConn.setRequestProperty("Cookie",sessionCookie);
}
// this is the first attempt, so obtain the
// session cookie for future use.
else {
String setCookie = urlConn.getHeaderField("Set-Cookie");
System.out.println("setCookie is " + setCookie);
StringTokenizer st = new StringTokenizer(setCookie,";");
sessionCookie = st.nextToken();
}
Commentary: Either the GET or the POST action types can be used to make
requests. In the GET option, the URL string has the parameters concatenated to
the end and thus is viewable on interception unless encoded. In addition, a GET
string is limited to 255 characters. In the POST option, the values of parameters
are not viewable and there is no size limitation. Though the server can handle
both types of requests, the POST option type of request is strongly encouraged.
Sample Syntax:
4
Making HTTP/S requests
Commentary: HTTP/S requests require that the security properties be on. The
basic concept is that the client code should know that it has to deal with security
aspects such as accepting the server certificate and providing it’s own certificate
if needed. This is the role of the X509 Trust Manager implementation.
Sample Syntax:
Sample Syntax:
try {
urlConn.disconnect();
System.out.println("connection closed");
} catch (Exception e) {
5
EBMX HTTP/S ‘API’
This section describes each function required to communicate with Chrysler’s
EBMX HTTP/S mailbox. The sections are presented as an ‘API’, with the
presumption that they are part of a larger application. While no API exists in the
traditional sense (i.e. you must create this), these are suggested API interfaces
which are analogs of the required functionality. These correspond to the Usage
Example described earlier in the document. Each section describes the suggested
API name, its arguments, notes, a commentary, the request/response and sample
Java code.
NOTE: The login must be the first request performed, prior to any others. In
order to send any of the remaining requests, it is required that a successful
response be returned. A successful response contains the character string
“Success! MemberType is 0”; any other response will invalidate all subsequent
requests.
Commentary: The Java client must construct a POST string based on a valid
EBMX username and password and open a URL Connection for it. If the request
contains a valid username and password, the return will contain a success string;
otherwise, the response will contain a failure string. Note that the “function”
parameter must always have the value “login” when attempting a login request.
After completion of this request, all other API requests will use the username
specified.
Response:
Success! MemberType is 0
Failure!
6
Sample Syntax:
EBMX_LIST_Request (params)
Request: The POST string required to list documents for a given filetype is:
String postString = URLEncoder.encode("function") + "=" +
URLEncoder.encode("listfiles") + "&" + URLEncoder.encode("doctype") + "=" +
URLEncoder.encode(doctype);
7
Request: The POST string required to list documents for a given date range is:
Request: The POST string required to list only new documents of a specific
filetype is:
Response: The response will consist of an html page with the following fields
provided: EBMX Tracking Id, Sender ID, ReceiverID, FileType, FileName,
CreationDt, NumOfTimesDownloaded, lastDownloadedDt and fileSize for each
item in the database.
Sample Syntax:
8
postRequest(postString);
// write output to System.out and also write to a temporary string
StringBuffer dnldList = new StringBuffer();
outputResponse(System.out,dnldList);
closeURLConn();
} catch (Exception e) {
e.printStackTrace();
}
}
EBMX_DOWNLOAD_Request(EBMX TrkIds)
EBMX TrkIds : A comma separated list of tracking ids must be sent to specify
which files/documents should be downloaded.
Commentary: The list of tracking IDs is typically derived from the list returned
from EBMX_LIST_Request above. Only those tracking IDs requested for
download will be downloaded, regardless of any prior calls to
EBMX_LIST_Request. In other words, you must explicitly describe the tracking
IDs to download. The download process builds a zip file with a unique name
that contains the requested documents is returned. A control file with the unique
name zipfilename_control_file.txt is contained in the zip file. This control file
will list out the EBMX Tracking Ids, filenames and filesizes of each of the
documents in the zipped file. If the file ceases to exist on the server because of the
purging process, the control_file will reflect that information (trackingid purged
0). The client application is responsible for verifying that all documents listed in
the control file are valid. Once verifying the download file, the client must send
the EBMX Download Confirmation Request (see below) to confirm the successful
receipt of the documents. If there is no confirmation sent after the download, the
documents are not marked as downloaded. Therefore, the next
EBMX_LIST_Request, with the newdocsonly parameter set to Y, will contain
these documents.
Request: The POST string required to retrieve a selected group of documents is:
9
Sample Syntax:
EBMX_DOWNLOAD_CONFIRMATION_Request(EBMX TrkIds)
EBMX TrkIds: A comma seperated list of EBMX Tracking Ids representing the
documents to be confirmed as delivered to the supplier.
Commentary: The client application must verify the receipt of files downloaded
as the result of a EBMX_DOWNLOAD_Request. This is provided to allow the
supplier to keep track of what has/has not been downloaded. It is the
responsibility of the client to ensure all documents requested for downloaded
were correctly downloaded. Each file successfully downloaded should be put
into a comma-separated list of the corresponding EBMX Tracking IDs and sent as
a confirmation request. NOTE: The client is not required to confirm the delivery
of all of the documents retrieved. However, it is highly encouraged that this is
done to keep track of when documents were downloaded and to preserve proper
functioning of newdocsonly selection criteria for the EBMX_LIST_Request. In
otherwords, if documents are never confirmed, they will be repeatedly listed as a
‘new document’.
10
Response:
Success! Download confirmed.
Failure!
Sample Syntax:
The file name portion of the file path should contain a valid file name. Valid file
names consist of upper and lower case alphabetic characters, numbers,
underscores, and periods. No embedded spaces are allowed. No special
characters are allowed. File name length should be no more than 100 characters.
Note: The partnership in question should have been configured to make use of
this functionality before this can produce the desired results.
11
Request: This request is executed as an HTTP POST string. However, it is quite
different from the POST strings described above. Read the example below to see
how one is constructed.
Response:
Success! The tracking id is xxxx.
Failure!
[HTTP_ERROR_TYPE BAD REQUEST] Not Multipart request.
[HTTP_ERROR_TYPE BAD REQUEST] Boundary problem.
[HTTP_ERROR_TYPE BAD REQUEST] Max file size allowed is xxxx.
Sample Syntax:
12
// post the request to url
// NOTE: assumption is that session has already been started.
httpRequestStream = new
DataOutputStream(urlConn.getOutputStream());
httpRequestStream.writeBytes(postHeader);
httpRequestStream.write(tempByteArray);
httpRequestStream.writeBytes(postEnd);
httpRequestStream.flush();
httpRequestStream.close();
// write output to System.out
outputResponse(System.out,null);
// close the connection
closeURLConn();
System.out.println("called filesubmit");
}
catch (Exception e) {
e.printStackTrace();
}
}
The file name portion of the file path, as well as the file name within the zip file,
should contain a valid file name. Valid file names consist of upper and lower
case alphabetic characters, numbers, underscores, and periods. No embedded
spaces are allowed. No special characters are allowed. File name length should
be no more than 100 characters.
Note: The partnership in question should have been configured to make use of
this functionality before this can produce the desired results.
13
Response:
Success! The tracking id is xxxx.
Failure!
Zip file contains more than one file.
[HTTP_ERROR_TYPE BAD REQUEST] Not Multipart request.
[HTTP_ERROR_TYPE BAD REQUEST] Boundary problem.
[HTTP_ERROR_TYPE BAD REQUEST] Max file size allowed is xxxx.
Sample Syntax:
14