Blog Banner

Building Applications for Headless Sitefinity

Working with Sitefinity WebServices is easy and convenient, whether you wish to build applications using the headless features of Sitefinity through Windows Apps (UWP, WPF or the new Project Reunion from Microsoft), external web sites using Angular, React or Vue, Xamarin Mobile apps, NativeScript apps, Objective C, Swift and more.

It is a much less verbose API than the WCF one still currently available in the product and used in the old backend UX.

But before you go ahead and try the ODATA based REST API on a website or a mobile app, you might want to take it for quick ride around the block. There are many tools that will allow you to test REST API calls including FiddlerSoapUIPostMan and many others.

In this blog, we will take a look at what it would take to get PostMan to work with the Sitefinity ODATA based REST API.

First you might want to download the Free PostMan app from here

Then, we will need to set the Authentication in Sitefinity, here’s how:

    - Head on over to the backend of your Sitefinity instance and choose Administration >>Settings >>Advanced >>Authentication

    - Expand the "SecurityTokenService" node and the "IdentityServer" node.

    - Under "Clients", create a new client, call it whatever you want, in my case here, I called it "linoapp".

    - Set the ClientID, enable it, and pick "ResourceOwner" for the Client Flow.

For now, set the "Allow access to all scopes" to true. (You can tighten this up later on for production).



Sitefinity Settings

Nothing else needs to change for the rest of the configuration items on that page. Save the changes.

Expand the newly created node for "linoapp" and set the "client secret" to whatever you would like. I chose "secretmagic" as my secret value.




Secretmagic


Now let's head to PostMan and try to invoke an API to retrieve all the NewsItems in the Sitefinity instance.



error message


Unfortunately, you will get an error message stating: "The current user is not allowed access" when you issue a GET command with the URL "http://<your site>/api/default/newsitems” as you can see above.

The reason is the fact that Web Services is set to be accessible by administrators only as the default.  You can change that in the backend to allow everyone access or just authenticated users if you wish.



So first, let's fix the problem the easy way, head to the backend and change the accessibility to "Everyone"



edit a web service


Now if we go back to PostMan and execute the GET command again as is, we will get all News Items in Sitefinity back in JSON format.



postman

 

To test it with authentication, let's change it back to "Administrators Only" or "Authenticated Users." Now we have to request a TOKEN from Sitefinity first to establish an authorization mechanism. 



To do that in PostMan, issue a POST command first to the following URL http://<yoursite>/Sitefinity/Authenticate/OpenID/Connect/Token passing in the following keys:

 

- username

- password

- grant_type

- scope

-client_id

-client_secret

post command

You will get a response that includes the Access Token value, expires in 3600 seconds and the type of the token is "Bearer."



So now if I want to issue a GET on the NewsItems that is protected by Administrators only or authenticated Users only, I would go back to the GET command in PostMan and issue the command. However, this time I will need to pass the Access Token in the header with the "Bearer" string before it, as you can see in the image below



access token

Executing this GET with the authorization Token within 1 hour of issuance will result in the entire JSON packet of all NewsItems to be returned.

I hope this post helps you get started with testing your Sitefinity REST APIs. Now you can take this info and use it on web sites using javascript, windows apps using C# or VB, or mobile apps using swift, java or Objective C.

Happy Coding!

Alain "Lino" Tadros is the Chief Evangelist and Head of Training at Americaneagle.com. Previously, President & CEO of Falafel Software, a Silicon Valley based company, dedicated to providing world-class consulting, training, and software development for small, medium, and enterprise level businesses. Prior to founding Falafel, Lino was a well-respected member of the development team at Borland for Delphi and C++Builder. Lino has been awarded Microsoft MVP status 15 years in a row for his numerous contributions to the C# community and is an expert in AI & Machine Learning, .NET, Azure, ASP.NET, MVC, iOS, Android, Xamarin, Sitefinity. Lino is an industry renowned speaker and has given numerous presentations in 53 countries since 1994. He currently sits on the Board of Directors of 4 Silicon Valley corporations.

Write a review