Blackline Web Services Connection -- CURL 500 error

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

I can make a connection with Postman to Blackline but can’t connect with the Web Services Connector. I am currently trying with a Curl command, with no success. I had tried through the UI configuration as well as manipulate parameters through VSCODE.

I created a new connector to start fresh with the curl command.

I figure if I can get the curl command to work I can then use it but substitute in the variables rather than hard coded values.

Postman curl command: (removed sensitive data)

curl --location 'https://sbus.api.blackline.com/connect/token' \
--header 'Authorization: Basic UyCcuSHNRIXQ=' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: GCLB=CLPhh-T_g8TXvQEQAw' \
--data-urlencode 'grant_type=password' \
--data-urlencode '[email protected]' \
--data-urlencode 'password=f780d' \
--data-urlencode 'scope=bl.users bl.mdm ReportsAPI DataIngestionAPI instance_B0295'

My attempted curl command is pasted below with sensitive data removed:

"curlCommand": "curl -X POST https://sbus.api.blackline.com/connect/token --header 'Authorization: Basic UyQ=' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=password' --data-urlencode '[email protected]' --data-urlencode 'password=f70d' --data-urlencode 'scope=bl.users bl.mdm ReportsAPI DataIngestionAPI instance_B0295'",

What am I doing wrong with the structure of the command that would be causing it to fail?

Currently I’m receiving the error:

{“errorcode”:“steps.javascript.ScriptExecutionFailed”}}}, HTTP Error Code: 500

2

As someone who has a working Blackline connection, the only thing I see missing in your setup is sending the client_id and client_secret fields. The rest looks the same.

3

Hi @ts_fpatterson

Everything looks fine, but I suspect the issue might be with the basic Client ID and Client Secret in the header. Could you verify that?

4

@ts_fpatterson can you check if the clientSecret or password contains any special characters, such as &? If so, try once by replacing it with the corresponding encoded character (&%26)

5

The client id and secret are part of the authorization in the header. This is based on their documentation and postman configuration.

6

I resolved the 500 error and now have a 400 error.

I was able to get the curl command in SailPoint ISC to work from the command line, but not within SailPoint ISC itself.

This curl command is working from the prompt.

curl --location ‘https://sbus.api.blackline.com/connect/token’ --header ‘Authorization: Basic ’ --header ‘Content-Type: application/x-www-form-urlencoded’ --header ‘Cookie: GCLB=CLPhh-T_g8TXvQEQAw’ --data-urlencode ‘grant_type=password’ --data-urlencode ‘username=’ --data-urlencode ‘password=’ --data-urlencode ‘scope=bl.users bl.mdm ReportsAPI DataIngestionAPI ’

I have removed the cookie from the command prompt as well as the SailPoint Web Services configuration with no improvement or adverse effect.

I’m not sure what more to do to modify the configuration.

7

Can you confirm what type of authentication is being used ? Ideally, ‘Custom Authentication’ with the payload request body type set to ‘Form-Data’ should be used to include the credentials in the request payload.

8

Yes to both as being used.

“operationType”: “Custom Authentication”,
“bodyFormat”: “formData”

However, with the curl command being enabled, I don’t know that it even looks at the operationType or bodyFormat.

9

Ok, could you try using the usual configuration instead of curl to see if that resolves the issue ? Sometimes, curl commands in the config may not be parsed correctly.

10

Your curl command syntax looks mostly correct, but when used inside the Web Services Connector, you need to carefully escape quotes and remove unnecessary single quotes around headers. Try replacing --data-urlencode with simple -d “key=value” pairs, as URL encoding may not be required. Also, ensure that any required headers like cookies are included if needed. The “ScriptExecutionFailed” error often means the command syntax isn’t compatible with how the connector runs scripts, so test with a minimal command first. Checking detailed connector logs will help pinpoint if the request format or server response is causing the failure.

11

When building the connector configuration:

  • make sure to choose the Custom Authentication for the Authentication Type.
  • the base URL is more than likely: https://sbus.api.blackline.com
  • Create a Custom Authetnication HTTP operation
    • Headers should only have the key “Content-Type” with the value of “application/x-www-form-urlencoded”
    • The body should have: grant_type as password, client_secret, client_id, username, password and scope. The password, and client secret should be configured as encrypted attributes and should be hashed. The scope should include the instance information. Example scope: bl.users bl.mdm ReportsAPI DataIngestionAPI instance_
    • The Response Mapping should have customaccesstoken set to an attribute path of access_token
    • Make sure to look for the access / permissions needed for the service account in blackline for all of the api endpoints. See: https://developer.blackline.com/docs/users/1/routes/v1/users/get