Checksums for DELETEs

For operations that do not permit a request payload, checksums can be specified in the request header. This applies to DELETEs and a small number of business action POSTs that do not permit request payloads.

The header key for a checksum is GW-Checksum. A checksum specified in the header applies only to the root resource.

Send a checksum in a request header using Postman

About this task

You can send checksums in request headers executed from Postman.

Procedure

In Postman, start a new request by clicking the + to the right of the Launchpad tab.
Specify authorization as appropriate.
Add the checksum to the header.
- In the first row of tabs (the one that starts with Params), click Headers.
- Scroll to the bottom of the existing key/value list.
- In the blank row at the bottom of the key/value list, enter the following:
  - KEY: GW-Checksum
  - VALUE: <checksum value>
Enter the request operation and URL.
Click Send.

Results

The response appears below the request. Depending on the checksum value provided, the response will either include a success code or an error message.

Tutorial: DELETE a note using checksums

This tutorial assumes you have set up your environment with Postman and the correct sample data set. For more information, see Tutorial: Set up your Postman environment.

In this tutorial, you will send calls as Elizabeth Lee (user name elee). In the base configuration, Elizabeth Lee is a manager who has permission to delete notes. As Elizabeth Lee, you will create a note. You will then attempt to DELETE the note twice. Both DELETEs will include a checksum value. The first DELETE will fail, and the second will succeed.

Tutorial steps

In Postman, start a new request by clicking the + to the right of the Launchpad tab.
1. On the Authorization tab, select Basic Auth using user aapplegate and password gw.
Enter the following call and click Send:
GET http://localhost:8080/cc/rest/common/v1/activities
Identify the id of the first activity in the payload. This value is referenced below as <activityId>.
Open a second request tab and right-clicking the first tab and selecting Duplicate Tab tab.
1. On the Authorization tab, select Basic Auth using user elee and password gw.
Change the operation to POST and enter the following URL, but do not click Send yet:
1. POST http://localhost:8080/cc/rest/common/v1/activities/<activityId>/notes
Specify the request payload.
1. In the first row of tabs (the one that starts with Params), click Body.
2. In the row of radio buttons, select raw.
3. At the end of the row of radio buttons, change the drop-down list value from Text to JSON.
4. Paste the following into the text field underneath the radio buttons.
```
{
  "data":
    {
      "attributes": {
        "body": "API tutorial note to be deleted with a checksum"
      }
    }
}
```
  Java
Click Send. In the response payload, identify the note's id.
Open a third request tab and right-clicking the second tab and selecting Duplicate Tab tab.
1. Because it is a duplicate of the second tab, this tab also uses user elee.
Change the operation to DELETE, enter the following URL, but do not click Send yet:
1. DELETE http://localhost:8080/cc/rest/common/v1/notes/<noteID>
DELETEs cannot specifies request bodies. On the third tab, navigate to the Body tab and select the none radio button.
Add the checksum to the header
1. In the first row of tabs (the one that starts with Params), click Headers.
2. Scroll to the bottom of the existing key/value list.
3. In the blank row at the bottom of the key/value list, enter the following:
  - KEY: GW-Checksum
  - VALUE: 99
Click Send. The checksum value in the header does not match the checksum value for the note calculated by ClaimCenter. So, the DELETE is unsuccessful and an error message appears.
Change the checksum value so that it matches the one from the POST payload.
Click Send a second time. Now, the checksum value in the header matches the checksum value for the note calculated by ClaimCenter. So, the DELETE is successful. (The response to a successful DELETE is "204 - No content".)