Checksums for DELETEs
For operations that do not permit a request payload, checksums can be specified in the request header. This applies to DELETEs and a small number of business action POSTs that do not permit request payloads.
The header key for a checksum is GW-Checksum
. A checksum specified in the
header applies only to the root resource.
Send a checksum in a request header using Postman
About this task
Procedure
- In Postman, start a new request by clicking the + to the right of the Launchpad tab.
- Specify authorization as appropriate.
-
Add the checksum to the header.
- In the first row of tabs (the one that starts with Params), click Headers.
- Scroll to the bottom of the existing key/value list.
- In the blank row at the bottom of the key/value list, enter the following:
- KEY: GW-Checksum
- VALUE: <checksum value>
- Enter the request operation and URL.
- Click Send.
Results
Tutorial: DELETE a note using checksums
This tutorial assumes you have set up your environment with Postman and the correct sample data set. For more information, see Tutorial: Set up your Postman environment.
In this tutorial, you will send calls as Amy Clinton (user name
aclinton
). In the base configuration, Amy Clinton is an underwriting
supervisor who has permission to delete notes. As Amy Clinton, you will create a note. You
will then attempt to DELETE the note twice. Both DELETEs will include a checksum value. The
first DELETE will fail, and the second will succeed.
Tutorial steps
- In Postman, start a new request by clicking the + to the right of the
Launchpad tab.
- On the Authorization tab, select Basic Auth using user aapplegate and password gw.
- The sample data includes one "Review risk information" activity for Alice
Applegate. Query for that activity by entering the following call and clicking
Send:
- GET
http://localhost:8180/pc/rest/common/v1/activities?filter=subject:sw:Review%20risk
- GET
- Identify the
id
of the activity in the payload. This value is referenced below as <activityId>. - Identify the
id
of the account in the payload. This value is referenced below as <accountId>. - Open a second request tab and right-clicking the first tab and selecting
Duplicate Tab tab.
- On the Authorization tab, select Basic Auth using user aclinton and password gw.
- Change the operation to POST and enter the following URL, but do not click
Send yet:
- POST
http://localhost:8180/pc/rest/common/v1/activities/<activityId>/notes
- POST
- Specify the request payload.
- In the first row of tabs (the one that starts with Params), click Body.
- In the row of radio buttons, select raw.
- At the end of the row of radio buttons, change the drop-down list value from Text to JSON.
- Paste the following into the text field underneath the radio buttons.
{ "data": { "attributes": { "body": "API tutorial note to be deleted with a checksum" } } }
- Click Send. In the response payload, identify the note's id.
- Open a third request tab and right-clicking the second tab and selecting
Duplicate Tab tab.
- Because it is a duplicate of the second tab, this tab also uses user
aclinton
.
- Because it is a duplicate of the second tab, this tab also uses user
- Change the operation to DELETE, enter the following URL, but do not click
Send yet:
- DELETE
http://localhost:8180/pc/rest/common/v1/notes/<noteID>
- DELETE
- DELETEs cannot specifies request bodies. On the third tab, navigate to the Body tab and select the none radio button.
- Add the checksum to the header
- In the first row of tabs (the one that starts with Params), click Headers.
- Scroll to the bottom of the existing key/value list.
- In the blank row at the bottom of the key/value list, enter the following:
- KEY: GW-Checksum
- VALUE: 99
- Click Send. The checksum value in the header does not match the checksum value for the note calculated by PolicyCenter. So, the DELETE is unsuccessful and an error message appears.
- Change the checksum value so that it matches the one from the POST payload.
- Click Send a second time. Now, the checksum value in the header matches the checksum value for the note calculated by PolicyCenter. So, the DELETE is successful. (The response to a successful DELETE is "204 - No content".)