Open APIs

 View Only
  • 1.  Query on Notification Callback URL

    Posted Aug 24, 2021 09:38
    Hello,

    I have a query on type of Call back URL supported on behalf of alarm listener. I was going through the TMF 642 Alarm Management APIs. The snippet as attached from the doc.

    Request

    POST /api/hub
    Accept: application/json

    {"callback": "http://in.listener.com"}

    Response

    201
    Content-Type: application/json Location: /api/hub/42

    {"id":"42","callback":"http://in.listener.com","query":null}



    My queries are,

    • Should the callback URI only supported for plain "http" or can we use it for "https" also. Most of the examples I see only http.
    • Basically if the listener (receiver of the notification) needs to ensure the authenticity of the sender and expects the data to be encrypted. So, our receiver system will have authentication in place and provide token for authorization for sender (Alarm creator). If we want to support such receiver system how to expose the callback URI. Is there any other payload format or sequence of APIs supported in this case.
    Sorry in case this type of query is answered else where. But I couldn't find the right one when I briefly searched.

    Awaiting your response

    Thanks
    Rajesh


    ------------------------------
    Rajesh I V
    Cisco Systems
    ------------------------------


  • 2.  RE: Query on Notification Callback URL

    TM Forum Member
    Posted Aug 25, 2021 01:43
    Hi Rajesh
    • https is fine, even preferred. The examples in the specs/user guides are just that, examples.
    • The Open APIs don't explicitly deal with authentication, there is an assumption that you have standard HTTP authentication mechanisms in place in your headers. See the section on authentication in TMF630 Design Guidelines Part 1, downloadable here.
    Hope it helps

    ------------------------------
    Jonathan Goldberg
    Amdocs Management Limited
    Any opinions and statements made by me on this forum are purely personal, and do not necessarily reflect the position of the TM Forum or my employer.
    ------------------------------



  • 3.  RE: Query on Notification Callback URL

    Posted Aug 25, 2021 04:59
    Hi Jonathan Goldberg,

    Thanks for the response. The link you pointed didn't work. Nevertheless, I got the link what you are referring. I downloaded that TMF 630 guide from here

    https://www.tmforum.org/resources/specification/tmf630-rest-api-design-guidelines-4-2-0/. As I captured we expect, this authentication requirement to be supported on the Alarm sender side to receiver flow.

    I will check the document and revert.

    Thanks,
    Rajesh

    ------------------------------
    Rajesh I V
    Cisco Systems
    ------------------------------



  • 4.  RE: Query on Notification Callback URL

    TM Forum Member
    Posted Aug 25, 2021 05:41
    The link I posted is fine (I just checked), but probably only works for people who are logged in to the TMF website. But I'm glad you found an alternative path to the materials.

    ------------------------------
    Jonathan Goldberg
    Amdocs Management Limited
    Any opinions and statements made by me on this forum are purely personal, and do not necessarily reflect the position of the TM Forum or my employer.
    ------------------------------



  • 5.  RE: Query on Notification Callback URL

    TM Forum Member
    Posted 9 days ago
    Hi Rajesh,

    Are you able to find the to set up the authentication. Is there any TMF standard that we need to follow?

    In my case, when I subscribe to the alarm notifications then the alarms are coming from monitoring tool to ServiceNow (which is a ticketing tool). However, I am getting below error for every alarm coming from monitoring system

    Error: Requested URI does not represent any resource: /sn_ind_tmf642/alarm_mgmt/alarm/client/listener: no thrown error

    I assume this error is coming because of there is no authentication mechanism. Please let me know if you have some details to share.

    Regards,
    Gaurav

    ------------------------------
    Gaurav Bhatia
    Capgemini
    ------------------------------



  • 6.  RE: Query on Notification Callback URL

    TM Forum Member
    Posted Feb 16, 2022 00:57
    Edited by Marlon Almazan Feb 22, 2022 15:57
    Hi

    TMF630 does not provide a way to notification subscriber/consumer  to suggest if auth is needed on callback URL or a way to share AUTH info to notification producer.

    One solution could be in include an additional header e.g. Callback_Authorization in addition to default http header Authorization.

    1.Authorization header to authenticate Notification Subscriber to Notification Producer
    2.Callback_Authorization to to  authenticate Notification Producer to Notification Subscriber.

    Regards
    Akhilesh

    ------------------------------
    Akhilesh Dwivedi
    Ericsson Inc.
    ------------------------------



  • 7.  RE: Query on Notification Callback URL

    TM Forum Member
    Posted Feb 16, 2022 02:45
    Hi Akhilesh

    That's a good catch and a very interesting suggestion.
    It does raise the question, can a specific implementation of an API be expected to cater for all possible auth requirements of potential API consumers.
    It needs more thought, and I'm taking it up with my colleagues on the API team.

    ------------------------------
    Jonathan Goldberg
    Amdocs Management Limited
    Any opinions and statements made by me on this forum are purely personal, and do not necessarily reflect the position of the TM Forum or my employer.
    ------------------------------



  • 8.  RE: Query on Notification Callback URL

    TM Forum Member
    Posted 9 days ago
    Hi Jonathan,

    I have the same query that Rajesh is having related to authentication.

    Regarding your comment mentioned below. Is there any update?

    It needs more thought, and I'm taking it up with my colleagues on the API team.

    Regards,
    Gaurav

    ------------------------------
    Gaurav Bhatia
    Capgemini
    ------------------------------