In my last post I described how to add a cryptographic authorization system to your REST API. I left open the topic of how to debug and test such a system. This can be challenging.
One strategy is to use the cURL utility to formulate API calls, or add some scripting to automate these. It will become cumbersome very quickly and I highly recommend against it.
The Paw
Instead I came across a development tool called Paw. I have been using Paw for a number of years and have been very happy with it. So what is Paw. According to their webpage “Paw is a full-featured HTTP client that lets you test and describe the APIs you build or consume”. This is an understatement. But let me give you some examples.
In the demoserver example posted on Github. You can use the HTTP GET and PATCH method to access and set some values. In Paw provides us a easy to use GUI to see describe these calls.
This is what the GET call would look like
Here is what the PATCH call would look like.
Paw not only provides us a graphic view of the data, it also create a preview of the actual HTTP call. Paw allows us to specify the HTTP headers, URL parameters, body in multiple formats such as text or JSON. Paw also allow us to select authentication methods.
Extending Paw
Since the demoserver example used a custom method of authentication we were not able to use the built in ones that came with Paw. No problem, I was able to my my own custom extension to Paw to calculate the authentication value.
The extension itself was a small piece of Javascript that registered itself as “Demo Server Auth” and runs a simple function to calculate the hash and HMAC used by demoserver.
The result of that “Demo Server Auth” is made available to the Paw query below.
Instruction on how to write your own Paw extension are available online. There are also a number prewritten extensions available that you can download and use.
Other platforms
One thing though, the Paw tool is only available macOS. A short web search found that there are similar tools available on other platforms also. They didn’t seem as easy to use as Paw.
I have found that using the REST API greatly simplified the development of my Raspberry Pi IoT applications. The demoserver sample should go a long way to get you started on writing your own.