Inspect Maximo Outbound Request with Automation Script

Problem:

When building integration in Maximo, using an inspection tool such as webhook.site to inspect the requests is extremely useful. It allows us to easily identify:

  • Whether Maximo published a message at all (to confirm Event Filter)
  • What is the data content it sends to external system (to confirm Data Mapping logic)
  • What are the values of some request headers (usually to confirm the authentication details are correct)

If you are an integration developer and haven’t used webhook.site, I encourage you to test it with Maximo. Spending 10 minutes now will save you countless hours of head scratching in the future.

However, in certain situations, this approach does not work. For example, a friend came to me recently for help with setting up an endpoint which uses Microsoft Entra’s OAUTH authentication. In this environment, the client has strict firewall and security settings. Means Maximo can only send requests to a few white-listed IP addresses. Using an online or locally installed inspection tool is not possible. We suspected Maximo did not send JD Edwards (the external system in this case) with a correct Authorization header but did not know how to confirm.

Solution

Automation Script can be used to build a fully functional web API. We can use it to capture the details of the request and write them to the system log or displaying it in the response. The request’s details are accessible in the autoscript via the following implicit variabbles:

  • request: exposes important methods such as request.getQueryParam(“parameter”) and request.getHeader(“header”) to retrieve values provided as a query parameter or header respectively. You can also access the UserInfo by calling request.getUserInfo().
  • requestBody: A string representation of the data submitted on request (for POST/PATCH/PUT)
  • httpMethod: whether this was a GET, POST, PUT
  • responseBody: a byte[] or String to return in the response. This is not required if you do not intend to return a response.

For more information on this, please refer to the IBM’s official Maximo Automation Script document

To provide an example, I setup Mock API by creating an automation script as follows:

To confirm that it is working, I run the script by opening it in the browser and can see the details of browser’s request as follows:

In this Maximo environment, I have an endpoint to Microsoft Dynamics 365 – Business Central. It uses Microsoft Entra OAUTH. If I want to inspect the requests to this endpoint, I need to change the URL to direct it to the MOCKAPI script as follows:

Note: Depending on the authentication settings in Maximo, we either have to pass the &_lid=xxx&_lpwd=yyy parameters in the URL, or set a MAXAUTH or APIKEY in the Headers field.

Now if I test the endpoint with some text data, it will give me a response with the details of the request as follows:

By using this method, in the investigation mentioned above, we were able to identify that Maximo sent JD Edwards the correct token in the Authorization header. However, because it required a few other parameters in the header which we forgot to put in, it still gave us a confusing “Unauthorised” error. After updating the header, the endpoint worked as expected.

2 Comments

  1. SayedSaeed

    Great Article here as usual.
    For real-time Integration, should we use Publish Channel to send data or just depend on REST API?
    Thanks in Advance here.

    • Viet Tran

      For outbound, you can use Publish Channel. For inbound, you can use the standard web service functionality, the JSON/REST API or build a custom one using automation script

Leave a Reply