Tools for development
Fiddler and Postman are two tools that would help in development, together with Swagger docs.
Fiddler
Fiddler is a debuggin proxy which allows to view the network communication between programs. You can read and install it from telerik fiddler official site.
When using Fiddler, communication between browser and the webserver is directly visible in Fiddler. However, a following configuration is needed to observe the background traffic such as server to server communication.
In the web.config that calls the web api, add following code:
<system.net>
<defaultProxy enabled="true" useDefaultCredentials="true">
<proxy autoDetect="False" bypassonlocal="False" proxyaddress="http://127.0.0.1:8888" usesystemdefault="False"/>
</defaultProxy>
</system.net>
Postman
Postman makes it easy to test the endpoints by sending webapi requrests. It can debug and save the requests for easy development and testing.
You can download Postman from getpostman.com site.
Testing secure endpoints
When the headless api endpoints are marked with Litium.Web.WebApi.OnlyServiceAccountAuthorization attributed, the bearer token need to be sent with the requests. Not having the bearer token or incorrect token results in a unauthorized error.
First configure a service account in Litium backoffice as described here >>.
Then you need to aquire the auth token from Litium using the account configured above.
Send a http POST request to the end point http://server.localtest.me/Litium/Oauth/Token, with following form elements in body.
grant_type -> client_credentials
client_id -> User Id of the service account
client_secret -> password specified in the service account

As the response, you would receive the access_token.
Use this access_token as "bearer token" value in Authoirzation header when requesting a secure endpoint. Following example shows sending a request to http://server.localtest.me/headlessApi/order/ endpoint requesting order LS100015
