How to get tasklistSessionId in Tasklist Cloud API

amit.mishra · December 21, 2023, 3:37pm

Hi,
I m trying camunda for Education Industry.
Its my first process and trying to implement TaskList through cloud API.

Trying to get Tasklist listing but getting error. (image attached)

Documents shows to add Cookie: TASKLIST-SESSION={tasklistSessionId}
But do not describes where to find it.
Reference link: Task API | Camunda 8 Docs

Kindly suggest and if possible kindly add descrption about it in same page for user ease…

Thanks…

houssain-barouni · December 22, 2023, 3:31pm

Hello @amit.mishra and welcome to the community,

If you are using Tasklist UI, you can find a cookie using your browser DevConsole

Other option, you can store a cookie in a file using

curl -c cookie.txt -X POST 'http://localhost:8080/api/login?username=demo&password=demo'

Then, you can use this cookie in your queries with:

curl -b cookie.txt -X POST 'http://localhost:8080/v1/tasks/search' -H 'Content-Type: application/json' -d '{}'

Note that, if you are using identity, it is better to use a JWT token instead of a session token as described here .

I hope this can help

Best regards,
Houssain

amit.mishra · December 27, 2023, 3:55pm

Hi @houssain-barouni thank you for your response.
Sorry I was out of city on vacation. Hope you are doing good…
Since I am using cloud based application.
The other suggested options like saving cookie in localhost and using Identity (self managed) would not work.
However, I have tried first option to copy TASKLIST-SESSION from browser but failed. Showing same error.
“JWT payload validation failed”.
Kindly help to resolve…

houssain-barouni · January 2, 2024, 9:38am

Hello @amit.mishra , best wishes for the new year!

Try to not send the authorization header along with the Cookie, it should work.

If you want to use a bearer token (more convenient for API usage) in a cloud setup.

Create an API client . Give the client access to Tasklist. Take note of the clientId and clientSecret
Request a token using

curl --location 'https://login.cloud.camunda.io/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={{CLIENT_ID}}' \
--data-urlencode 'client_secret={{CLIENT_SECRET}}' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'audience=tasklist.camunda.io'

You should get a bearer token in the response
3. Use the bearer token to call Tasklist API

I hope this will help you

Best regards,
Houssain

amit.mishra · January 2, 2024, 12:45pm

@houssain-barouni Same to you…
And Tnx for the guidace.
Yes while removing authorlization header, Its working fine with TASKLIST-SESSION. Kindly help me to understand two things:

How without passing the JWT Token its working fine, and
As guided by you for testing purpose I am taking TASKLIST-SESSION value from browser properties, kindly guide how to get its value dynamically.

houssain-barouni · January 2, 2024, 1:20pm

@amit.mishra

When using Cookies only, you are using a user session. The Authorization header that you were passing includes an invalid bearer token (so the error)
Better use Authorization header with a bearer token, you can programmatically get it as I explained in my previous comment. In this case no need to pass a Cookie or a TASKLIST-SESSION