Customize HTTP Requests

Sometimes when using connectapi, customizing HTTP requests is desirable. For instance, some common use cases are:

using a custom certificate bundle
turn off certificate trust verification (ONLY FOR TESTING)
setting custom headers
using Kerberos (SPNEGO)

This is possible with connectapi thanks to the underlying library in use, httr.

Getting Started

When you initialize a connectapi API client, you implicitly create a httr HTTP client. The httr package allows you to configure your HTTP requests globally using httr::set_config() or in a scoped variant httr::with_config. We will walk through a few examples below.

Custom CA Bundle

library(httr)
library(connectapi)

client <- connect()

# notice that TLS verification fails
get_users(client)

# use a custom Certificate Authority to verify SSL/TLS requests
httr::set_config(httr::config(cainfo = "/path/to/my.pem"))

# now it should succeed!
get_users(client)

Turn Off Certificate Trust Verification - ONLY FOR TESTING

Sometimes when first setting up a server, it is common to use self-signed certificates. This is generally bad for reliable communication and security (as there is no reason for any computer to trust this server as a “self-declared” trustworthy actor).

However, it can be useful while the organization’s Certificate Authority (CA) is in the process of issuing a valid certificate, or while a certificate is procured from a public CA.

# disabling certificate trust (can allow man-in-the-middle attacks, etc.)
httr::set_config(httr::config(ssl_verifypeer = 0, ssl_verifyhost = 0))

# should work
client <- connect()
get_users(client)

You can also do this in a more scoped fashion:

httr::with_config(
  httr::config(ssl_verifypeer = 0, ssl_verifyhost = 0),
  {
    client <- connect()
    get_users(client)
  }
)

Custom Headers, Cookies, Proxy, etc.

httr has some helpers for common tasks like httr::add_headers(), httr::set_cookies(), httr::use_proxy(), etc. Using them is a bit tricky, but can be done by way of the client$httr_config() function.

Pass any usual httr arguments to client$httr_config(), and those arguments will then be saved and passed to any subsequent GET, PUT, POST, PATCH, HEAD, DELETE requests you send with that client.

# for instance, to set custom headers (i.e. to get through a proxy)
client$httr_config(httr::add_headers(MY_MAGIC_HEADER = "value"))

# or to clear sticky cookies if you want to switch nodes in an HA cluster
client <- connect()
client$server_settings()$hostname
client$httr_config(handle = httr::handle(""))

# now you have a chance to get a new host
client$server_settings()$hostname

# use an outbound proxy
client$httr_config(httr::use_proxy("http://myproxy.example.com"))

NOTE: these values are completely overwritten each time you call client$httr_config(), so ensure that you pass all desired values at the same time

Using Kerberos

Suffice it to say that effectively using Kerberos for HTTP is a bit of an advanced topic. However, it is possible with httr.

It is worth noting that today, this interferes with API key authentication, which we are hoping to improve in a future release of Posit Connect.

# disables authentication header that is included by default
client$using_auth <- FALSE

# use Kerberos authentication mechanism (requires local credential cache)
client$httr_config(httr::authenticate(":", "", type = "gssnegotiate"))

Cole Arendt

2025-03-31

Getting Started

Custom CA Bundle

Turn Off Certificate Trust Verification - ONLY FOR TESTING

Custom Headers, Cookies, Proxy, etc.

Using Kerberos