Skip to the content

How to add custom data to session

Third part can add a data to session by interface on FormsHub. Authetization of the requests are by signed JWT. The data is placed in content of request ussually in JSON format. 

There is an url for adding data to session "http://<hostUrl>/api/Session/SetSessionData", where hostUrl is url of FormsHub. I have to send the request with JWT and data on it. 



JWT is signed and validated by the certificate. You need the certificate with a private key for a signing the JWT and the certificate with a public key for its validation. It is recomended to use RSA PKCS#1 signature with SHA-256 for a signing of JWT in order to you need the certificate which contains valid keys for it. 

The certificate with public key is saved on server (in CGG). 

The certificate with private key is saved on client and the client is responsible for secure storage.

Authorization data

JWT is used for authorization. Client application creates JWT and signs in by the certificate. The sign is created by RSA PKCS#1 signature with SHA-256. After that it saves JWT into header of request in property Authorization. 

Property name Description
sessionID sessionID of session which exists between client and FormsHub
rendererID name of HTML element for rendering of forms
timeStamp current time in format: yyyy-MM-ddTHH:mm:sszzz
hash SHA256 of data which is sent by request body (if the data does't exist, hash is empty)
Encode JWT:

Decode JWT:
  "alg": "RS256",
  "kid": "QwAH_cNPrznMGMFyollebinYfCU",
  "typ": "JWT"

  "sessionID": "sessionID-123",
  "rendererID": "rendererID-111",
  "timeStamp": "2019-05-02T10:09:06+02:00",
  "hash": "qgkcRTenwRr724y8tzYsILFCgsZe2BLuq2KTfX8ZQ+A="

Development and testing of client code for creating and sending requests

There is method for testing and validations the requests. Its name is ValidateRequest and it is used for POST requests. The method accepts all requests and it does their validation.

Url for it is https://<host>/api/Session/ValidateRequest


Request content

Data which will be saved into session have to be in request body. Data is in JSON format. The key is identifier for the value in session. You can read values by keys in NDCode in eForms.

    key1 : "value1",
    key2 : "value2",

You can reference the values of content in EForms by keys by method ThisForm.GetSessionData(string Key). 

Code sample

This part of code creates and sends the request on FormsHub API. The code uses the method for validation your request (ValidationRequest). If you want to add data to session, you have to use method SetSessionData ("<host>/api/Session/SetSessionData").

using Microsoft.IdentityModel.Tokens;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;

static string ComputeSha256Hash(string rawData)
	if (rawData.Length == 0) return "";
	using (SHA256 sha256Hash = SHA256.Create())
		byte[] bytes = sha256Hash.ComputeHash(Encoding.UTF8.GetBytes(rawData));

		return Convert.ToBase64String(bytes, 0, bytes.Length);

static void Main(string[] args)
	var requestData = "{ BootstrapToken : \"Content of BootstrapToken\", MyData:\"My data to session\" }";
        var baseUrl = "your-base-formshub-address";
        var setSessionDataUrl = "api/Session/SetSessionData";
        var validateRequestUrl = "api/Session/ValidateRequest";
        var sessionID = "sessionID-123";
        var rendererID = "rendererID-111";

        var pfxFile = @"path-to-PFX-file";
 	var pfxPass = "password-to-PFX";

	var headerPayload = new Dictionary()
			{ "sessionID", sessionID },
			{ "rendererID", rendererID },
			{ "timeStamp", DateTime.Now.ToString("yyyy-MM-ddTHH:mm:sszzz") },
			{ "hash", ComputeSha256Hash(requestData) },

        var signingCert = new X509Certificate2(pfxFile, pfxPass, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet);
        X509SecurityKey privateKey = new X509SecurityKey(signingCert);
        var tokenHandler = new JwtSecurityTokenHandler();
        var tokenDescriptor = new SecurityTokenDescriptor
            SigningCredentials = new SigningCredentials(privateKey, SecurityAlgorithms.RsaSha256Signature),               
        JwtSecurityToken stoken = (JwtSecurityToken)tokenHandler.CreateToken(tokenDescriptor);
        foreach (var p in payload) {
            stoken.Payload[p.Key] = p.Value;
        string token = tokenHandler.WriteToken(stoken);

	HttpClient client = new HttpClient()
		BaseAddress = new Uri(baseUrl)
	client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(token);

	var content = new StringContent(requestData, Encoding.UTF8, "application/json");

	HttpResponseMessage response = client.PostAsync(validateRequestUrl, content).Result; //------------- validate request
        //HttpResponseMessage response = client.PostAsync(setSessionDataUrl, content).Result; //------------ add data to session

        string responseContent = response.Content.ReadAsStringAsync().Result;


Postman sample

This sample uses a method for a validation of the request - "http://localhost:54039/api/Session/ValidateRequest". 

If you want to use the sample, you have to change host address. 

	"info": {
		"_postman_id": "16fab9ae-ccd7-450e-9299-d00b6d4778b9",
		"name": "FormsHub",
		"schema": ""
	"item": [
			"name": "api/Session/ValidateRequest",
			"request": {
				"method": "POST",
				"header": [
						"key": "Authorization",
						"value": "eyJhbGciOiJSUzI1NiIsImtpZCI6IlF3QUhfY05QcnpuTUdNRnlvbGxlYmluWWZDVSIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uSUQiOiJzZXNzaW9uSUQtMTIzIiwicmVuZGVyZXJJRCI6InJlbmRlcmVySUQtMTExIiwidGltZVN0YW1wIjoiMjAxOS0wNS0wMlQxMDowOTowNiswMjowMCIsImhhc2giOiJxZ2tjUlRlbndScjcyNHk4dHpZc0lMRkNnc1plMkJMdXEyS1RmWDhaUStBPSJ9.TxtsSV0uSI00p82GSu7-Tk4wpEnY3uM_rI59aXdiA8uxhycSiS04SduSHMBW05MCjn0UFxFwPVhgvztmQtG95xqnqW-wvekTDoTHCDBrxajyqpUsuShJ1NrLXTXCmVByEmvrx97HcCmBZiiHeLdFcKiKEn5Ol_i-m0TAyx6r9PeWUvX1GWQlYM889PjOzdr07HbMNJGlMPaw2r7ewC1Jy0WMhQm1R6HVJVvbS0hcEj3N8lo5X5bXOaHkk5kBoloJzd05E03pKo0hmXTJiYFXWC8OL6BKvdzPwD94wRkKgISdRkXRsyF6j_x073ky6IuNKkL1ybbTrp2eKe9_HUC7oQ",
						"type": "text"
						"key": "Content-Type",
						"name": "Content-Type",
						"value": "application/json",
						"type": "text"
				"body": {
					"mode": "raw",
					"raw": "{ BootstrapToken : \"Content of BootstrapToken\", MyData:\"My data to session\" }"
				"url": {
					"raw": "http://localhost:54039/api/Session/ValidateRequest",
					"protocol": "http",
					"host": [
					"port": "54039",
					"path": [
			"response": []