Welcome Guest, you are in: Login

QVSource: The QlikView & Qlik Sense API Connector (Docs)

We have hundreds of customers who have run QVSource easily and successfully on a diverse range of environments. However, we understand that certain users may have particular requirements and concerns about what software they allow to run on their machines - this page attempts to explain the main aspects of QVSource which we feel will be useful to these enterprise users.


Prerequisites

You can request a free trial of QVSource download here.

  • QVSource should run on any Windows PC which has the .NET framework 4 (full edition) installed, please note however that we only support Windows 7 or later and Windows Server 2008 and later and we only offer support for the QVSource service on Windows Server editions.

NOTE - .NET 4.0 and .NET 3.5 will run side by side as stated by Microsoft.

  • QVSource should currently work with any version of QlikView or Qlik Sense.
    • Regarding QlikView: We strongly recommend using QlikView 10 or later which has the new QVX data format. If you are using QlikView 9 or earlier you will need to use either the html or TSV data format provided by QVSource.
    • Regarding Qlik Sense: Please read this page regarding a possible configuration change you may need to make.

  • Note that for most of the connectors available so far, QVSource needs to connect to the internet in order to download data from whichever API you are interested in - therefore if you have a personal or corporate firewall preventing this it will not work - we do have some features (e.g. http headers and known outgoing end points) which might help you configure this.

A QVSource Primer

If you are not familiar with QVSource, we would first recommend flicking through this slide deck which aims to explain 80% of what you will need to start using the product effectively.

The following diagram gives a high level overview of where QVSource sits in relation to QlikView and the APIs it connects to:

Image

In particular, it is useful to appreciate the following:

  • QVSource is simple to install/setup (full instructions here). Actually, there is no installer and no registration of components (e.g. COM or in the GAC (Global Assembly Cache)).
    • QVSource is delivered simply as a zipped folder which you unzip (we recommend to c:\QVSource\ or another root drive) and run the exe. You may need to first 'unblock' the zip file as explained here.
    • Note that we would not recommend including the version number in the folder as it makes upgrading more challenging - for example the windows service will need to be un-registered and re-registered with each upgrade.

  • QVSource works by running a simple, lightweight webserver on your local machine. QlikView requests data from http/https end points during processing of the load script which in turn triggers QVSource to request data from the API in question (more on this below). More on these items below.
    • Note that the MongoDB Connector is unique in that it does not make http/https requests but rather communicates with MongoDB via the c# driver.

  • You can set up a Windows Service version of QVSource (by running a simple batch file as explained here) which is useful (necessary) when running alongside QlikView Server. Note that your QVSource licence file needs to allow this.
    • There are also instructions here explaining how to configure QVSource to run under a standard windows user account.

The QVSource Web Server

QVSource works by running a small, lightweight web server. By default, when you run the QVSource.exe (or the Windows Service version - QVSourceService.exe), QVSource will start 'listening' on:
http://localhost:5555/QVSource

This page explains further how you can use this end point to check the status of QVSource.

If necessary, you can also change this port number as explained here (this page also gives some notes on how you can check if other programs have already 'claimed' this port).

It is important to note that, by default, this local web server only responds to requests coming from the local machine QVSource is running on, therefore it should not be possible for QVSource to open up security problems from other machines on your network. Assuming the machine you are running QVSource on is properly secured it should only be possible for other programs running on the same machine to make requests to the QVSource web server or read any of the files which QVSource creates and manages.

We are working on a feature which lets you configure QVSource to accept request from certain other machines (for example if you wanted to run QVSource on a machine in a DMZ with access to the internet). However, this must be enabled in the QVSource licence file and is currently only available to select customers. The default configuration is to have QVSource running on the same machine wherever the QlikView reload is taking place.

Outgoing Connections

QVSource makes outgoing requests to various APIs. For example, the Twitter Connector makes out going requests to the Twitter REST API 'on behalf of QlikView', returning the results in a format which can be natively parsed and read by QlikView.

End Points/URLs

Where possible, each connector now advertises the end points it needs to make out going connections to. This information is found on the 'About' tab of each connector. For example on the Facebook Fan Pages Connector (you should always check this tab for the latest/current version of the connector you are using):

Image

This is useful if you would like to configure an outgoing proxy server or firewall to only allow traffic to the specific end points QVSource needs to connect to.

Proxy Authentication

If you connect to the Internet through a proxy then you might find you need to check the following option in QVSource:

Image

This should cause QVSource to use any system proxy configured (Internet Options -> Connections -> LAN Settings). In our experience this works in the vast majority of cases.

If you still experience proxy authentication errors (often with a 407 HTTP error code) then - as of QVSource version 1.5.8.7 and later - you can also override the following settings in the QVSource.exe.config (QVSourceService.exe.config for the Windows Service based version):


    <!--
    If you are connected to a proxy usually you should only need to check the Proxy option in the 
    QVSource settings for this to work. However, if you are still having 407 proxy authentication errors 
    you can override the settings using the keys below. Note - you may not need to override all of these.
    -->
    <add key="proxyUsername" value=""/>
    <add key="proxyPassword" value=""/>
    <add key="proxyDomain" value=""/>
    <add key="proxyAddress" value=""/>

IMPORTANT: Don't forget that you will need to ensure these settings are persisted if you update QVSource and also that the settings are used in both the desktop version (QVSource.exe.config) and the Windows Service based version (QVSourceService.exe.config).

NOTE: See this page for how to edit the proxy config in the new QVSource Web Edition.

HTTP Headers/User Agents

All of the outgoing calls from QVSource should have the user agent: QVSource (gzip)

As well as an additional http header: QVSource: true

You may be able to use these to further tie down the access QVSource is permitted.

PLEASE NOTE: An important exception to this is that many connectors use OAuth authentication in which case the user is typically directed to a login page hosted by the API provider (e.g. a Twitter login web page or a Google Service login web page. In this case QVSource simply hosts a browser control to display this and is not able to set the above headers. The user agent in this case will then start 'Mozilla/4.0'.

If you are having problems with these elements please contact us if you need details about the urls being browsed to so that, for example, you can allow access through your proxy or firewall.

FIPS Compliance

Prior to version 1.6.3.2, the QVSource WinForms edition (note, this does not apply to the new Web Edition) used some security related code which is not FIPS compliant (more info here). For example we used the MD5 hashing algorithm to help create keys to store cached data (which some connectors utilise to help improve performance).

If you have the 'Use FIPS Compliant algorithms' option enabled in your security policy you will probably see the following error when starting QVSource:
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

Either in a pop up message box or in one of the log files.

If you wish to continue using QVSource you will need to make a minor adjustment to the application configuration file as explained here to disable FIPS (just for QVSource).

If you use QVSource 1.6.3.2 or later (and you have deleted any settings files created by earlier versions) OR you are using the new Web Edition this should no longer be an issue as we have moved to FIPS compliant algorithms.

Revoking QVSource's Access To Your Data

Many APIs now use OAuth for authentication and the sites which manage these APIs often have a page which lists which applications you have given permission to access your data.

On this page we attempt to keep a list of locations where you should find applications you have allowed access to your data (including QVSource) and can often revoke that access.

Deploying From Development to Test/Production Servers

When you install QVSource on a new machine you typically need to ensure that you have authenticated with any connectors which are being used. If you are deploying from a desktop/development environment to a server this step can be a little cumbersome and this page provides an easier mechanism.

Storage and Security of Credentials

Some of the QVSource connectors require you to enter your credentials to authenticate and/or API keys in order to gain access to the specific API. There are two ways that the access tokens and passwords can be used:

  • use the authenticated access tokens and passwords from within QVSource (recommended)
  • embed access tokens and passwords in your application's load script

If the access tokens are embedded in your application's load script, then once these are distributed they would also need to be properly secured.

Where authentication is used from within QVSource, then these details are stored in a settings.xml file for each connector. These are located in the folder QVSource/Data/[Connector Name]/settings.xml and although QVSource will encrypt them it is important (and also your responsibility) to ensure that there is sufficient security to adequately protect these files and ensure they are only accessible by individuals you select.
  Name Size
- Use Proxy Settings.png 42.11 KB


(QVSource works with Qlik Sense as well as QlikView - See this page for notes.)
QVSource - The QlikView & Qlik Sense API Connector | © Copyright 2011 - 2016 Industrial CodeBox Ltd