MG REST Client
A Visual Studio Code extension for calling the Mongoose IDO Request Service REST API (V2)
with full per-operation configuration, reusable connection profiles, and Postman collection
import/run.
Features
- All MG operations in a Postman-style request builder:
GetConfigurations, GetSecurityToken, LoadCollection, UpdateCollection, InvokeIDOMethod,
GetPropertyInformation, GetDocumentObjects, Download/Upload DocumentObject,
Download/Upload FileStream, and Get IDO Swagger Document.
- Connection profiles — server, config, username, protocol, TLS-skip, and auth mode.
Passwords and tokens are stored in VS Code SecretStorage, never in settings JSON.
- Runtime config picker — override the profile's config per request. Click ↻ next to the
Config box to call
GetConfigurations on the server and choose from the returned list. The chosen
config is used for both the X-Infor-MongooseConfig header and GetSecurityToken (tokens are
cached per profile + config).
- Searchable IDO combobox — the IDO field filters a live list of IDO collections (from
ObjCollections) as you type; ↻ reloads it. Cached per profile + config.
- Properties picker — a modal next to the LoadCollection Properties field lists the selected
IDO's properties (via
GetPropertyInformation) with filter, select-all/clear, a Use * shortcut,
and key / read-only / required badges. Selected names are written back as a comma-delimited list.
- Method combobox — for Invoke IDO Method, the Method field filters the selected IDO's standard
(invokable) methods (
MethodType 0 and 2) from IdoMethods.
- Custom Load Method + Params — on Load Collection, the Custom Load Method field filters the
IDO's custom load methods (
MethodType 1 and 3), and a Params… button opens a modal to enter
positional values that are written to clmparam as a comma-delimited string (commas escaped as
\x2c).
- Update Collection editor — an Edit Changes… button opens a guided modal to build the
Changes body: per-change Insert/Update/Delete, a property table (from GetPropertyInformation)
with Set/Null toggles, and a Pick record… helper that loads rows and captures the _ItemId
(pre-filling values for Update). Live JSON preview; supports multiple changes.
- Assertions / expectations — define declarative checks per request (status / Success / time /
body JSON path / header, with equals / contains / regex / exists / numeric comparisons). Checked on
Send and on test runs (pass/fail in the response and the run log). Saved requests also embed an
equivalent Postman test script (
pm.test/pm.expect), so the same assertions run in Postman
and Newman/CI with no extra work.
- Parameter reference — for Invoke IDO Method, a panel shows the selected method's parameter count
and a
# / Name / In-Out / Type table, with a Fill template button that inserts a JSON array of
the right length. Backed by a disk-cached index (command MG: Build/Refresh Parameter Index),
built once per server+config because IdoMethodParameters can't be filtered by method over REST.
- Benchmark mode — performance-test a single API: Benchmark… (builder) or Benchmark
Request (saved request) runs N iterations (with warm-up and a token fetched once) and reports
min/median/avg/p95/max/stddev for total and TTFB, with CSV export. A keep-alive toggle
switches between steady-state latency and fresh-connection timing.
- Automatic authentication — calls
GetSecurityToken and caches the token per session;
re-authenticates automatically on HTTP 401.
- Self-signed certificate support — per-profile "skip TLS verification" toggle.
- Postman collection import & run — import v2.1 collections, run a single request or the
whole collection, with
{{variable}} substitution pulled from collection variables and the
active profile (server, config, username, baseUrl, token, password).
- Rich response view — HTTP status, elapsed time, byte size, Mongoose
Success/Message,
pretty-printed JSON body, and response headers.
Getting started
npm installnpm run compile- Press F5 to launch the Extension Development Host.
- Open the MG REST Client view in the activity bar.
- In Connection Profiles, click + to add a profile (server, config, credentials).
Then set its password/token via the key icon.
- In MG Operations, click an operation to open the request builder, fill in the fields,
and press Send. To target a different config than the profile default, click ↻ next to
the Config box to load the server's configurations and pick one for the request.
Connection profiles
| Field |
Description |
| Server |
host or host:port of the Mongoose application server |
| Config |
Mongoose configuration name, e.g. CSI_DALS |
| Username |
Used for GetSecurityToken (credentials mode) |
| Auth mode |
credentials (fetch token via username/password) or token (paste a token/bearer) |
| Protocol |
HTTPS or HTTP |
| TLS |
Skip verification (for self-signed certs) or verify |
Secrets are stored separately in SecretStorage and never written to settings.
Postman support
- MG: Import Postman Collection — pick one or more
*.json collection files (v2.1).
- Save… in the request builder saves the current request into a Postman collection (pick or
create a collection, an optional nested folder path, and a name). Saved requests embed the builder
state so clicking them loads back into the builder, and use
{{baseUrl}}/{{config}}/
{{token}} variables so the same file runs here and in Postman.
- The Postman Collections view shows collections as a folder/request tree. Managed
(extension-created) collections support New Folder, Rename, Duplicate, Delete. Imported
collections are read-only by default — use Enable Editing or Save Editable Copy. All edits
preserve fields the extension doesn't understand.
- Run a single request (inline ▶) or a whole collection. Results go to the MG REST Client output
channel.
- Reveal Collection File / Export Collection to share or import into Postman.
- Variables resolve with precedence active profile defaults < collection variables < per-collection
overrides, so a collection that defines its own
baseUrl/config targets itself correctly. The
active profile's fresh token still wins over a stale collection token unless you pin it. Use
Edit Collection Variables (collection context menu) to set persisted overrides. Runs warn about
any unresolved {{placeholders}}.
Commands
| Command |
Description |
MG: New Request |
Open the request builder |
MG: Add/Edit/Delete Connection Profile |
Manage profiles |
MG: Set Active Profile |
Choose the active profile |
MG: Set Profile Password/Token |
Store a secret in SecretStorage |
MG: Get Security Token |
Fetch + copy a token for the active profile |
MG: Import Postman Collection |
Import a v2.1 collection |
MG: Run Postman Request / Run Postman Collection |
Execute requests |
Settings
| Setting |
Default |
Description |
mgRestClient.profiles |
[] |
Connection profiles (non-secret fields) |
mgRestClient.activeProfileId |
"" |
Active profile id |
mgRestClient.requestTimeoutMs |
30000 |
HTTP request timeout (ms) |
mgRestClient.postmanCollections |
[] |
Imported collection file paths |
Security notes
- "Skip TLS verification" disables certificate checking for that profile. Use only on trusted
internal networks.
- Tokens and passwords live in SecretStorage and are never echoed to the webview or logs.
- The webview uses a strict Content-Security-Policy with a per-load nonce and loads no remote content.
Design
See design/DESIGN.md and design/TASKS.md in the source tree.
Limitations
- OAuth 2.0 / ION API handshake is not performed (paste a bearer token manually).
- Postman pre-request and test scripts are not executed; only variable substitution + the request.
| |
