I am trying to set up a code which given grafana_session cookie will tell me whether it is valid for my Grafana instance
I tried using /api/auth/keys and passing grafana_session as a Bearer token but it doesn't work and I feel like it is intended to be used in a different way.
Is there a method to validate grafana_session using current API?
Ok found it!
You can send request to api/user with a special header:
header_key=cookie
header_value=grafana_session=<YOUR_GRAFANA_SESSION>
There is not official API for that. But you can call some Grafana API (for example /api/user) with that session cookie (please note: send it as a standard cookie, not as Bearer token). If you have response code 200, then cookie is valid, otherwise it is (very likely) invalid cookie.
curl example:
curl 'https://<grafana-domain>/api/user' \
-H 'Cookie: grafana_session=<grafana-session-cookie>'
Related
URL :
https://circuitsandbox.net/rest/v2/webhooks
My Headers :
Content-Type : application/x-www-form-urlencoded
Authorization : Bearer ot-xxxxxxxxxxxx
Body :
url - Some URl
filter - CONVERSATION.CREATE
Error I am getting :
"The permission to access this resource is not granted. Scopes ::= [ALL, READ_CONVERSATIONS, READ_USER]"
Plus If i want to send extra filters thn will it be comma separated values?
If you are getting a 403, I would suspect a scope error (as mentioned by Roger) or an authentication problem.
For the first, please show us which scopes are currently selected for the application ; for authentication, can you check if you can make other API calls successfully ?
Here is what it looks like in Postman
Make sure your app registration contains the scopes that your app is asking for. For a simple outgoing webhook registration you would only need the scope READ_CONVERSATIONS.
See https://github.com/circuit/circuit-REST-bot/blob/master/app.js for an example on how to register for a webhook. This example registers for CONVERSATION.ADD, but CONVERSATION.CREATE is very similar.
If you still have problems please post a code example, or even a link to an app on repl.it.
Here is an example HTTP request to register the webhook. Note that the body is sent as text/plain (which is the default and its header can be omitted). Also note that the callback url is http. https is not yet supported.
POST https://circuitsandbox.net/rest/v2/webhooks HTTP/1.1
Host: circuitsandbox.net
Content-Type: text/plain
Authorization: Bearer <token>
url=http://90587c6d.ngrok.io/webhook&filter=CONVERSATION.CREATE
and here is a curl command
curl -X POST https://circuitsandbox.net/rest/v2/webhooks -H "Authorization: Bearer <token>" -d "url=http://90587c6d.ngrok.io/webhook&filter=CONVERSATION.CREATE"
I have started using Postman to map out my API and also wanted have a quick, easy way to document it and share it.
My API is using JWT for auth and this token needs to be present in each request except login.
In order to keep it DRY I have used Postman collection Authorization
as explained on their blog http://blog.getpostman.com/2017/12/13/keep-it-dry-with-collection-and-folder-elements/
Example of how I set up collection authorization type bearer
This header is being used by my API as type "Inherit auth from parent" and this works with no problems during my requests.
But if I choose to view collection in browser this header is not displayed in the request or examples see screenshot.
Collection documentation as viewed in web
Here is the cURL request in Postman:
curl -X GET \
https://example.api/v1/auth/user \
-H 'Content-Type: application/json'
Is it possible to display the auth header while using the collection settings or I should add the header myself for each request in order to make sure that this is added in the examples and documentation?
Edit:
I've found that if I hover over the Authorization header I get the following message:
This temporary header is generated by Postman and is not saved with your request.
Here is a screenshot from the app with Postman collection temporary headers.
This issue will fix in 2 or 3 mounths.
You can track the issue status in https://github.com/postmanlabs/postman-app-support/projects/40#card-33062423
If you are setting up that JWT Token as request headers then it should get displayed in the documentation. Below are the Steps how i am generating and setting up jwt token:
Login api to generate jwt token.
saving that token as environment
variable Using that variable in each request which requires
Authorization header.
please see the screenshot
I am using postman client to make REST calls to JIRA API. It says "POST your credentials to http://jira.example.com:8090/jira/rest/auth/1/session" to get SESSION. I tried posting with Form-data, application/x-www-form-urlencoded, raw etc. Nothing worked. which is the right way to do that.
Here is the tutorial i am following: https://developer.atlassian.com/jiradev/jira-apis/jira-rest-apis/jira-rest-api-tutorials/jira-rest-api-example-cookie-based-authentication
Since you're using postman, I'm assuming you're in a dev environment. In this case, it might be simpler to get going with the auth header, which is a base-64 encoded username/password. From the documentation here:
Supplying Basic Auth headers
If you need to you may construct and send basic auth headers yourself. To do this you need to perform the following steps:
Build a string of the form username:password
Base64 encode the string
Supply an "Authorization" header with content "Basic " followed by the encoded string. For example, the string "fred:fred" encodes to "ZnJlZDpmcmVk" in base64, so you would make the request as follows.
curl -D- -X GET -H "Authorization: Basic ZnJlZDpmcmVk" -H "Content-Type: application/json" "http://kelpie9:8081/rest/api/2/issue/QA-31"
In the Headers section of Postman, add Authorization with Basic <base64-encoded-username:password>
Don't forget to also add the header Content-Type as application/json
(You can use base64encode.org to quickly encode your username/password).
Don't forget to put the string in as username-colon-password (username:password)
If you are on the same UI as I for postman, click Authorization, select an auth type (I used basic auth succesfully), and then enter your credentials. Next click over to the body tab, select raw, and on the drop down menu on the right choose JSON(applications/json), and supply the body as normal.
That is the first hurdle. The next hurdle which may be hit (and the one I am stuck on) is that once your basic-auth gets accepted, JIRA will deny access as part of Cross Site Request Forgery checks (XSRF) with a code 403. I have a ticket open right now seeing if there is a possible workaround to post and put from postman, because using postman and newman would be much much simpler than building an entire plugin which I have to jump through a bunch of hoops to access.
With Postman can simply add withCredentials:true to your request header section.
I am new in API gateways. I have python based API deployed on an EC2 server. I can access this as URL http://xxx.xxxxxxx.com/RPC2/. I can see objects, methods in this URL. I am trying to use API gateway for same.
Created API. (ExampleAPI)
Created POST method. (given path http://xxx.xxxxxxx.com/RPC2/ as end point URL ). I have not created the resource since I am expecting HTTP Proxy for all Methods of the resource. Its looks fine when I put my content in the request body. I get a response.
Now I have deployed it to one stage dev1. Got a new endpoint URL.
Also created an API key and attached it with dev1. Also Set API key required true in POST Method Request.
Questions.
1. When I hit dev1 URL (https://xxxxxxxxxxx-api.us-east-1.amazonaws.com/dev1), it does not give me same page as http://xxx.xxxxxxx.com/RPC2/. It gives me {"message":"Missing Authentication Token"} error. Am I missing some fundamentals here?
http://xxx.xxxxxxx.com/RPC2/ do have several methods, so how can I use it? All of them are POST methods. Can I set some parameters or some request body, or some templates? How can I improve this process?
How can I use API key here? Or it won`t work in POST method?
If i do curl -H "Content-Type: application/JSON" -X POST -d "{\"method\": \"app.menu\",\"params\":[] }" https://xxxxxxxxxxx-api.us-east-1.amazonaws.com/dev1 i get same response as i curl http://xxx.xxxxxxx.com/RPC2/. is it the only way to access my dev1 URL or I can create individual methods or string parameters.
Regards,
Ashish
See answers posted to this forum:
When i hit dev1 URL (https://xxxxxxxxxxx-api.us-east-1.amazonaws.com/dev1), it do not give
me same page as http://xxx.xxxxxxx.com/RPC2/. It gives me
{"message":"Missing Authentication Token"} error. Am i missing some
fundamentals here ?
If you are hitting the URL in a browser with a GET method, it will not
work. You have to specify all of the HTTP methods on a resource that
you want the client to access. If you hit a method that is not
defined, you get that message.
http://xxx.xxxxxxx.com/RPC2/ do have several methods, so how can i use it? all of them are POST methods. Can i set some parameters or
some request body, or some templates. how can i improve this process.
Yes if you are mapping to an RPC API then you can build the REST
methods/resources in API Gateway and set a static value for the header
or in the body, wherever the RPC action is expected by the backend.
How can i use API key here? or it won`t work in POST method? Because while accessing from curl, it works fine without API key.
First you should set API Key Required on the method (Method Request
page), then you'll have to add the API Stage to the API Key and make
sure it's enabled. After all that, if you send the API Key in a header
called 'x-api-key' it should work, otherwise you should get a 403
response saying "Forbidden".
If i do "curl -H "Content-Type: application/json" -X POST -d "{\"method\": \"app.menu\",\"params\":[] }"
https://xxxxxxxxxxx-api.us-east-1.amazonaws.com/dev1" i get same
response as i curl http://xxx.xxxxxxx.com/RPC2/. is it the only way to
access my dev1 URL or i can create individual methods or string
parametrs.
You will have to create each method in API Gateway (like GET) and they
can all point to the same backend url but specify a different RPC
action in the header or wherever it is specified.
I'd encourage you to check the public developer guides for parameter
mapping and payload transformation to learn what tools we have in API
Gateway.
I am trying to do basic authentication to call a rest service.
On service doc the procedure mentioned for CURL is like this
curl -X POST https://secure.clientservice.com/api/transactions.json -u [TOKEN]:[KEY] -H 'Content-type: application/json' \
-d "{\"transaction_type\":\"request\",\"amount_in_cents\":\"3000\",\"email\":\"user#example.com\"}"
I got stuck how to send the [TOKEN]:[KEY] for authentication from chrome rest client.I am having both user token and key and doc is saying i have to do Http Basic access authentication
On rest explorer i am trying like below
But this is giving un authorized access as seems to be the Authorization header is wrong where i am encoding [axkKtfBAaPABCh59SA]:[S7RwBG2eZ3y8mDs8VS] this value to base 64. Am i doing in right way or am i missing something.
Add the Authorization header: Header Forms --> ADD HEADER --> Begin typing in Authorization.
and add the basic auth info by clicking on the Edit (pencil) button on the right. A form to fill credentials will pop up:
Advanced REST Client will take care of encoding
I think should encode without the "[" “]“, it could be your problem. Also verify that your token is still valid (it could be expired)
if this doesn't solve your problem can you provide me the error message you get (in your picture the result seems to be ok).
This is an Old question, and has been answered as to how this should be done in Advanced REST Client. But i would still like to point out that you need to enter the basic Authentication Header like this:
Header Name: Authorization
Header Value: Basic
so if your username was user1 and password was abc then you would need to find the base64 encoded value of "user1:abc" which is "dXNlcjE6YWJj" (you can do this in one of many online tools available, just serach for "base 64 encode online").
In this case your header will become like:
Authorization -> Basic dXNlcjE6YWJj