I am trying to make a custom connector in Power Automate with an API that I have used before with Powershell. The issue is that the one parameter I need in the header is Authorization, which is not allowed by Microsoft for some reason. I have found several forums online about how to get around it, but nothing has worked. Here are some forums with potential solutions:
https://powerusers.microsoft.com/t5/Microsoft-Dataverse/Authorization-header-is-not-allowed-Use-API-Key-authentication/m-p/894511#M10780
https://powerusers.microsoft.com/t5/Connector-Development/Authorization-header-using-HTTP-via-on-premise-datagateway/m-p/1339127
I am running into the same error message when trying to create a header with Authorization in my header:
'Authorization' header is not allowed. Use 'API Key' authentication type in the Security tab to set this header.
Here are my settings. The Authorization parameter should have a string value of "rest_api_key=xxxxxxxxxxx"
Despite me overriding the header, the actual request header in my connection looks like this. The token is a random string that is very long, so I have shortened it for simplicity.
{
"Authorization": "Bearer eyJ0eXAiOiJKV1...."
}
When I actually go to make a connection I am entering the full value "rest_api_key=xxxxxx" as the Authentication parameter.
Has anybody else run into this issue when trying to set a header of Authorization?
In Header Value, just provide the security key of your api.
I set it to "No authentication" for the authentication type under the security tab.
Set a new policy "Set HTTP header", Header name "Authorization", Header value "Basic NzZiZ............" (what you need it to be).
Action if header exists, "override".
Run policy on "Request".
This worked for me.
Related
I'm new to APIs and I'm trying to understand how to get a response from a prompt using OpenAI's GPT-3 API (using api.openai.com/v1/completions). I'm using Postman to do so.
The documentation says that there is only one required parameter, which is the "model." However, I get an error saying that "you must provide a model parameter," even though I already provided it.
What am I doing wrong?
You can get this to work the following way in Postman with the POST setting:
Leave all items in the Params tab empty
In the Authorization tab, paste your OpenAI API token as the Type Bearer Token (as you likely already did)
In the Headers tab, add key "Content-Type" with value "application/json"
In the Body tab, switch to Raw, and add e.g.
{
"model":"text-davinci-002",
"prompt":"Albert Einstein was"
}
Hit Send. You'll get back the completions for your prompt.
Note alternatively, you can add the model into the Post URL, like https://api.openai.com/v1/engines/text-davinci-002/completions
While above works, it might not be using the Postman UI to its full potential -- after all, we're raw-editing JSON instead of utilizing nice key-value input boxes. If you find out how to do the latter, let us know.
What solved it for me was adding the content-type header:
"content-type:application/json"
I'm in "Integration Request". I've set HTTP integration type and the Endpoint URL.
Below, I see "HTTP Headers, but if I try to add an header, there is a strange "mapped from" value I don't understand.
Setting an HTTP Proxy integration add a Mapping template I also don't understand.
I just need to pass the Authorization:xxxx and X-Auth-Username:xxxxx from the original request to the endpoint
Can't find an easy way...
I set HTTP proxy integration and added in the HTTP Headers (and deployed):
method.request.header.Authorization
method.request.header.X-Auth-Username
I also added as required Authoriaxtion and X-Auth-Username in Method request header as required.
But I get an error upon calling the api:
Authorization header requires 'Credential' parameter.
Authorization header requires 'Signature' parameter.
Authorization header requires 'SignedHeaders' parameter.
Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header
Hmmm maybe it's a "naming" problem?
So I changed "authorization" with MyAuthentication in the method request, and after in the integration Header, I mapped Authorization to
method.request.header.MyAuthentication
Now if I call my api with MyAuthorization in the header, I get "Missing Authentication Token", without hitting the api server
Click on 'Method Request' , expand 'HTTP Request Headers' and add a header Authorization . Now go back and click on 'Integration Request' , expand 'HTTP Headers' and add Header Name Authorization and 'Mapped from' method.request.header.Authorization . Basically for any header XYZ on 'Method Request' tab should have corresponding mapping on 'Integration Request' method.request.header.XYZ .
To Correctly use aws API Gateway as a pure http proxy and make it pass the Authorization header as-is to your backend API, you need to do two things:
In the Method Request: Make sure to add the Authorization header to the Http Request Headers section.
With this, AWS does not assume that the Authorization header is of your own implementation and the gateway does not expect it to contain AWS own format of multiple parameters such as SignedHeaders, Signature, X-Amz-Date , etc..
2. In the Integration Request: Make sure to select the Use HTTP Proxy Integration.
This makes sure that the request is being sent to the target as-is and thus the Authorization header not to be consumed and discarded as part of AWS own SigV4 authorization.
The following was correct...I was calling the original api path instead of te api gateway path....
I set HTTP proxy integration and added in the HTTP Headers (and deployed):
method.request.header.Authorization
method.request.header.X-Auth-Username
I'm setting up oAuth generation in new testing software, Tosca. Tosca can only handle API calls with raw body types. I need to convert below x-www-form-urlencoded payload to plain/text. The request is denied with "developerMessage": "The authentication service denied the request".
I have tried changing all of the ":"'s to "=" and all linebreaks to "&." Which has worked for converting other x-www-form-urlencoded payloads to plain/text. I have removed our client_id and client_secret and added them to basic auth. I have removed any and all special characters and spaces from the body and still getting error.
scope:openid
realm:employer
auth_method:cleartrust
auth_id_user_token:A+B/C/D==
nonce:cd
identity_method:air
response_type:id_token token
grant_type:password
which I changed to
scope=openid&realm=employer&auth_method=cleartrust&auth_id_user_token=A+B/C/D==&nonce=cd&identity_method=air&response_type=id_token token&grant_type=password
The plain/text api call should get a successful response and bring back oAuth token.
Full disclosure: I work for Tricentis in the Support Department.
Tosca's API Engine can also handle url-encoded payloads. See this manual page for an example screenshot: https://support.tricentis.com/community/manuals_detail.do?lang=en&version=12.3.0&url=engines_3.0/api/api_create_url-encoded.htm
Additionally, please follow these steps:
In the Technical View tab, open the Headers pane on the right-hand side. There enter a Content-Type header param with value application/x-www-form-urlencoded.
In the Auth tab, select Basic Auth as the method and use the client_id as the username and the client_secret as the password. Tick the checkbox Pre-authenticate.
In the Payload tab, you can enter the url-encoded payload required by your web service. Since you use grant_type = password, the payload has to include at least the string grant_type=password&username=someUsername&password=somePassword
I'm trying to access the SmartSheets REST API as described in the "Getting Started" documentation here: https://smartsheet-platform.github.io/api-docs/#getting-started and elsewhere. I generated an access token in the UI and, using Postman, tried a couple of simple GET requests cribbed from the documentation:
https://api.smartsheet.com/2.0/users/me
https://api.smartsheet.com/2.0/sheets
I set the Authorization and Content-Type headers as indicated. In both cases, I get Http 403-Forbidden errors with the message "You are not authorized to perform this action."
So how do I get authorized to perform these (or any other) actions?
You might want to verify that your access token value is correct. Also, when you set your Authorization header, are you including "Bearer " before your access token?
In Postman, it should look something like this:
Just a typo. I was including "Bearer" in the authorization header, but I had 2 spaces between "Bearer"and the token. You can only have one.
Following the instructions at the link below, I successfully built a REST API for my Django application: http://django-rest-framework.org/tutorial/quickstart.
I can test it by doing the following from the Unix prompt:
curl -H 'Accept: application/json; indent=4' -u root:myPassword http://www.myWebsite.com/users/
It works :)
However, I would like to use the Chrome extension Advanced Rest Client to test this same functionality.
I have installed the extension, but I don't know where/how to put the fields. When I make my educated-guess (as you can see in the screenshot), it rejects it saying "Authentication credentials were not provided"
How/where should I specify my parameters to the REST API?
The discoverability is dismal, but it's quite clever how Advanced Rest Client handles basic authentication. The shortcut abraham mentioned didn't work for me, but a little poking around revealed how it does it.
The first thing you need to do is add the Authorization header:
Then, a nifty little thing pops up when you focus the value input (note the "construct" box in the lower right):
Clicking it will bring up a box. It even does OAuth, if you want!
Tada! If you leave the value field blank when you click "construct," it will add the Basic part to it (I assume it will also add the necessary OAuth stuff, too, but I didn't try that, as my current needs were for basic authentication), so you don't need to do anything.
From the screenshot I can see that you want to pass "user" and "password" values to the service. You have send the parameter values in the request header part which is wrong.
The values are sent in the request body and not in the request header.
Also your syntax is wrong.
Correct syntax is: {"user":"user_val","password":"password_val"}.
Also check what is the the content type. It should match with the content type you have set to your service.
This seems a very old question, but I am providing an answer, so that it might help others.
You can specify the variables in the second screen in the form section, as shown below or in the
RAW format by appending the variables as shown in the second image.
If your variable and variable values are valid, you should see a successful response in the response section.
The shortcut format generally used for basic auth is http://username:password#example.com/path. You will also want to include the accept header in the request.
in the header section you have to write
Authorization: Basic aG9sY67890vbGNpbQ==
where string after basic is the 64bit encoding value of your username:password.
php example of getting the header values is:
echo "Authorization: Basic " . base64_encode("myUser:myPassword");
n.b: I assumed your authentication method as basic. which can be different as well.
Add authorization header and click pencil button to enter username and passwords
The easy way to get over of this authentication issue is by stealing authentication token using Fiddler.
Steps
Fire up fiddler and browser.
Navigate browser to open the web application (web site) and do the
required authentication.
Open Fiddler and click on HTTP 200 HTML page request.
On the right pane, from request headers, copy cookie header
parameter value.
Open REST Client and click on "Header form" tab and provide the
cookie value from the clip board.
Click on SEND button and it shall fetch results.
With latest ARC for GET request with authentication need to add
a raw header named Authorization:authtoken.
Please find the screen shot Get request with authentication and query params
To add Query param click on drop down arrow on left side of URL box.