Can I use Spring RestDocs to document APIs when the authorization mode is bearer?
A pointer to a simple example would be appreciated, it doesn't seem the be available on the Spring RestDocs pages.
Thanks
It's actually very simple.
First obtain a bearer-token and encode it so you can use it as a string.
Next add the header to your call, like:
.header("Authorization", "Bearer " + "your encoded token")
TestClient.put().uri("/v1/some_endpoint/foos")
.header("Authorization", "Bearer " + "your encoded token")
.contentType(MediaType.APPLICATION_JSON)
.accept(MediaType.APPLICATION_JSON)
.body(BodyInserters.fromValue("{"pay":"load"}))
.exchange()
.expectStatus().isOk();
Related
I'm trying to send a request to a server that requires a parameter called 'fid' sent in the header for autherization.
Here's what you can help me with.
Payload to be sent in the header 👇
{ "fid" : "Some alphaNum value", "type": "some type string" }
I would like to know how to use jwt encoding in flutter and how to use that in the header of a request to encode and send this payload across to the server for autherization. I'm planning to use HS256 algo for encoding. Since I'm new to the concept of Jwt, there might be errors in the way I asked this question. Please share your thoughts. I would also like to know how to use the secret key too -- like how to generate the key, and where in the request to send this.
Request 👇
fetchData({required String type, required String fid, String url}) async{
<How to get the json web token>
http.get(url, header : <What do I send here>);
}
you can use http or Dio package for calling API requests in flutter,
you can set headers as follows,
https://pub.dev/packages/dio
https://pub.dev/packages/http
final response = http.get(url,
headers: {HttpHeaders.contentTypeHeader: "application/json", HttpHeaders.authorizationHeader: "Bearer $token"});
I am trying to emulate the following curl command in c# using RestSharp:
curl URL -F "login=samplelogin" -F "key=password"
I am using the following c# code to format the request:
// Configure Request
RestRequest request = new RestRequest(resource, Method.POST);
request.AddParameter("login", context.Control.CourtLogin, ParameterType.RequestBody);
request.AddParameter("Key", context.Control.CourtPassword, ParameterType.RequestBody);
request.AddHeader("Content-Type", "multipart/form-data");
The client endpoint just returns login failure. When I read the documentation for AddParameter on the RestRequest class. It states you can only have key value pair with parameter type = RequestBody.
Does anyone have any ideas on how to get multiple form data key value pairs in a RestSharp client request? Or how to duplicate multiple -F curl options using RestSharp?
Thanks in advance!
"Content-Type" should be "application/x-www-form-urlencoded".
I am working on REST API calls on Azure storage table, I am successful to query table and get response in xml format but when I try to change the Accept header to JSON I am getting the exceptions.
Note: I set the value of x-ms-version to 2018-03-28
headers.put("Authorization", "SharedKey " + store + ":" + hash);
headers.put("x-ms-date", date);
// headers.put("x-ms-version","2009-09-19");
headers.put("x-ms-version","2018-03-28");
headers.put("Accept-Charset","UTF-8");
// headers.put("Accept","application/atom+xml,application/xml");
headers.put("Accept","application/json;odata=nometadata");
headers.put("DataServiceVersion","1.0;NetFx");
headers.put("MaxDataServiceVersion","1.0;NetFx");
I am getting the Response status code 415 with message "JsonFormatNotSupportedJSON format is not supported."
DataServiceVersion and MaxDataServiceVersion are not necessary, but if you want to use, change them to 3.0;NetFx.
Only 3.0 is compatible with x-ms-version 2013-08-15 or later. See the document.
I have removed below 2 headers and now I am getting the response in JSON format.
headers.put("DataServiceVersion","1.0;NetFx");
headers.put("MaxDataServiceVersion","1.0;NetFx");
I am trying to get a little bit familiar with this REST API:
https://docs.gemini.com/rest-api/#private-api-invocation
However, I am trying to figure out how they do authentication, and it seems they don't use OAuth. This is what they say:
Gemini uses API keys to allow access to private APIs. You can obtain these by logging on and creating a key in Settings/API. This will give you both an "API Key" that will serve as your user name, and an "API Secret" that you will use to sign messages.
All requests must contain a nonce, a number that will never be repeated and must increase between requests. This is to prevent an attacker who has captured a previous request from simply replaying that request. We recommend using a timestamp at millisecond or higher precision. The nonce need only be increasing with respect to the session that the message is on.
Now, I don't understand where to place my API Secret key. They don't really specify a parameter name for it. Same thing goes for the nonce. Also, does the nonce need to be randomized? And what size should the nonce be? I am not that familiar with this.
As described in the docs you linked you need to base64-encode the "request", "nonce" and "order_id" for the X_GEMINI_PAYLOAD header and SHA384 that payload with the API Secret for the X-GEMINI-SIGNATURE header.
Here's an example from the site (Python):
import requests
import base64
import hmac
from hashlib import sha384
url = "https://api.gemini.com/v1/order/status"
gemini_api_key = "mykey"
gemini_api_secret = "1234abcd"
# for the purposes of this example, we've shown hand-rolled JSON - please import json and use json.dumps in your real code!
b64 = base64.b64encode("""{
"request": "/v1/order/status",
"nonce": 123456,
"order_id": 18834
}
""")
signature = hmac.new("1234abcd", b64, hashlib.sha384).hexdigest()
headers = {
'Content-Type': "text/plain",
'Content-Length': "0",
'X-GEMINI-APIKEY': gemini_api_key,
'X-GEMINI-PAYLOAD': b64,
'X-GEMINI-SIGNATURE': signature,
'Cache-Control': "no-cache"
}
response = requests.request("POST", url, headers=headers)
print(response.text)
I am trying to get an access token for Paypal's RESTful web services but unfortunately not making any headway. This is my first time dealing with REST, so please be patient with me :)
Here is what I have:
Client_id and secret as provided by Paypal for a sandbox account through the paypal developer website.
The ENDpoint: https://api.sandbox.paypal.com/v1/oauth2/token
The documentation that i am referring to is : https://developer.paypal.com/webapps/developer/docs/integration/direct/make-your-first-call/
Now the juicy part of making that API call. I am developing in PHP so I am using CURL to make the calls. something like this;
const CLIENT_ID = ****..*** ;
const SECRET = ***..***;
$base64EncodedClientID = base64_encode(self::CLIENT_ID . ":" . self::SECRET);
$headers = array("Authorization" => "Basic " . $base64EncodedClientId, "Accept" =>"*/*", "Content-type" => "multipart/form-data");
$params = array("grant_type"=>"client_credentials");
$url = "https://api.sandbox.paypal.com/v1/oauth2/token";
$ch = curl_init();
curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, true);
curl_setopt($ch,CURLOPT_HEADER, $headers);
curl_setopt($ch,CURLOPT_POSTFIELDS,$params);
$response = curl_exec($ch);
Pretty vanilla right? Except that I do not get the JSON response that I expect from Paypal but false. This implies that my CURL request was not prepared well, perhaps I am setting the header incorrectly or the params are incorrect. Regardless, the URL is definitely accessible since I was able to access it through command line with the same credentials and got the desired JSON response.
The one glaring problem I have with the above code is that I am providing the client_id and secret as a header option. basic sense tells me that they need to be part of the POST field data However, if you look at line 89 of this Github code https://github.com/paypal/rest-api-sdk-php/blob/master/lib/PayPal/Auth/OAuthTokenCredential.php (Paypals' official PHP REST SDK), it clearly states that the credentials are being set in the header field.
Where am I messing up ?
With curl you don't need to manually generate the base64 encoded value for the Authorization header just use the CURLOPT_USERPWD option and pass the clientID and secret as the user:pwd.
curl_setopt($curl, CURLOPT_USERPWD, $clientId . ":" . $clientSecret);
here is a sample - look for the get_access_token() method:
https://github.com/paypal/rest-api-curlsamples/blob/master/execute_all_calls.php
Had the exact same problem you ran into. The issue is that PayPal accepts the content-type application/x-www-form-urlencoded. Your code is attempting to send multipart/form-data. CURL by default sends application/x-www-form-urlencoded, but you are passing your data as an array. Instead, you should be passing the data like a url encoded string since this is what application/x-www-form-urlencoded data looks like:
$params = "grant_type=client_credentials";
Your headers have the same problem. Pass it as an array of strings instead of a dictionary. For instance:
$headers = ["Authorization Basic " . $base64EncodedClientId];
Also, you don't need those other two headers you passed in. The 'Accept' header does nothing since you are accepting everything, and the Content-type is wrong for one, and two is defaulted to 'application/x-www-form-urlencoded' by CURL so unless you need to override that, there is no need.