I set up a test bot in a botpress environment and am trying to access the chat via the converse api (is this not the right way?), using these endpoints:
Login on the Admin UI # #name login POST {{baseUrl}}/api/v1/auth/login/basic/default Content-Type: application/x-www-form-urlencoded
email={{email}}&password={{password}}
#authToken = {{login.response.body.payload.jwt}}
List All Bots (need to login first) GET {{baseUrl}}/api/v1/admin/bots Authorization: Bearer {{authToken}} X-BP-Workspace: default
#botId = YOUR_BOT_ID
Send a request using Converse POST {{baseUrl}}/api/v1/bots/{{botId}}/converse/{{userId}} Content-Type: application/json
{
"type": "text", "text": "hey"
}
...I can authenticate okay and receive the bot list. But the last, most important call does not work. I authenticate with my admin account. In the conversation studio it is not possible to create users. Where do I get "userId" from?
Related
Can someone explain how to implement token authentication in Flutter? I don't understand how this process works. Can someone tell me step by step or even show with examples how this happens? I use Swagger to implement.
Request URL:
https://api.dev.certihire.com/api/v1/sessions
Response body:
{
"_v": "1.0",
"data": {
"user": {
"id": 606,
"firstName": null,
"lastName": null,
"email": "lysohor.rostyslav.cr#gmail.com",
"phoneNumber": null,
"role": "User"
},
"token": {
"accessToken": "eyJhb....ms",
"refreshToken": "eyJhb....AI",
"expireDate": "2022-06-07T12:26:18Z",
"type": "Bearer"
}
}
}
Response headers:
api-supported-versions: 1.0
connection: keep-alive
content-type: application/json; charset=utf-8
date: Tue, 24 May 2022 12:26:18 GMT
server: nginx/1.12.2
strict-transport-security: max-age=31536000
transfer-encoding: chunked
x-content-type-options: nosniff
The process is quite simple, really. When you get your response body, retrieve both tokens (access and refresh) and the user ID and store them safely (e.g. using flutter_secure_storage)
When you re-enter the app, check if the tokens exist (at least the refresh token) and if yes, you can use the user ID to automatically log in. If there is no token, or the server replies with it not being valid (with a status code most likely equaling 401, but it depends), you should redirect the user to the login page for manual re-authentication.
Every request to a protected route should be made with the access token. Usually, the access token has a purposely short expiration date, so that only 1-2 resources can be used using this token. You can then use your refresh token to regen a token pair and retry the original request.
If you use JWT, the information about the expiration date is built into the token, so there is no need to send it. Client side, you should build your requests with the authentication type in mind, in your case using Bearer <'token'>. The logic to verify signed tokens is usually server-side, and the client's concern should only be storing them safely.
As a final note, HTTP(s) requests in Flutter can be done using the http package.
Use shared preferences to store the refresh and access token when the user has logged in. After that whenever the app starts check if there is any access or refresh token stored inside the shared preferences. If present then move to the main screen of the application otherwise move to the login screen. Also, do check if the stored refresh token is valid or if it's session has expired. In case expired, do log out and clear the shared preferences so that next time when app starts it will not find any token inside the shared preferences and the user will see the login screen again. Same with any logout button provided for log out for the user.
For shared preferences you need to add shared_preferences package inside your pubspec.yaml file.
I was having the hardest time trying to generate the OAuth2 token to integrate with the Bitly API v4. Their documentation was hard to comprehend and I couldn't find much online or on StackOverflow on how to accomplish it. I was able to get it to work and wanted to share the solution for anyone else who will be scratching their heads in the future.
Below is a step-by-step guide for Generating Generic Access Token, Retrieving the Group Guid, Generating the OAuth2 token, and calling the Bitly shorten API request.
Bitly API- Steps to get oAuth2 Access token and using the shorten request to retrieve a Tiny Url using Postman:
After spending the better half of a day trying to figure this out I figured I would post this so it could help someone trying to integrate with Bitly API V4.
Note: Bitly API V3 will be deactivated on March 1st, 2020 so be sure to migrate to V4 as soon as possible. All the guids and other private fields in the responses have been altered for privacy.
Click this link to refer to the Bitly API Documentation
1.) Generate Access Token:
Log into bitly.com with your credentials and click on the Hamburger menu in the top right. Click on your Username and then click on the Generic Access Token. This Generic Access token is needed to retrieve your Group Guid. You will need this Group Guid to make the shorten URL Request along with your access token.
2.) Retrieve Group Guid:
Make a GET Request to https://api-ssl.bitly.com/v4/groups to get your group_guid. You will use your Generic Access Token in the Authorization Field.
Below is a picture how the Headers should look:
You should get a JSON Response back that looks similar to the JSON below:
JSON Response of the Retrieve Group Guid GET Response:
{
"groups": [
{
"created": "2019-12-18T13:45:21+0000",
"modified": "2019-12-18T13:45:21+0000",
"bsds": [],
"guid": "XZXUYSJAJ43",
"organization_guid": "JsjFtE841883",
"name": "username",
"is_active": true,
"role": "org-admin",
"references": {
"organization": "https://api-ssl.bitly.com/v4/organizations/JsjFtE841883"
}
}
]
}
Your guid value is your group_guid used in your shorten, and other requests.
3.) Retrieve your client_id and client_secret
Register your application by logging into bitly.com with your user credentials and your application will be assigned a client_id and a client_secret. You can accomplish this by clicking on the Hamburger menu on the right side of the page, click on your username, Registered OAuth Apps, and at the bottom their should be a button that says REGISTER NEW APP.
4.) Generate OAuth2 Access Token
Refer to the Bitly Documentation and under the Authentication tab navigate to "Exchanging a Username and Password for an Access Token".
• Open Postman
• Create a new POST request to https://api-ssl.bitly.com/oauth/access_token.
• Copy the Curl Command but replace username with Bitly Login Username and password with your Bitly Login Password.
• Click on the Import tab and select Past Raw Text and paste over curl command
• In the Authorization tab paste your client_id into the Username field and client_secret into the Password field. This will do the base64encoding for you.
• Your Headers only need the Host and Content-Type key and Value. Your Authorization will be be a temporary header field and will be automatically generated for you.
• Your Body needs:
grant_type: password (the actual word password)
username: your username for bitly.com
password: your password for for bitly.com
Below is a picture of what your Body should look like:
• Click Send and you will receive your access token.
5.) Shorten URL
• Open new tab in Postman and make a Post request to https://api-ssl.bitly.com/v4/shorten
• Headers should include:
• Host: api-ssl.bitly.com
• Authorization: Bearer (your accesstoken from step 4)
• Content-Type: application/json
• Your Body should include this JSON:
{
"long_url": "http://twitter.com",
"group_guid": "guid field from Group Guid Response in Step 2"
}
• Click Send and you should see get a JSON Response like this:
{
"created_at": "2019-12-18T21:50:47+0000",
"id": "yhoo/2PYRS",
"link": "http://yhoo/2PYRS",
"custom_bitlinks": [],
"long_url": "http://yahoo.com/",
"archived": false,
"tags": [],
"deeplinks": [],
"references": {
"group": "https://api-ssl.bitly.com/v4/groups/yourgroupguid"
}
}
The link value in the JSON Response will be your new Tiny URL Link.
i am using postman as a rest client to get the login authentication token from HP ALM 14.
Using API
https://something.com/qcbin/authentication-point/authenticate
Request Body
i tried both format in request body
XML Format
<alm-authentication>
<user>username</user>
<password>password</password>
</alm-authentication>
JSON Format
{
"username": "username",
"password": "password"
}
the response for the above api is
in the above image only i got JSESSIONID and BIGipServerMSGRDG01PEX but in the document and some other tutorial they used four tokens
1.LWSSO_COOKIE_KEY
2.QCSession
3.ALM_USER
4.XSRF-TOKEN
how can i get all these tokens and set in the future api request in postman?
Do a post request for this url "https://something.com/qcbin/api/authentication/sign-in"
using basic authentication
I'm using rest to authenticate users to Bluemix using an API key. I would also like to implement username and password authentication.
def auth(self):
self.log.debug('Authenticating to CloudFoundry')
url = self.info['authorization_endpoint'] + '/oauth/token'
headers = {
'Content-Type': 'application/x-www-form-urlencoded;charset=utf-8',
'Accept': 'application/x-www-form-urlencoded;charset=utf-8',
'Authorization': 'Basic Y2Y6'
}
if self.api_auth:
data = 'grant_type=password&username=apikey&password={}'.format(self.api_key)
elif self.userpass_auth:
data = 'grant_type=password&username={}&password={}'.format(self.username, self.password)
else:
raise ValueError()
# send request ...
However, when I attempt to make the request using username and password, I receive the response:
{"error_description":"BMXLS0202E: You are using a federated user ID,
please use one time code to login with option --sso.","error":"unauthorized"}
So I can send my users to the SSO web page to get a token, but what REST api do I need to make when they have the SSO token? Or, do I use the same rest api as I am doing above, but instead provide a different parameter?
Why do you want to support username and password (I feel like I'm missing a piece of the puzzle here)?
I'd recommend using API tokens as a general good practice - some of the federated logins require a web-based token step which isn't great when working with integrations.
I am trying to install a webhook for leadgen event for my page via a facebook app. So I have:
Facebook Page where leads come from
Facebook App
Webserver where I want to save leads
App and webserver are connected well I believe. Webhook is shown at app page etc. But when I am trying to create a test lead with this tool https://developers.facebook.com/tools/lead-ads-testing I am getting a POST request with no data in it.
I was suspecting permissions problems, but I am able to check a lead from page (via leadgen_id) directly with PHP SDK and the POST request is sent from Facebook just by URL, so they don't know about tokens yet.
UPD Plain POST request to the same url (curl -d "param=value" https://..url..) works as expected.
Facebook sends webhook data as Content-Type: application/json, not as …: application/x-www-form-urlencoded (as a normal form with method=post would.)
Therefor, PHP does not populate $_POST – you need to read the raw input stream instead. That can be done using file_get_contents('php://input') – and then just apply json_decode on that data, and you’ll have a proper data structure to work with.
Facebook sends the leads data in the request body. If you are using a framework, please check if you have access to the request body.
Try using a third party intermediate service like Runscope to see the full request, it is very usef
This code works for me...
if (!empty($_REQUEST['hub_mode']) && $_REQUEST['hub_mode'] == 'subscribe' && $_REQUEST['hub_verify_token'] == "<mytoken>") {
echo $_REQUEST['hub_challenge'];
} else {
$data = json_decode(file_get_contents("php://input"), true);
file_put_contents('logFB.txt', print_r($data, true));
}
First part is for verifying webhook, second for getting data from facebook webhook.
Hope this will help...
In case you are using the django framework, you should request.body, as post data will remain empty.
def webhook_response(request):
# it will print the contents from facebook webhook response
print(request.body)
# something like the following object will print up if you are using leadgen
{"object": "page", "entry": [{"id": "0", "time": 111111111, "changes": [{"field": "leadgen", "value": {"ad_id": "444444444", "form_id": "444444444444", "leadgen_id": "444444444444", "created_time": 11111111, "page_id": "444444444444", "adgroup_id": "44444444444"}}]}]}