I want to secure .net core api with wso2 api manager ,for that i have enabled swagger on the api and able to get post response . I have created Api with swagger defination
http://localhost:5000/swagger/v1/swagger.json
and given endpoint http://localhost:5000/api/BigData which will get response in swagger ui
now i am trying to test with api working with token for that wso2api showing error
curl request from wso2-am
curl reuqest semding from wso2-am ```curl -X 'POST' \
'http://localhost:8280/api/v1/api/BigData' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Internal-Key: eyJraWQiOiJnYXRld2F5X2NlcnRpZmljYXRlX2FsaWFzIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJhZG1pbkBjYXJib24uc3VwZXIiLCJpc3MiOiJodHRwczpcL1wvbG9jYWxob3N0Ojk0NDNcL29hdXRoMlwvdG9rZW4iLCJrZXl0eXBlIjoiUFJPRFVDVElPTiIsInN1YnNjcmliZWRBUElzIjpbeyJzdWJzY3JpYmVyVGVuYW50RG9tYWluIjpudWxsLCJuYW1lIjoiQmlnRGF0YUFQSSIsImNvbnRleHQiOiJcL2FwaVwvdjEiLCJwdWJsaXNoZXIiOiJhZG1pbiIsInZlcnNpb24iOiJ2MSIsInN1YnNjcmlwdGlvblRpZXIiOm51bGx9XSwiZXhwIjoxNjI0OTIyMzg3LCJ0b2tlbl90eXBlIjoiSW50ZXJuYWxLZXkiLCJpYXQiOjE2MjQ4NjIzODcsImp0aSI6ImZiYjQ2OGQ0LWUyOTItNGEyZC1hZmEzLTdhNzFlODUxNTlhNCJ9.Xkz9jigCPs3I65kI40rigE6L8mA-w4kks3n7Cabahg1dMVEo8AVs64PXuKBshucuT_vk5ms-7wFiIiI0pdXrL1ymOlEacBtW2r1F-WvV7o9SVw6lpF4EQNsIFi96Exe5Gg0k2wSaG1iErJ2P8boOQGI66fudGfjC-Gt1RJxfE-ZwQ_aS7fNur4G7HFAbBOdSq3yNDWjsMiv9k4IBlQ-IkJj88zSM6eXnHbtiAJKB84bAkFX7PDxXzjdItGkTKBx2oW11SO27xvqlrlJCHh6dcvEKb1_XZIjyrrvQjTGTX0cTgUlL0HQFOL9RwavrDwXh_fsP51zhGbbLozuUbhUKWg' \
-d '{
"messageID": "string",
"tenantName": "string",
"tenantID": "string",
"entityID": "string",
"entityType": "string",
"dataType": "string",
"messageKind": "string",
"routing": "string",
"payload": "string",
"type": "string",
"clientID": "string",
"userID": "string",
"isAdmin": true,
"fabric": "string",
"capabilityId": "string",
"sourceSystem": "string",
"applicationName": "string"
}'```
when i check the endpoint again its showing method not allowed
As with the shared information, I believe that you have configured an API resource as /api/BigData. If that is the case, update the Production and Sandbox endpoints as http://localhost:5000 and not with the complete URL of the actual endpoint to overcome the 404 errors.
The API Manager uses and appends the API Resources that are defined at the end of the Production/Sandbox endpoints. So, when you are configuring an API and exposing that, you have to be sure of choosing the correct endpoints.
For example:
If you have an actual Backend server with the following endpoint https://backendserver/api/v1/get and https://backendserver/api/v1/post then you have to configure an API in the API Manager as following
Create an API with the following two resources
/get
/post
Configure the Production / Sandbox endpoints as https://backendserver/api/v1
Then, if you invoke the API with the API Manager endpoint (https://apimanager:8243/your-api/v1/get), the /get resource will get appended to the configured endpoint and the request will be served as https://backendserver/api/v1/get.
Hope this explains and gives you a brief understanding of the URL mappings in API Manager.
Related
I'm trying to get the teams for the logged in user for some token. With a personal access token, everything looks ok:
# properly returns a bunch of teams
curl -H "Authorization: token ghp_123abc" 'https://api.github.com/user/teams'
[
{
"name": "abc",
"id": 123,
"node_id": "abc=",
"slug": "123",
...
]
but when using an OAuth bearer token from an OAuth app, I get an empty [] from the API:
$ curl -H "Authorization: bearer gho_123abc" 'https://api.github.com/user/teams'
[
]
I know both tokens are valid since the response for https://api.github.com/user is the same regardless of token, but I just have no idea why the response would be different based on token (both have proper permissions to read:org as confirmed in the response headers)
I followed the documentation to create an external replica of cloud SQL here. I have a MySQL instance with version 8.0 on Google cloud. I successfully created the external read replica. Now, I want to demote this replica to master. I need to create a source representation instance for that. I called the following API as mentioned in the documentation.
gcloud auth login
ACCESS_TOKEN="$(gcloud auth print-access-token)"
curl --header "Authorization: Bearer ${ACCESS_TOKEN}" \
--header 'Content-Type: application/json' \
--data '{
"name": "[SOURCE_REPRESENTATION_NAME]",
"region": "[REGION]",
"databaseVersion": "[EXTERNAL_SERVER_MYSQL_VERSION]",
"onPremisesConfiguration": {
"hostPort": "[EXTERNAL_SERVER_IP]:[EXTERNAL_SERVER_PORT]"
}
}' \
-X POST \
https://www.googleapis.com/sql/v1beta4/projects/[PROJECT-ID]/instances
The API works when I set databaseVersion to 5. But it fails when I try to set to version 8.
{
"error": {
"code": 400,
"message": "Missing parameter: DatabaseVersion.",
"errors": [
{
"message": "Missing parameter: DatabaseVersion.",
"domain": "global",
"reason": "required"
}
]
}
}
Is the MySQL version 8 not supported for representational server?
From documentation:
databaseVersion should be the MySQL version running on your source database server. The choices are MYSQL_5_5, MYSQL_5_6, MYSQL_5_7 or MYSQL_8_0.
I am working with Prime Trust's API and I'm unable to create a JWT token. I am following the documentation which states the following:
Getting Started with the Custody APIs - (Sandbox Specific)
You need totake the current steps to get started via the APIs
Create a new User
Authenticate with the APIs by getting a JWT.
Create an Account.
Test Mode APIs - Approve the owner of the account for CIP and AML.
Test Mode APIs - Open an Account for Funds
I was able to create a user following the documentation, but I'm stuck on the creation of the JWT Token. According to the documentation I should create the token using the below:
JSON Web Tokens (JWTs)
JSON Web Tokens or JWTs are the preferred method of authentication for all requests besides actually generating a JWT. Since JWTs are not persisted server resources, they are not created using a JSONAPI style request or response.
Creating a new JWT
A new JWT can be created by passing a user's credentials using HTTP
Basic Authorization to the following endpoint. Any special settings on
the JWT such as IP whitelisting, expiration time or TOTP MFA must be
passed in as form values during creation.
POST /auth/jwts
Here's the example call they give:
curl --location --request POST "https://sandbox.primetrust.com/auth/jwts" \
--header "Content-Type: application/x-www-form-urlencoded" \
--form "expires_at=2019-06-06T07:30:40Z" \
--form "otp=382948" \
--form "cidr[]=192.168.1.213/32" \
--form "cidr[]=127.0.0.1/32"
I've tried a combination of different calls with the details outlined below, but have the below error on all of my attempts:
401 Unauthorized
{
"errors": [
{
"status": 401,
"title": "Not authenticated."
}
]
}
Bodies
POST https://sandbox.primetrust.com/auth/jwts
POST https://sandbox.primetrust.com/auth/jwts
{
"email": "email#email.com",
"password": "123abc"
}
POST https://sandbox.primetrust.com/auth/jwts
{
"data": {
"email": "email#email.com",
"password": "123abc"
}
}
POST https://sandbox.primetrust.com/auth/jwts
{
"name": "name",
"email": "email#email.com",
"password": "123abc"
}
POST https://sandbox.primetrust.com/auth/jwts
{
"id": {guid},
"name": "name",
"email": "email#email.com",
"password": "123abc"
}
POST https://sandbox.primetrust.com/auth/jwts
{
"id": {guid},
"password": "123abc"
}
Headers
Content-Type: application/json
expires_at: 2019-12-31T11:59:59Z
alg: HS256
typ: JWT
I recognize that my calls don't line up with the example call exactly, but my understanding from the documentation is that all that should be required is a name & password to generate the JWT token. What am I missing?
Update 1
Based on reaching out to Prime Trust support the username/email need to be included as parameters rather than in the body of the url. I tried the below URLs without success
https://sandbox.primetrust.com/auth/jwts?email=email#email.com&password=123abc&id={guid}
https://sandbox.primetrust.com/auth/jwts?email=email#email.com&password=123abc
https://sandbox.primetrust.com/auth/jwts?password=123abc&id={guid}
https://sandbox.primetrust.com/auth/jwts?name=name&password=123abc
According to docs:
Creating a new JWT
A new JWT can be created by passing a user's credentials using HTTP Basic Authorization to the following endpoint. Any special settings on the JWT such as IP whitelisting, expiration time or TOTP MFA must be passed in as form values during creation.
So basically all you need is create an Authorization header set to Basic Auth with your credentials:
curl -X POST \
https://sandbox.primetrust.com/auth/jwts \
-H 'Authorization: Basic YOUR_BASE64_ENCODED_EMAIL_AND_PASSWORD' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'cache-control: no-cache'
I am new to Google Cloud. I want to upload an image to my Bucket.
I did it successfully from the GCP Console and GCP Shell. However, I am unable to do it using REST Endpoint using API-KEY.
Here is my URL.
https://www.googleapis.com/upload/storage/v1/b/[MY_BUCKET]/o?uploadType=media&name=myhero&key=[MY_API-KEY]
I am getting the following message
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Anonymous caller does not have storage.objects.create access to [MY_BUCKET]/myhero.",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Anonymous caller does not have storage.objects.create access to [MY_BUCKET]/myhero."
}
}
This is because the bucket currently does not allow any way to allow users with the API-KEY even though the API-KEY allows the user of this key to upload an object to the bucket.
What should I do
1) if I want to go with the API-key way.
2) if I want to go with service-account way. What is the best way to generate Authorisation token? I have come till this point
{"alg":"RS256","typ":"JWT"}.
{
"iss":"761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5#developer.gserviceaccount.com",
"scope":"https://www.googleapis.com/auth/prediction",
"aud":"https://www.googleapis.com/oauth2/v4/token",
"exp":1328554385,
"iat":1328550785
}.
But I am unable to generate {Base64url encoded signature} as I am unable to figure out the private and public keys...
You are getting “anonymous caller” because you are not properly authenticated. You can authenticate using a bearer token instead of the API-KEY.
You can run the following script:
BUCKET=<BUCKET_NAME>
OBJECT=<OBJECT>
TOKEN=$(gcloud auth print-access-token)
curl "https://www.googleapis.com/upload/storage/v1/b/$BUCKET/o?uploadType=media&name=$OBJECT" -H"Authorization: Bearer $TOKEN" -H'Content-Type: image/jpg' --data-binary #$OBJECT
I can not get any data from a context BrokerInstance to display it in a Map viewer mashup. The context Broker is deployed in Fi-Ware cloud and the mashups are installed in the mashups section as recommended.
Here my entity (with the related curl request than you can roll out to check it that it responses properly):
curl 130.206.85.114:1026/ngsi10/contextEntities/Madrid -X GET -s -S --header 'Content-Type: application/json' --header 'Accept: application/json' \
> --header "X-Auth-Token: $AUTH_TOKEN" | python -mjson.tool
{
"contextElement": {
"attributes": [
{
"metadatas": [
{
"name": "location",
"type": "string",
"value": "WGS84"
}
],
"name": "position",
"type": "coords",
"value": "40.418889, -3.691944"
}
],
"id": "Madrid",
"isPattern": "false",
"type": "City"
},
"statusCode": {
"code": "200",
"reasonPhrase": "OK"
}
}
Here my mashup configuration:
NGSI Source:
NGSI server URL: http://130.206.85.114:1026
NGSI proxy URL: http://ngsiproxy.lab.fi-ware.org
Use the FIWARE credentials of the user: yes
NGSI entity types: City Monitored NGSI Attributes: position
NGSI entity to POI
Coordinates attribute: position
Map viewer:
Initial Location: Madrid
This questions related How to show an entity from in the Wirecloud MapViewer widget did not help me as long I have not any HTTPS server and I am using the recommended proxy.
Finally, point out that I tried "changing Use the FIWARE credentials of the user" to "No" and changing the "NGSI proxy URL" to other recommended configurations like http://ngsiproxy.lab.fiware.org (no score) with the same (negative) result..
Thanks for your help
I've tried what you said and I've managed to view the POI of Madrid you mention. I guess you don't see it for the security constraints on modern browsers. Have you noticed the security issue regarding access to insecure websites from HTTPS-based ones? Firefox and Chrome show a "shield" icon on the address bar, and you must acknowledge unsecure content for it to work.
For the future, using an HTTPS version of the NGSI proxy is recommended, though it will imply deploying RUSH together with the Context Broker for enablin HTTPS on Orion, or waiting for an upcoming version with HTTPS embedded.
Best regards