Github graphql replying with 405 - github

I'm trying to get my github profile detail from github using the graphql endpoint 'https://developer.github.com/v4/explorer/' and after creating a personal token i'm getting a 405 error, this is my code please what am I doing wrong error messageenter image description here

The page you're attempting to load is a UI tool to help developers explore GraphQL. In other words, it's a normal webpage, not the GraphQL endpoint.
The error message you're getting is a 405 Method Not Allowed. That's because you're making a POST request to this page, but that isn't a valid method here. Because this is a normal webpage, you probably need to use a normal GET request if you want to load it.
If you're looking to make a GraphQL request, you'll need to use the proper endpoints, which is https://api.github.com/graphql. A POST request is correct for that endpoint.

Related

Including a body in a GET, PUT, or POST request results in response of "You need to enable JavaScript to run this app"?

The short story: If I hit my endpoint /api/something with a PUT and no body, it goes through to my Lambda (via CF -> API GW -> Lambda). If I add a body to the request, it doesn't work and seems to die before hitting the API Gateway. I'm not sure why it would do this.
The long story:
I've set up a CloudFront distribution that sends requests to /api to our API gateway and all other requests just vend static website resources.
It has been working great so far for our simple use cases. We previously only hit the API Gateway with GET requests, but now we're going to start needing to send PUT or POST requests to the API Gateway. I had to update the CloudFront distribution "behaviors" for the /api path pattern (the one going to the API gateway) to allow all HTTP methods after that, I was able to start getting responses from the API Gateway for PUT and POST responses (previously only worked for GET).
However, I noticed that if I try to send a payload or body with the request (regardless of the request type), I don't think it actually hits the API Gateway or the Lambda that the API Gateway is routing to because I get a response of "You need to enable JavaScript to run this app". I tried looking at the logs but couldn't find anything. The heads shows "Error from cloudfront" but I'm not sure why or where to find what the error was.
Any tips on how to troubleshoot this or what the issue might be?
Update (10/8): I figured out the "enable javascript" thing was coming up because of my custom error pages for 403&404 errors. I deleted them in my development environment and now get a clearer error.
"This distribution is not configured to allow the HTTP request method
that was used for this request. The distribution supports only
cachable requests. We can't connect to the server for this app or
website at this time. There might be too much traffic or a
configuration error. Try again later, or contact the app or website
owner."
However, I still don't know what to do, as the request type (PUT) is enabled and the request works as long as I don't provide a body. Not sure how to get it to be ok with a body at the moment.

Problem with updating user using keycloak rest api

I have a problem with updating user using keycloak rest api, neither my requests work.
For example, I'm trying to get all realm users based on docs. I send get-request on this endpoint
http://keycloak.my/auth/realms/my_realm/account/users
but get 404 error
How to make it work? Why do I get 404, if I take this endpoint from docs?
This URL:
http://keycloak.my/auth/realms/my_realm/account/users
is incorrect.
The correct one is:
http://keycloak.my/auth/admin/realms/my_realm/account/users
For all those endpoints the base URL is ${KeycloakIP}/auth/admin/

How to send a REST request to Cloud Firestore

I've build an Android app using Firebase, but I'd like to test the performance of the Cloud Firestore using REST requests (through Postman). I've looked up some info on some sites from Firebase, but everytime I send a request, I get a 404 Not Found.
The Authentication I use seems to work, by doing a POST request to
https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=MY_API_KEY I'm able to get a Firebase Id Token.
After that I tried sending a GET request to https://firestore.googleapis.com/v1beta1/parent=projects/MY_PROJECT_ID/databases/(default)/documents/MY_COLLECTION_ID with the token as Authrorization header, but everytime I seem to get 404 Page Not Found.
I'm not sure what I'm doing wrong and I hope someone can help me with this.
Thanks in advance!
Apparently I wasn't supposed to include the parent= in the URL, I removed it and now it works just fine.

Tuleap - REST API with Cross-Origin Resource Sharing

I have a question regarding the Tuleap REST API when used with CORS.
Basically, I'm trying to make a REST call to see the backlog of my project.
Referring to the API Explorer, to do so I need to do a GET call like this: /api/projects/{id}/backlog I also need to add the custom headers X-Auth-Token and X-Auth-UserId to ensure the authentication.
When I do this request with a HTTP Request tool (Poster for Firefox) everything works fine and I get status 200.
The problem now is that I'm trying to develop an application (in angularJS) that would do the same request.
I noticed that when the page is doing the request, it starts by doing a preflight OPTIONS request which is due to the Cross-Origin-Ressource-Sharing.
It seems like the X-Auth-Token and X-Auth-UserId header are being put in the Access-Control-Request-Headers. Because of that I get an unauthorized 401 response code from the server and I can't complete the request.
I've been looking online and couldn't find my answer as how to make this call work.
There was a recent contribution that should remove the need for authentication on all OPTIONS routes in order to enable the preflight: http://gerrit.tuleap.net/#/c/2642/ It was
Integrated in Tuleap 7.2.99.36
Either your version of Tuleap is too old or there is a bug.
Note all calls still require some headers such as "Content-Type: application/json"; the integration tests should provide good examples of how to make calls:
https://tuleap.net/plugins/git/tuleap/tuleap/stable?p=tuleap%2Fstable.git&a=tree&h=9a513f2b7e765f7b9a4f7f72e9d43f40f623fec5&hb=293d47e4006531d3c0d04edfc6e7058e53c7c9c8&f=tests/rest
and
https://tuleap.net/plugins/git/tuleap/tuleap/stable?p=tuleap%2Fstable.git&a=tree&h=4d9071865a42cbd0d40f5f933b4b0b1047c54a8c&hb=293d47e4006531d3c0d04edfc6e7058e53c7c9c8&f=tests/lib/rest

REST Response Codes

When implementing a RESTful API, we should deliver the user proper responses on actions.
The architecture of REST API basing on proper building of the link and sending it with proper verb allows user to ask the API any request about any data. What response code should I provide to the user, when he will ask for method that is not implemented for the data he is asking for?
Example:
API is allowing the user to add articles via postAction but not allowing to delete articles at all. What response should I provide to the user when he will send REST DELETE request to my API? 404?
If it's a user permission issue, 403 seems most appropriate. (Forbidden - you're not allowed to do this but someone else might be able to)
If no-one is allowed to perform a DELETE but it's an otherwise valid URI, 405. (Method not allowed)
If it's an access to a non-existent resource, but DELETEs are supported against such resources, then 404 is appropriate. (Not found)
If it's more than one of these scenarios (i.e. the user isn't allowed to DELETE, and the URI they've provided is for a resource that doesn't actually exist) then you need to decide which piece of information is more important. I'd probably pick 404.
You need to respond with response code 405 Method Not Allowed.
List of status codes: Wikipedia
There are basically four methods that are used in RESTfull services. GET, POST, PUT and DELETE.
You are probably adding article using POST service.
When a REST api called using different method other than the expecting one then API automatically returns
HTTP status code 405 (Method not allowed)
If you are allowing this API to using DELETE method as well and then any one can call using DELETE method as well. If you want to disallow user to delete the particular then you may return 403 (forbidden) response code.