URL :
https://circuitsandbox.net/rest/v2/webhooks
My Headers :
Content-Type : application/x-www-form-urlencoded
Authorization : Bearer ot-xxxxxxxxxxxx
Body :
url - Some URl
filter - CONVERSATION.CREATE
Error I am getting :
"The permission to access this resource is not granted. Scopes ::= [ALL, READ_CONVERSATIONS, READ_USER]"
Plus If i want to send extra filters thn will it be comma separated values?
If you are getting a 403, I would suspect a scope error (as mentioned by Roger) or an authentication problem.
For the first, please show us which scopes are currently selected for the application ; for authentication, can you check if you can make other API calls successfully ?
Here is what it looks like in Postman
Make sure your app registration contains the scopes that your app is asking for. For a simple outgoing webhook registration you would only need the scope READ_CONVERSATIONS.
See https://github.com/circuit/circuit-REST-bot/blob/master/app.js for an example on how to register for a webhook. This example registers for CONVERSATION.ADD, but CONVERSATION.CREATE is very similar.
If you still have problems please post a code example, or even a link to an app on repl.it.
Here is an example HTTP request to register the webhook. Note that the body is sent as text/plain (which is the default and its header can be omitted). Also note that the callback url is http. https is not yet supported.
POST https://circuitsandbox.net/rest/v2/webhooks HTTP/1.1
Host: circuitsandbox.net
Content-Type: text/plain
Authorization: Bearer <token>
url=http://90587c6d.ngrok.io/webhook&filter=CONVERSATION.CREATE
and here is a curl command
curl -X POST https://circuitsandbox.net/rest/v2/webhooks -H "Authorization: Bearer <token>" -d "url=http://90587c6d.ngrok.io/webhook&filter=CONVERSATION.CREATE"
Related
I need to get an OAuth token using a simple POST request.
In Postman, we configure OAuth tokens via the following configuration:
When I click "Get New Access Token", postman makes a request against the Access Token URL.
How does one see what that request looks like? Are these parameters (client id, client secret, etc.) placed in a POST body? What are the headers? I'd like to see the request structure in plain text.
Essentially I need to emulate this request in a script, where I have to include the credentials in the body itself, where the body would look something like this:
{
"Access_Token_URL":"myURL",
"Client_ID":"myClientId",
"Client_Secret":"myClientSecret",
"Scope":"myScope"
}
That request follows the OAuth 2.0 specification, using the client_credentials grant, and it will use an Authorization Basic header to authenticate the client; so its body will look like this:
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic bXlDbGllbnRJZDpteUNsaWVudFNlY3JldA
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&scope=MyScope
Where bXlDbGllbnRJZDpteUNsaWVudFNlY3JldA is the Base64-encoded value of myClientId:myClientSecret.
Note that the Content-Type is application/x-www-form-urlencoded.
Also note that what Postman calls the Access Token URL is actually named Token Endpoint in the OAuth 2.0 terminology.
I have started using Postman to map out my API and also wanted have a quick, easy way to document it and share it.
My API is using JWT for auth and this token needs to be present in each request except login.
In order to keep it DRY I have used Postman collection Authorization
as explained on their blog http://blog.getpostman.com/2017/12/13/keep-it-dry-with-collection-and-folder-elements/
Example of how I set up collection authorization type bearer
This header is being used by my API as type "Inherit auth from parent" and this works with no problems during my requests.
But if I choose to view collection in browser this header is not displayed in the request or examples see screenshot.
Collection documentation as viewed in web
Here is the cURL request in Postman:
curl -X GET \
https://example.api/v1/auth/user \
-H 'Content-Type: application/json'
Is it possible to display the auth header while using the collection settings or I should add the header myself for each request in order to make sure that this is added in the examples and documentation?
Edit:
I've found that if I hover over the Authorization header I get the following message:
This temporary header is generated by Postman and is not saved with your request.
Here is a screenshot from the app with Postman collection temporary headers.
This issue will fix in 2 or 3 mounths.
You can track the issue status in https://github.com/postmanlabs/postman-app-support/projects/40#card-33062423
If you are setting up that JWT Token as request headers then it should get displayed in the documentation. Below are the Steps how i am generating and setting up jwt token:
Login api to generate jwt token.
saving that token as environment
variable Using that variable in each request which requires
Authorization header.
please see the screenshot
I am using Postman Tool and Insomnia(Hurl.eu) Tool to make a Particular webRequest.
I get the Response 200 from Insomnia but i am getting 403 Forbidden error from Postman.Here are the Preview messages from both
Postman:
POST /ccadmin/v1/login HTTP/1.1
Host: ccadmin-test-XXXX.oracleoutsourcing.com:443
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.NlCxWPgJAizSO60YeIBQRjgrYlgUhywr8vmnIca69A=ehkZS1iMzUyLWZkNmE1ODM1ZDM3NSIsImlzcyI6ImFwcGxpY2F0aW9uQXV0aCIsImlyJleHAiOjE1MDU4MzQ5NjIsInN1YiI6ImRiZTYwMGFkLWQwNjYtNDhdCI6MTQ3NDI5ODk2Mn0=.
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
Insomnia(Hurl):
POST /ccadmin/v1/login HTTP/1.1
Host: ccadmin-test-XXXX.oracleoutsourcing.com:443
Accept: */*
Content-Type: application/x-www-form-urlencoded
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.NlCxWPgJAizSO60YeIBQRjgrYlgUhywr8vmnIca69A=ehkZS1iMzUyLWZkNmE1ODM1ZDM3NSIsImlzcyI6ImFwcGxpY2F0aW9uQXV0aCIsImlyJleHAiOjE1MDU4MzQ5NjIsInN1YiI6ImRiZTYwMGFkLWQwNjYtNDhdCI6MTQ3NDI5ODk2Mn0=.
Content-Length: 29
Both request looks similar ,but i am getting 2 different responses.
I also disabled Postman Settings->
i)Send Postman Token Header
ii)Send no-Cache Header
I hope this will help you.
I have found that sometimes Postman behaves a bit weird when you are using Bearer Authorization, this since they made an update to the app and added the "Authorization" tab.
This has happened to me more than ones, specially on pre existing collection.
Let's give it a shot.
Delete the Authentication key on your header, I can see you wrote that one manually. And lets Postman handle that.
Open the Authorization tab, select the Bearer token type from the dropdown, add your token on the window in the left side.
Click on Preview Request.
Now you should be able to see the token on the headers "greyed out"
Open the console, this will help you checking the request and maybe you will find an adicional error.
On the console you can check the raw request and response, it helps.
Also you should try making a request from your machine using CURL ‘yes you can usit on windows and mac’, this way you can discard that you have a closed port.
Good luck
I'm trying to create a bot which interacts with Facebook Messenger. I've set up my webhook and can receive messages coming from Facebook. However, when I try to send a message, I get the following error back from Facebook:
{"error":{"message":"(#100) The parameter recipient is required","type":"OAuthException","code":100,"fbtrace_id":"F3iVNecj10i"}}
However, I've definitely got the recipient ID in my request. I've sent the request with my bot, cURL and the Chrome Poster extension and get the same result each time. The JSON I send is:
{"recipient":{"id":"XXXXXXXXXXXXXX"},"message":{"text":"hello, world!"}}
When using cURL, I took the example directly from the Facebook documentation and send this:
curl -k -X POST -H "Content-Type: application/json" -d '{"recipient":{"id":"XXXXXXXXXXXXXXXX"},"message":{"text":"hello, world!"}}' "https://graph.facebook.com/v2.6/me/messages?access_token=ACCESS_TOKEN"
The only difference between this and the example on Facebook is the -k which stops cURL from checking the SSL certificate. I'm tunneling through to my app using ngrok for the incoming messages but sending my requests direct to the Facebook Graph API. The fact that it's happening in my app, cURL and Chrome Poster makes me think that it's something to do with the request (but I can't see what) or my Facebook app setup. Any help is greatly appreciated.
Turns out there were a few issues. The cURL request didn't include the quotes in the JSON so the quotes had to be escaped with \ characters. The Chrome Poster request didn't work because "content-type: application/json" wasn't set in the header. And my webapp didn't work because the JSON had a ";" at the end of it.
So, the Facebook message was an indication of poorly formatted JSON, just not a very direct one!
Check that the JSON payload is well formed.
I used the Postman.app to help me out with this — it's also available on Windows.
Steps
Copy the URL into the "Enter request URL field". This would include the access_token
Change the HTTP verb to GET
Under the "Headers" header, set Content-Type to application/json
Under the "Body" header, select "raw" and paste your JSON payload there. Make sure that this JSON payload is well formed by watching the error indicator displayed beside the line numbers.
Once I got this fixed, I was able to move on to the next step.
I got similar error some time back. Try using Postman. I tried the same request and replaced the user id and the page access token. It works fine.
Click on the Import button on the top and paste your curl request under raw. Then try running the call. If you get the same error, go to the body and modify it. Make sure you put this in the body part of the Postman request. Replace the recipient id with yours.
{
"recipient":
{
"id":"123456789"
},
"message":
{
"text":"hello, world!"
}
}
This is the full cURL call : Change Recipient ID and Page Access Token
curl -X POST -H "Content-Type: application/json" -d '{ "recipient":{"id":"1234567" }, "message":{ "text":"hello from bot" }}' "https://graph.facebook.com/v2.6/me/messages?access_token=PASTETHETOKENHERE"
I have integrated twitter in my app. but I am not able to log out the session of the user.
For logging I am using http://%##twitter.com/statuses/update.xml
and passing the username and pswd in the url. Inside body i pass the string that needs to be updated and its working fine.
Now For log out they have an request called
http://twitter.com/account/end_session
and it is been said we need to use post request. But I am not able to get what we have to pass in body and header so that twitter should know which user has requested for log out.
Below is the link of documnetation but I didnt suceed in this.
http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-account%C2%A0end_session
Waiting for reply
Thanks in advance
When you are posting to statuses/update.xml using the method you described, you are not logging in, you are simply updating the user’s status and passing the user name and password with the request. As you are not logging in, there is no session and no need to log out. This is good, because it’s easy, and it’s bad, because it’s insecure – you’re passing the password openly. Read the documentation about authentication. The authentication method you’re using right now is called “Basic Auth” there.
You can look at how you post looks in the HTTP request:
$ nc -l 1234
$ curl -d "Status update" http://user:passwd#localhost:1234
The output from netcat looks like this:
POST / HTTP/1.1
Authorization: Basic dXNlcjpwYXNzd2Q=
Host: localhost:1234
Accept: */*
Content-Length: 13
Content-Type: application/x-www-form-urlencoded
Status update
The Authorization line is the “Basic Auth” as described by the Twitter API docs and Wikipedia.