I need to adjust the VSTS permissions for API level POST requests. So that users should not be able to get any response or result by a POST request. But still GET requests should be worked. So how can I adjust the authorization level only for REST API POST requests?
To give users who just have permissions to request GET REST API (not POST), you just need provider PAT with read permissions for related scopes.
Related
I am trying to figure out what is needed so that my application is able to make a pull request on behalf of my user.
I have an app registration, for this app registration I am requesting the following API permission:
https://app.vssps.visualstudio.com/user_impersonation
Once the user accesses my REST API with a proper bearer token, I need to obtain the on-behalf token so that I may contact the Azure Devops APIs.
Question is what scopes do I need to request for the on-behalf-of token so that I may create pull requests as my authenticated user?
The git repo to which I'm trying to create the pull request is hosted on o365exchange.visualstudio.com.
to create pull request on Azure DevOps Serivces side, you could call the rest api: POST https://dev.azure.com/{organization}/{project}/_apis/git/repositories/{repositoryId}/pullrequests?api-version=6.0
You could find the needed scope under the doc:
You could find the corresponding scope details in the doc:
When you register your app, you could choose it here:
I hope this could do some help. Thanks.
Unable to retrieve ANY data when I try to fetch simple content from Archer via REST API calls through Postman or Mule.
1. Is URL below correct? What am I missing?
2. How to get Reports via Archer REST API i.e what API resource to use.
Have seen the Archer REST documentation but do not find it clear enough.
Have tried GET & POST, with Authorization configured, through Postman:
https://hostname/platformapi/core/security/login https://hostname/platformapi/core/content/123
https://hostname/RsaArcher/platformapi/core/content/123
I get 'Unauthorized: Access is denied due to invalid credentials.' error although I am told to have access.
Please suggest proper API call/path to be used and if any specific settings is to be made to retrieve data?
Archer version: 6.5
Note: Through POSTMAN and Mule, I have successfully consumed REST API from other secured applications. Struggling with Archer.
Thank you.
The documentation for Archer REST API was mentioned in a previous answer and seems to require a login into their site: https://stackoverflow.com/a/38511131/721855
This KB article shows examples on how to use the API from Powershell: https://community.rsa.com/docs/DOC-45643. It should be easy to adapt to Postman, Mule or whatever other language/tools.
I recently had the same issue. The company had anonymous authentication disabled on the api directory. The user account running postman must have access to the api directory. If you are still getting a 401, see if you anonymous access can be enabled to rule out other non-access related issues. If you are able to generate a security token when calling core/security/login when anonymous authentication is enabled, then you know the issue is that your account did not have access to the api directory. If you are not able to make the request successfully with anonymous authentication enabled, then you know the issue is likely with the way you've structured your REST call. Hope this helps!
Authentication to any Archer API is two step process. First you have to call an authentication resource or method. That will return a session token. You must then add that token to the request headers for subsequent requests. Your header would look something like this:
Authorization: Archer session-id=439C730FF83F68EFDC017ED705D9908E
Without this header, you'll get a 401 for any request other than an authentication request.
If I have a REST API and I want to make my own authentication system is it appropriate to make an /access_token endpoint and treat it like a REST resource or should I create a seperate service for handling generation of authentication tokens etc...?
The reason I ask is this...
For a REST endpoint when you make a POST request doesn't the response want to contain a link to the resouorce so that you can GET it? What I really want to do is return the access token as part of the response of the POST request but this seems to break the paradigm of REST and would make it different from teh rest of the API, this leads me to think that the authentication should be handled by a different service.
I'll assume you're talking about the OAuth 2.0 standard, which never forces the separation between the Authorization Server and the Resource Server.
As for the other question, the access_token endpoint ought to respond to a valid POST request with a response message that contains the actual token, without this being against REST principles.
I have an HTTP REST API that built for one of my company's devices. Ideally, the customer would have access to certain APIs, company employees would have more access, developers would have full access. Think of the device as a router - the customer can access certain settings, employees can come in and access more APIs than the customer for troubleshooting, and developers can access everything.
What are some good methods for implementing layered authorization on a REST API? Send an Authorization token or something in a POST so you can get an authorization cookie before using the REST API? I'm not familiar enough with web security to know a clunky solution from an elegant one.
you will send an authorization token in your Http Request header
Header.Add("Authorization", "bearer your_token")
I'm trying to make a call to the new Office 365 File REST APIs. (As explained here).
I'm using Postman rest client to send the request.
I have registered my application in Azure AD and given it full permissions to 'Office 365 SharePoint Online'.
I can successfully get an authorization token using the clientId generated in Azure AD.
However when I attempt to list files, using the access token I get an error.
------------------
RESOURCE HTTP GET:
------------------
URL: https://<OUR_DOMAIN>-my.sharepoint.com/personal/<user_domain>/_api/Files
HEADER: Authorization: Bearer <access token>
Response:
3001000;reason="There has been an error authenticating the request.";category="invalid_client"
What can cause this issue?
Not sure what steps you've tried to use to resolve this, so it's hard to help you out here. I've just finished writing up more detailed instructions on the steps to register an app to call OneDrive for Business. It's long and complicated right now, but we're working to make things better in the future.
You can check out the details of how to do auth here: https://dev.onedrive.com/auth/aad_oauth.htm
Make sure you aren't asking for too many permissions, since that will require your app to be authenticated by an admin instead of the end user. For most apps, you can just use the "My files" permission scopes which can be accepted by the user of your app directly.
If you post more information about what calls you're making, responses, and app configuration in AAD I might be able to help more.
You may have been using different resources.
Check whether the resource which you have used for getting access token is same as which you are requesting for getting files.
for example :
If the resource which you have mentioned while requesting access token be :: "https://tenant-my.sharepoint.com/"
Then you need to make request on the same resource for accessing files :: "https://tenant-my.sharepoint.com/_api/v2.0/drive/root/children"
The above request give list of root children.
tenant --> domain name which was registered to your organisation.
Follow this documentation for further accessing the api