I have the following code:
string tokenValue = "221e0a91-6530-4790-a969-d1da75b0afd2";
// Configure httpClient to use the above token.
httpClient.DefaultRequestHeaders.Add("token", tokenValue);
The subsequent calls (HEAD, POST, GET) all work fine.
When I try to do the same thing using Swagger Inspector, it fails. I am able to get a token using Swagger Inspector site, and I place the token into a HEAD call as follows:
But as I said, the call fails, with "Authorization has been denied for this request." message returned as an XML file.
I also tried the two other options available on the same page: Basic Authentication, and OAuth 2.0/JWT, all with HTTPS. They all fail.
How can I go about understanding why it's failing?
Also: Is what I am using above called "Bearer Authentication"?
I have below 2 things to mention from your screenshot:
Response for HEAD method never contains the response body, it always contains the response headers
for more details of HEAD: HEAD Request
But in your case response-body is also present (maybe of CML content type).
You should use OAuth 2.0/JWT option on the same page to pass the token along with your request.
To answer your question related to Bearer Authentication:
No, the one you are trying to use is not at all Bearer Authentication.
In your case, "token" will be considered as Custom/User HTTP Header.
Related
web-service has token parameter. In swagger and postman I send get-request properly (status 200). In Poastman creating request is very easy because it has separate pages for parameters and headers.
As for Rest Debugger I couldn't create and sent right get-request( appears error 400).
I tried many ways but without success:
I write token in request parameter section of Rest Debugger as key-value pair like "token"= "abcd12345..."
or
I write base URL and resouce together in URL-field like:
https://testserver.com/currencies?token=abcd12345..... or
I write resource separately in resouce field of Rest Debugger and base -URL in URL-field
but in all cases server returns error 400:
"the token field is required".
screens of swagger, curl, postman and rest debugger.
We suppose that a better solution is to use Postman for this task, if it works as expected and is more user-friendly. But if it’s principal thing – you can do it in Rest Debugger.
Go to the “parameters” tab -> click the “Add” button -> change “Kind” field to “HEADER” -> “Name” field to ‘’token” -> “value” to your token value.
You can see that in Postman you use a header to send token value, but in Rest Debugger simple param – that’s why you get different results.
Try to define it as header.
Use Parameter section and use [HEADER] instead of [GET/POST]
I'm new to APIs and I'm trying to understand how to get a response from a prompt using OpenAI's GPT-3 API (using api.openai.com/v1/completions). I'm using Postman to do so.
The documentation says that there is only one required parameter, which is the "model." However, I get an error saying that "you must provide a model parameter," even though I already provided it.
What am I doing wrong?
You can get this to work the following way in Postman with the POST setting:
Leave all items in the Params tab empty
In the Authorization tab, paste your OpenAI API token as the Type Bearer Token (as you likely already did)
In the Headers tab, add key "Content-Type" with value "application/json"
In the Body tab, switch to Raw, and add e.g.
{
"model":"text-davinci-002",
"prompt":"Albert Einstein was"
}
Hit Send. You'll get back the completions for your prompt.
Note alternatively, you can add the model into the Post URL, like https://api.openai.com/v1/engines/text-davinci-002/completions
While above works, it might not be using the Postman UI to its full potential -- after all, we're raw-editing JSON instead of utilizing nice key-value input boxes. If you find out how to do the latter, let us know.
What solved it for me was adding the content-type header:
"content-type:application/json"
I'm trying to access the SmartSheets REST API as described in the "Getting Started" documentation here: https://smartsheet-platform.github.io/api-docs/#getting-started and elsewhere. I generated an access token in the UI and, using Postman, tried a couple of simple GET requests cribbed from the documentation:
https://api.smartsheet.com/2.0/users/me
https://api.smartsheet.com/2.0/sheets
I set the Authorization and Content-Type headers as indicated. In both cases, I get Http 403-Forbidden errors with the message "You are not authorized to perform this action."
So how do I get authorized to perform these (or any other) actions?
You might want to verify that your access token value is correct. Also, when you set your Authorization header, are you including "Bearer " before your access token?
In Postman, it should look something like this:
Just a typo. I was including "Bearer" in the authorization header, but I had 2 spaces between "Bearer"and the token. You can only have one.
I am new in API gateways. I have python based API deployed on an EC2 server. I can access this as URL http://xxx.xxxxxxx.com/RPC2/. I can see objects, methods in this URL. I am trying to use API gateway for same.
Created API. (ExampleAPI)
Created POST method. (given path http://xxx.xxxxxxx.com/RPC2/ as end point URL ). I have not created the resource since I am expecting HTTP Proxy for all Methods of the resource. Its looks fine when I put my content in the request body. I get a response.
Now I have deployed it to one stage dev1. Got a new endpoint URL.
Also created an API key and attached it with dev1. Also Set API key required true in POST Method Request.
Questions.
1. When I hit dev1 URL (https://xxxxxxxxxxx-api.us-east-1.amazonaws.com/dev1), it does not give me same page as http://xxx.xxxxxxx.com/RPC2/. It gives me {"message":"Missing Authentication Token"} error. Am I missing some fundamentals here?
http://xxx.xxxxxxx.com/RPC2/ do have several methods, so how can I use it? All of them are POST methods. Can I set some parameters or some request body, or some templates? How can I improve this process?
How can I use API key here? Or it won`t work in POST method?
If i do curl -H "Content-Type: application/JSON" -X POST -d "{\"method\": \"app.menu\",\"params\":[] }" https://xxxxxxxxxxx-api.us-east-1.amazonaws.com/dev1 i get same response as i curl http://xxx.xxxxxxx.com/RPC2/. is it the only way to access my dev1 URL or I can create individual methods or string parameters.
Regards,
Ashish
See answers posted to this forum:
When i hit dev1 URL (https://xxxxxxxxxxx-api.us-east-1.amazonaws.com/dev1), it do not give
me same page as http://xxx.xxxxxxx.com/RPC2/. It gives me
{"message":"Missing Authentication Token"} error. Am i missing some
fundamentals here ?
If you are hitting the URL in a browser with a GET method, it will not
work. You have to specify all of the HTTP methods on a resource that
you want the client to access. If you hit a method that is not
defined, you get that message.
http://xxx.xxxxxxx.com/RPC2/ do have several methods, so how can i use it? all of them are POST methods. Can i set some parameters or
some request body, or some templates. how can i improve this process.
Yes if you are mapping to an RPC API then you can build the REST
methods/resources in API Gateway and set a static value for the header
or in the body, wherever the RPC action is expected by the backend.
How can i use API key here? or it won`t work in POST method? Because while accessing from curl, it works fine without API key.
First you should set API Key Required on the method (Method Request
page), then you'll have to add the API Stage to the API Key and make
sure it's enabled. After all that, if you send the API Key in a header
called 'x-api-key' it should work, otherwise you should get a 403
response saying "Forbidden".
If i do "curl -H "Content-Type: application/json" -X POST -d "{\"method\": \"app.menu\",\"params\":[] }"
https://xxxxxxxxxxx-api.us-east-1.amazonaws.com/dev1" i get same
response as i curl http://xxx.xxxxxxx.com/RPC2/. is it the only way to
access my dev1 URL or i can create individual methods or string
parametrs.
You will have to create each method in API Gateway (like GET) and they
can all point to the same backend url but specify a different RPC
action in the header or wherever it is specified.
I'd encourage you to check the public developer guides for parameter
mapping and payload transformation to learn what tools we have in API
Gateway.
I'm trying to create a comment with Github's api, but it's failing, and I'm looking for debugging tips.
I'm using the url listed in the api docs, which correctly returns a list of comments for a GET request. When I try to do a POST request, I get a 404 response. I'm using an Ajax request from a browser with cors, and I have an OAuth token in the 'Authorization' header field.
The url looks like:
https://api.github.com/repos/username/repo/commits/sha/comments
The post body looks like:
{"body":"hello!","commit_id":"same_as_sha_in_url","line":79,"path":"path/to/file.js","position":2}
I'll answer my own question. It was apparently because my OAuth scope was read-only. Adding 'public_repo' and 'repo' to my OAuth scope fixed the problem.