I'm using WSO2 1.10 and trying to integrate with Store REST API. The REST API is on v0.9. Until now, I could create an application and subscribe to an API. My problema is when I need to change the tier os this subscription. Following the recommended process, the subscription must be deleted and created again. Using the store page, works as expected, but using the API I got the following error:
{
"moreInfo": "",
"code": 403,
"error": [],
"description": "You don't have permission to access the subscription with Id {{UUID}}",
"message": "Forbidden"
}
The error happen when I use GET or DELETE methods to requests to:
{{BASE_URL}}/api/am/store/v0.9/subscriptions/{{UUID}}
It's important to say that others features like the creation of applications and subscriptions works as well, so I belevie that this behavior is a bug. There is some work around or configuration that can fix this?
I realized the problem. Using DELETE works as expected, the real problem is on GET /applications, that returns subscriptions from others tenant's, randomly. So when I try DELETE, I receive 403 because the subscription is ownered by another tenant.
There is no workaround that I could use, it was necessary think another business solution.
Related
I've trained an image classification model using autoML API and now I would like to create a JAVA program that makes predictions of given images using that model. As mentioned in the docs, this API requires the OAuth scope: https://www.googleapis.com/auth/cloud-platform.
I don't need the user to login since I will not use any private data, so I decided to use service accounts and followed the steps in OAuth2 for service accounts to generate an access token.
The process goes well and I receive the reponse:
{"access_token": "access_token_string", "expires_in": 3600, "token_type": "Bearer"}
Then, I go back to send the post request for autoML prediction, and set the header "Authorization" to "Bearer access_token_string".
I have the error message
{"error":
{
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
I know that the prediction request is correct because I've tried it using an accessToken generated for web apps (just wanted to test).
So the problem is in the authorization part, I've checked that my service account have all the required permissions as well. I d'ont know where the problem is exactly, does anyone have an idea?
So since there are no answers, I contacted the Google Support Service, they told me that the below requests are correct, the problem is in allowing the service account to access my GCP project resources. This step is explained here
I've already went through this step but I should have missed something the first time, so I deleted the service account and restarted all the steps, it's working now!
I hope this will help someone :)
I am trying to use the sabre api for creating a booking (CreatePassengerNameRecordRQ) using the testing credentials, but I am always getting the following error message:
{
"status": "NotProcessed",
"type": "Validation",
"errorCode": "ERR.2SG.SEC.NOT_AUTHORIZED",
"timeStamp": "2017-01-19T20:56:23.861-06:00",
"message": "Authorization failed due to no access privileges"
}
Anyone knows if these testing credentials allow to book fights in testing environment?
Thanks.
I guess it makes sense that the API does not work with test credentials since the PNR created would be saved into a PCC which you do not have with DEVCENTER credentials.
The target audience for the API seems to suggest the same:
Target Audience: All Sabre APIs Customers
I'd suggest you to use the 'Become a Sabre customer' form in DevStudio in order to request access to the same.
I encountered this and needed to supply an additional query parameter ?mode=create to the endpoint. I was using:
https://api-crt.cert.havail.sabre.com/v2.2.0/passenger/records
but needed:
https://api-crt.cert.havail.sabre.com/v2.2.0/passenger/records?mode=create
Unfortunately, the Sabre documentation is not clear about the values you can supply for the mode parameter and though it says mode is required, as of this writing the description reads:
Pass an optional search string for looking up inventory
So on one-hand the documentation says required, on the other hand, it says optional. Typical Sabre. I have requested their support staff resolve this.
I faced the same error and obtained a response from Sabre support for the same. Turns out you'll need a PCC code in order to use CreatePassengerNameRecordRQ API. It is a prerequisite as mentioned in the document here.
Solution
Obtain PCC code from Sabre.
Go to your user profile in Sabre Dev Studio.
Edit your profile and add the PCC code in the corresponding column.
I try to read data from google sheet via http. I use v4 google spreadsheet api:
https://sheets.googleapis.com/v4/spreadsheets/1MZJEOzkzy5iJ9HPy2GU-Ky3vdaIzGGDQH8BMt4n3OGI/values/Sheet1!A1:D5
I get:
{
"error": {
"code": 403,
"message": "The request cannot be identified with a client project. Please pass a valid API key with the request.",
"status": "PERMISSION_DENIED"
}
}
Sheet is published online and everyone can edit it. It works on api v3 too.
First, make sure you have a permission to call this spreadsheet and you enable the Sheets API in your developer console. You can also try to change the privacy settings of this spreadsheet to public and checked if you can access it now. This 403 error is usually caused by incorrect or missed some configuration in Authorizing Requests. If you authorizing requests with OAuth 2.0, make sure you use the proper scope with it.
For more information, you can check this thread on how to debug your Google OAuth 2.0 token when you get HTTP 401s or 403s
You have to append the string "key=yourAPIkey" as query on your URI. The API key is generated in the developer's console
If you update application access scope you have to re-authenticate the application and update credentials.json.
In google-sheet quick start guide, they have started the tutorial with only read scope. If you want to write or update google-sheet later you will have to change the scope there and update the credentials.json again
Look carefully when you first authenticate it only giving permission to read. But if update scope and try to re-authenticate it will ask for permission to read and manage sheet permission.
In order to update the scopes, you need to remove the token file saved in TOKENS_DIRECTORY_PATH, execute the code again and log in. Then Oauth2 will give you the new updated tokens.
need help.
I tried to start with https://developers.facebook.com/docs/marketing-api/dynamic-product-ads/ads-management/v2.3
created account. Approved it by phone.
created a business account, an ad account, an app, and so on.
linked app to ad accont like this https://developers.facebook.com/docs/marketing-api/access#standard_accounts.
Now i tried to create product catalog. i am getting same error all the time:
The app is not whitelisted to use this API
i tried to call api to cteate/list/managment product catalog.
when i did, the same by UI - i can create product catalog & feed.
but by API - all time error.
i do not understand what it need?
now try to create product set:
GET /<product_catalog ID>/product_sets/?
access_token=<my access token from app with full rights get from exploer>
{
"error": {
"message": "(#200) The app is not whitelisted to use this API",
"type": "OAuthException",
"code": 200
}
}
try to create the same:
POST : /v2.3/<product_catalog ID>/product_sets/?access_token=<my access token from app with full rights get from exploer>&name=my new prod set
{
"error": {
"message": "(#275) Ad account cannot be determined for this request",
"type": "OAuthException",
"code": 275
}
}
So what Are the changes i needed to make it work?
is it any way to made api calls work correctly?
p.s.
i guess something wrong in settings - i run unit tests in SDK - have the same situation. i have read about that problems with game app - but my app - is not a game, so i cant use solution in my situation.
if some body understand what whitelist API want - please help!
Thanks.
Hopefully this helps someone else: I was also trying to create a Product Catalog via the API in Development, and got "The app is not whitelisted to use this API".
I solved it by creating an admin system user, and generating an access token with the business_management permission.
The error is explained by the documentation you linked to - unless your app is approved for Standard access to the API it can only access a specific number of ad accounts and those accounts need to be pre-configured in the app settings
Many of the business manager APIs can't be used because they're not tied to one of those pre-specified accounts (hence the Ad account cannot be determined for this request error).
In general, the business manager APIs likely won't work for you until your app has access at the standard level, though some will if they're account-specific
You can't be an app admin and a tester/developer at the same time. You should create another facebook account for tests.
This happens also when the access token used is not from your app which has Standard Access. Also, note the dev version of the same app will not work.
Heyy, I was looking into Google apps for business and playing with the API explorer ... I have a reseller account with google let's say stack#reseller.goteam.com and this works for creating users, org units, subscriptions and so.
I want to start with the device management and investigating on these things:
1) How do I know my customerId from google cpanel ... I am looking to know how to see the info required for these requests in CPanel.
2) I am getting the below error:
400 Bad Request
- Show headers -
{
"error": {
"errors": [
{
"domain": "global",
"reason": "badRequest",
"message": "Bad Request"
}
],
"code": 400,
"message": "Bad Request"
}
}
In my request, I entered "goteam.com" as customerId..... Isn't this correct? any good posts on getting started with device management.... Please help
there are 2 basic ways to determine what customerId you need to use:
Just use my_customer, this will use the customerId of the user you authenticated as. This works perfect when working with your own domain but will not work when when you are a reseller trying to access one of your customer's domain data.
Use the users.list() API call to determine the customerId. Specify the domain, a maxResult of 1 and that the only field you want back is customerId. Here's what it'd look like in the API Explorer.
The customerId is not your domain, it's a unique ID that looks like random characters.
Lastly, you should be aware that resellers currently can't make device management requests for customers (see note near top).
I agree with Jay. Currently resellers cannot utilize the Directory API on behalf of their customers. The Provisioning API does however, work.