Sharepoint _api/contextinfo fails with 401 Unauthorized using PostMan - rest

Im currently using Postman app to try the various Sharepoint Api.
To retrieve the RequestDigest i understand there has to be an api call to /_api/contextinfo with nothing in Body and Accept as application/json; odata=verbose in the Header. However i get 401 AUTHORIZED error as return rather than the digest value Postman screenshot
I have tried setting the Authorization to Basic in the first tab and entered the domain credentials (which has access to the site) however it still fails.
How to resolve the error

I faced the same issue with Postman Desktop application.
The solution I found is to use the NTLM Authentication.
However, I still have to figure out how to perform this from an external Java application that would reach the REST API.

Related

Making a custom mattermost client with Flutter, but login headers do not return the necessary headers

Summary
Cannot get headers [“Set-Cookie”] when login into the system with custom login
Steps to reproduce
Use Postman, try to login to workspace with your credentials, view headers. You will not see the “Set-Cookie”
Expected behavior
Request headers should have the “Set-Cookie” headers.
Observed behavior
Request headers does not have the “Set-Cookie” headers.
Extra info for context
Im currently developing a custom app for our company using mattermost as the backbone. I created the login and moved on to design the rest of the app, when I went to start making api request all of them would fail. After checking the web client to verify why they were failing, I saw the login had the “set-cookie” headers and they would be used in every request. There I understood my problem.
I needed the set-cookies for every request, so I went and checked the request headers in the app response headers and saw that they were not there. After that I tried with a custom backend that would do the request, same not there. After that I went to postman and same. Without the data in the set-cookies I can’t continue.
Any help would be appreciated,

How to consume the RSA Archer REST API to fetch Report?

Unable to retrieve ANY data when I try to fetch simple content from Archer via REST API calls through Postman or Mule.
1. Is URL below correct? What am I missing?
2. How to get Reports via Archer REST API i.e what API resource to use.
Have seen the Archer REST documentation but do not find it clear enough.
Have tried GET & POST, with Authorization configured, through Postman:
https://hostname/platformapi/core/security/login https://hostname/platformapi/core/content/123
https://hostname/RsaArcher/platformapi/core/content/123
I get 'Unauthorized: Access is denied due to invalid credentials.' error although I am told to have access.
Please suggest proper API call/path to be used and if any specific settings is to be made to retrieve data?
Archer version: 6.5
Note: Through POSTMAN and Mule, I have successfully consumed REST API from other secured applications. Struggling with Archer.
Thank you.
The documentation for Archer REST API was mentioned in a previous answer and seems to require a login into their site: https://stackoverflow.com/a/38511131/721855
This KB article shows examples on how to use the API from Powershell: https://community.rsa.com/docs/DOC-45643. It should be easy to adapt to Postman, Mule or whatever other language/tools.
I recently had the same issue. The company had anonymous authentication disabled on the api directory. The user account running postman must have access to the api directory. If you are still getting a 401, see if you anonymous access can be enabled to rule out other non-access related issues. If you are able to generate a security token when calling core/security/login when anonymous authentication is enabled, then you know the issue is that your account did not have access to the api directory. If you are not able to make the request successfully with anonymous authentication enabled, then you know the issue is likely with the way you've structured your REST call. Hope this helps!
Authentication to any Archer API is two step process. First you have to call an authentication resource or method. That will return a session token. You must then add that token to the request headers for subsequent requests. Your header would look something like this:
Authorization: Archer session-id=439C730FF83F68EFDC017ED705D9908E
Without this header, you'll get a 401 for any request other than an authentication request.

Captcha response while retrieving access_token

I'm now testing custom sharing flow in StockTwits and got stuck on authorizing the user.
I'm following the server-side oauth flow described here.
I'm using an npm lib stocktwits, but I've already tried this request from terminal using curl:
curl -X POST https://api.stocktwits.com/api/2/oauth/token -d 'client_id=439fb********3e6&client_secret=5420fa774******970c24f074b90e617&code=ccb99afde1**********de6d782029c68&grant_type=authorization_code'
After getting the code I call the https://api.stocktwits.com/api/2/oauth/token (POST) to perform exchange for access_token but I get an unexpected response with HTML in it asking to bypass a captcha instead of JSON like described in here.
I didn't solve the issue with server side flow. My purpose was to authorize in any possible way, so I just switched from server-side flow to client side and it works just fine. both approaches are described here

Using OAuth with Facebook as provider with an IBM Cloud Functions managed API

I am playing around with IBM Cloud Functions (OpenWhisk) and trying to setup authentication through OAuth with Facebook as the provider. I have setup an app with Facebook, I am able to successfully connect with this and fetch my token and I am able to verify this by fetching basic profile information (name and userID).
My problems starts when I enable OAuth in the IBM Cloud Functions API. I get a HTTP code 500 back from the call with very little information about what actually went wrong.
{"code":500, "message":"Oops. Something went wrong. Check your URI and try again."}
The only thing that is stated in the dashboard is:
You can control access to your API through the OAuth 2.0 standard. First require an end user to log in via IBM Cloud App ID, Facebook, GitHub, or Google. Then include the corresponding OAuth token in the Authorization header of each API request. The authenticity of the token will be validated with the specified token provider. If the token is invalid, the request will be rejected and response code 401 will be returned.
With this information I got that I need pass the token with the Authorization header. My best guess is that the call fails somewhere when the token is being validated.
I am using Vue and Vue-axios to perform the API call. My current call looks like this:
this.$http.get(API_URL+"?user_id="+localStorage.user_id,{headers :{'authorization':localStorage.token}}).then((response) => {
console.log(response);
});
I have tried adding bearer/Bearer or token/Token in front of the token (some posts I read indicated that you should do this), but this had no impact on the response.
If I disable the OAuth authentication from the Cloud Functions side, the code above works and correctly retrieves the data (with or without the header option).
From the Chrome Dev tools it looks to me like the token is added correctly to the request, since the request headers have the Authorization header with the token.
I am not that familiar with OAuth or IBM Cloud Functions, so the problem might have a very easy fix. However, I am unable to find documentation which clearly shows me how I am supposed set this up. I am also unable to find any logs or more information about what actually fails here. Am I missing something obvious here?
Kjetil

Twitter API code 32 401 unauthorized via postman

I am trying to get tweets from a user with his screen name, but I am getting code 32 401 unauthorized error, i tried encoding the details it's not working, Please let me know what is the issue here
Below is the get request I am sending via postman, I have attached photo for more understanding
GET /1.1/statuses/user_timeline.json?screen_name=urstrulyMahesh HTTP/1.1
Host: api.twitter.com
Authorization: OAuth oauth_consumer_key="hwWrdsCbnYA6duRPn9b5eOL2b",oauth_token="920656878140645376-spRRFqnUdYyRKXJdP2Bd1SuN1TeJP8B",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1508349347",oauth_nonce="JKLMNOPQRSTUVWXYZABC123DEFGHI494",oauth_version="1.0",oauth_signature="A0mdEkSUjwWOO8AfX0S4oU296Q4%253D"
Cache-Control: no-cache
Postman-Token: b5bfb83b-e2c6-0e23-81b0-38daee989fec
I am sure access tokens and customer tokens are entered correctly
Please point out the error
That won't work because your Authorization header doesn't follow the OAuth protocol. All of your credentials are in plain text, but the value must pass through several steps of encoding and encryption before they can be sent to Twitter. You'll have to do this with code because part of the protocol includes a timestamp, which is likely to expire before you can do it by hand. Here's the process, on Twitter's site:
Authorizing a Request
There are several 3rd party Twitter Libraries that do this in several programming languages. One of the things you might be able to do is write the code with the same parameters you're using for Postman, set a breakpoint, and copy the Authorization header when the code hits the breakpoint.
Note: You've posted code and a picture with your application secrets.
That means that anyone who wants to can use your secrets to interact
with Twitter on your behalf. To protect yourself, you should either
re-key or delete the Twitter application (if it was just for test) and
create a new one with new secrets.