I'm trying to use the Firefox Rest client extension to test out my Magento REST API. I followed this guide but I keep getting the "signature_invalid" error when making the final request to receive the access token.
Guide: http://devdocs.magento.com/guides/m1x/api/rest/testing_rest_resources.html
The URL I use for the final request is:
http://mymagento/oauth/token?oauth_callback=http://httpbin.org/get&oauth_token=99e48f7d46d3a2f8fef704865fe2f4e4&oauth_secret=eda948ee46250f335146f6f4c5f7d622&oauth_verifier=1d977f0b96f3ae07fff515c590ec6709
And these are the readers:
OAuth oauth_version="1.0", oauth_signature_method="HMAC-SHA1",
oauth_callback="http%3A%2F%2Fhttpbin.org%2Fget",
oauth_token="99e48f7d46d3a2f8fef704865fe2f4e4",
oauth_secret="eda948ee46250f335146f6f4c5f7d622",
oauth_verifier="1d977f0b96f3ae07fff515c590ec6709",
oauth_nonce="OmOzMMy2Z60m5sV", oauth_timestamp="1495611445",
oauth_consumer_key="abc77ce5a53e67333af04807dea1356b",
oauth_signature="tE6xzRXZIc4BPQ3Dxc80ddoitLg%3D"
The nonce, timestamp and signature are automaticly refreshed each request.
I'm using Magento CE 1.9.2.2.
I have also tried Postman, but that tool gives me a nonce_used error with every request, even though it's automaticly refreshed... Permissions are correctly set up as explained here: http://inchoo.net/magento/configure-magento-rest-and-oauth-settings/
Everything goes fine using the Rest client extension untill the final request where I want to receive the access token.
I found the solution... The local browser had cached the oauth responses...
Related
In PostMan I'm trying to authenticate with RestAPIs provided in HPALM Guide (API Reference)
At first for authentication if I run this api "almserver/qcbin/authentication-point/alm-authenticate"
it gives
200 OK
but when I check the authenticated api "almserver/qcbin/rest/is-authenticated"
it gives
401 Authentication failed. Browser based integrations - to login
append '?login-form-required=y' to the url you tried to access.
and if I append this '?login-form-required=y' particular line in the end of the second api I will get html page as response
HP Application Lifecycle Management 12.53
background-color: #eee
whereas we expect this
Could some one please help me with this one?
#Sergi #Macintosh_89 I met the same issue with Manu, i post http://almserver***/qcbin/authentication-point/alm-authenticate, but only LWSSO_COOKIE_KEY return back without QCSession, do u knew why?
Your request to almserver/qcbin/authentication-point/alm-authenticate will return a LWSSO_COOKIE_KEY cookie.
You need to add this cookie to the request to almserver/qcbin/rest/is-authenticated.
I am trying to access zomato api.
URL: https://developers.zomato.com/api/v2.1/categories
Headers: 'X-Zomato-API-Key':'myapikeyhere-763demoapi434'
If I use chrome's postman extension or curl then I can access the url & getting 200 status code.
But if I run it through my angular2 app or simple ajax, it is giving error at preflight OPTIONS request, error code is 501. I have tried otherways too, error is same. Need help
Zomato API's can only be accessed from server to server calls, the error message you have reported is a security policy implemented by Chrome to prevent cross site request forgery on the client side.
A way you can get around this is to write a handler on your server end to make handler which the ajax call will use, this handler in-turn makes a request to the Zomato's server to retrieve the data required.
I am trying to integrate the OneNote API as part of a new application. Is it possible to use Google Chrome's POSTMAN REST Client to test the API? The OneNote API appears to be standard REST, so there should be no reason why not.
To login, I followed the documentation and did a GET request in POSTMAN to
https://login.live.com/oauth20_authorize.srf?client_id=myClientIdIsHere&scope=wl.signin&response_type=token&redirect_uri=dontKnowWhatToPutHere
Broken down, that is:
https://login.live.com/oauth20_authorize.srf
client_id=myClientIdIsHere
scope=wl.signin
response_type=token
redirect_uri=dontKnowWhatToPutHere
I tried the following based off advice from this blog: http://blogs.msdn.com/b/onenotedev/archive/2014/07/23/how-to-authenticate-with-microsoft-account-in-a-chrome-extension.aspx
https://login.live.com/oauth20_authorize.srf?client_id=myClientIdIsHere&scope=wl.signin&response_type=token&redirect_uri=https://login.live.com/oauth20_desktop.srf
When I do a GET request to this, I get HTML back, but it does not show up in the preview mode.
Am I on the right track?
The code that you are trying to execute is just the initial part of the oAuth login process.
As you have mentioned the below peice
redirect_uri=dontKnowWhatToPutHere
redirect_uri is the URL of your application. Once the authentication is success, the server will redirect the navigation to provided URL and you can proceed further from here. Just keep in mind that the URL given is as same as the one you have provided while creating the azure app. If they do not match, the server is going to simply throw an exception.
Please change the JSON to
https://login.live.com/oauth20_authorize.srf
client_id=myClientIdIsHere
scope=wl.signin
response_type=token
redirect_uri=http://localhost:8008/login
Replace http://localhost:8008/login with your application login route.
When I try to access rest API using iPhone I have passed following parameter in URL and used both methods POST and GET but it displays Access Denied.
oauth_version="1.0",
oauth_signature_method="HMAC-SHA1",
oauth_nonce="B0dlzkfMWCAn0TJ",
oauth_timestamp="1366280813",
oauth_consumer_key="klkjylsiozbv6vfdsqtuheqo3kmqqzv2",
oauth_token="t9pefrwylmg7webyepsqepotlhzbytkp",
oauth_signature="NeOwbCLUPbIyF9ErnHoFQOl9%2Bwo%3D"
I have worked with REST Client plugin available for Firefox and Chrome, REST API is work well using REST Client plugin but not accessible in iPhone.
I am generating a random value for oauth_timestamp, oauth_signature and oauth_nonce then also REST API is displaying Access Denied.
Please provide suggestions.
//here final_sign is signature generated from following procedure.
$nonce = substr(md5(uniqid('nonce_', true)),0,16);
$temprealm="http://magentohost/api/rest/products";
$realm=urlencode($temprealm);
$oauth_version="1.0";
$oauth_signature_method="HMAC-SHA1";
$oauth_consumer_key="dfddfgdgdfgddf6qgygmyvw7e3";
$oauth_access_token="fdgdfgfdgdfg357gimpdnuejvcbtk51ni";
$oauth_method="GET";
$oauth_timestamp=time();
$algo="sha1";
$key="sb88hfdihyg25ipt1by559yzbj2m3861&s7uhaheu8nrx961oxg6uc3os4zgyc2tm"; //consumer secret & token secret //Both are used in generate signature
$data="oauth_consumer_key=".$oauth_consumer_key."&oauth_nonce=".$nonce."&oauth_signature_method=".$oauth_signature_method."&oauth_timestamp=".$oauth_timestamp."&oauth_token=".$oauth_access_token."&oauth_version=".$oauth_version;
$send_data=$oauth_method."&".$realm."&".urlencode($data);
$sign=hash_hmac($algo,$send_data,$key,1); // consumer key and token secrat used here
$fin_sign=base64_encode($sign);
echo $fin_sign;
From your question I understand that you use a random value for the signature and the nonce.
The latter would be fine, but a random signature would lead the receiver not to trust you as a legitimate client.
So, actually, you get the response you requested (;-)). But that does not solve your problem.
You have to generate a valid signature for the magento system.
I am new to Sinatra and want to get it working with oauth2-provider gem. I followed instruction https://github.com/songkick/oauth2-provider#readme and looked at example. But after i've got access_token, i can't get information from Oauth endpoint using this. It generate 401 not Unauthorized error. From my application i do request
http://localhost:9292/me?access_token=, i've tried html request as well as json request, but without success.
Anybody faced with this problem ?
Looks like you did your request using HTTP vs HTTPS. Did you try setting Songkick::OAuth2::Provider.enforce_ssl = false for now?