Try to use the HTTP Messaging API for Watson IoT. https://docs.internetofthings.ibmcloud.com/apis/swagger/v0002/http-messaging.html
I have one application that should POST Mqtt msg from a device. Have generated API key in Watson iot and put it in the POST header e.g:
username: a-XYXYX-bvbcxgmz6d
password: XYXYX+6QY6OKw*J
Content-Type: application/json
I then send this POST to changed my real orgId in this post:
http://orgId.messaging.internetofthings.ibmcloud.com:1883/api/v0002/application/types/ecu/devices/ecu1/events/test
But I keep ending up in server response 403 Not allowed.
I use a HTTP REST Chrome application that I have successfully used before.
Have run out of ideas so pleas help!
Hi found out why it didn't work for me.
I have forgotten to generate a Base64 Key to add to the Authorization: Basic headers. I just put username and password as variables in the headers.
I think it was more clear how to do it in the cloudant doc:
https://console.ng.bluemix.net/docs/services/Cloudant/api/authentication.html#basic-authentication then in the Watson IoT platform doc.
But thanks for you help!
It looks good and the POST works for me. I assume you have double checked device type/device id - that they actually exist in the platform. Perhaps the event itself has something invalid in it messing it up. This is what I send:
POST /api/v0002/application/types/myType/devices/myDevice/events/test
HTTP/1.1 Host: myOrg.messaging.internetofthings.ibmcloud.com:1883
Authorization: Basic myAPIKeys
Content-Type: application/json
Body is:
{"temp":85}
Related
I am confused. I've added headers to a request before and, for some reason, this one does not work as I want it to.
I'm trying to perform a post request to Linkedin following their documentation to get an access_token from an OAuth2 flow. I have the preliminary code to pass to the token endpoint, that is not an issue.
This is the sample request from the docs:
POST /oauth/v2/accessToken HTTP/1.1
Host: www.linkedin.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code={authorization_code_from_step2_response}&redirect_uri=hhttps%3A%2F%2Fdev.example.com%2Fauth%2Flinkedin%2Fcallback&client_id={your_client_id}&client_secret={your_client_secret}
I assume the Host header is to avoid CORS issues, but it just isnt being set. When I perform this request, my console gives me this 404:
Given that I know the Header is not 'unsafe', how do I go about setting it in this specific case?
Any help would be greatly appreciated, thank you!
My bad. Remove the Host header from config object and set it directly in the URL. Works just fine. I now have CORS Allow-Origin issues, but that's not related.
I am trying to figure out how to use Google Cloud Storage for my app. The app should allow any user to POST (or PUT) objects into a Bucket and also let them read any files from said bucket. I am confused as to how I am supposed to form my POST requests in order to make this work.
I have just been playing around, sending requests to see if I can upload a file into a bucket. I have tried forming a request according to this example:
https://cloud.google.com/storage/docs/json_api/v1/how-tos/upload
POST /upload/storage/v1/b/<bucketname>/o?uploadType=media&name=<objectname> HTTP/1.1
Host: www.googleapis.com
Content-Type: image/jpeg
Content-Length: 100
Authorization: Bearer <your_auth_token>
I am confused as to what exactly the 'auth_token' is. I have tried going into the developers console and generating a 'Public API access' key and attempted to use this, but I got a response saying it was unauthorized.
Am I generating the right type of key? I understand OAuth keys are used when you need access to a Google user's data. I don't need this: I simply need to allow users of my app to add files to a bucket and read from that bucket. Any help to point me in the right direction is appreciated.
It is like an ID to identify you have permission to perform your actions, as you haven´t provide which language you are using, I will provide a golang example
https://github.com/johnbalvin/google-cloud-go/blob/master/storage/resumableUpload.go
I have used a proxy tool to capture a certain REST HttpRequest. The request is a HTTP PUT command followed by an extremely long REST link containing specific data that gets sent to the server.
In the proxy tool it looks something like this:
Header
PUT http://XXX.XXX.XXX.XXX:8080/rest/blah/blah/.../ HTTP/1.1
Host: XXX.XXX.XXX.XXX:8080
User-Agent: Mozilla/5.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-language: en-us, en:q=0.5
Proxy Connection:keep-alive
Content-Type:XMLHttpRequest
Referer: http://XXX.XXX.XXX.XXX:8080/plugins/blah/blah
Content-length: 11156
Cookie: JSESSIONID=<really long alpha numeric>
Body:
{"links":{"self":"/rest/plugins/1.0/blah/blah.....
...
... lots and lots of JSON text
}
}
So the proxy tool has been helpful in identifying what the request looks like.
But the only way to generate this request is by clicking a button on the webpage. I would like to send exact same request on my own (like creating a custom link that when clicked generates a similar request to the one shown above). How do I do this?
Also, anything I type in the web browser URL area automatically is a "GET". How do I force a PUT?
Cookie: JSESSIONID=
This clearly indicates that the API you want to use is not a REST API, because it violates the stateless constraint of REST.
How do I force a PUT?
Probably you don't have a way to do that. It depends on the security settings of the web API. If you want to do this with AJAX from the browser, and your domain is different from the APIs domain, then you need a CORS header from the API, which allows your domain to read cross origin responses. By PUT the browsers sends a preflight first, and if it cannot read the response, it will never send the real PUT. Security policy and other headers can block XSS in the browser, so you probably don't have a way to do this from browser.
You can do this from your server by copying the request details and catching the session id somehow.
If the API allows access to 3rd party clients, then I suggest you to contact with them. If not, then you 99% that you won't be able to do this.
I'm trying to call getAllSiteAccounts using the following URL:
https://rest.developer.yodlee.com/services/srest/restserver/v1.0/jsonsdk/SiteAccountManagement/getAllSiteAccounts
When I make the call, I get back:
oauth_error_problem=invalid_url_access&oauth_error_code=418
A 418 error code is:
STATUS_HTTP_DNS_ERROR_EXCEPTION
Problem Updating Account(418): We could not update your account because the site is experiencing technical difficulties. Please try later.
Am I using the correct URL? I know they really don't want us to use this call in evaluation mode as it could time out, but I would think I'd get back a different error if that was the case.
Thanks,
Chris
This URL is working. I tried this REST API using an external REST client and successfully got the response.
Below is the request which is being sent.
POST /services/srest/restserver/v1.0/jsonsdk/SiteAccountManagement/getAllSiteAccounts HTTP/1.1
Host: rest.developer.yodlee.com
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
cobSessionToken=xxxxxxxxxxxxx&userSessionToken=xxxxxxxxxxxxxxxxxx
Can you test this again.
I have integrated twitter in my app. but I am not able to log out the session of the user.
For logging I am using http://%##twitter.com/statuses/update.xml
and passing the username and pswd in the url. Inside body i pass the string that needs to be updated and its working fine.
Now For log out they have an request called
http://twitter.com/account/end_session
and it is been said we need to use post request. But I am not able to get what we have to pass in body and header so that twitter should know which user has requested for log out.
Below is the link of documnetation but I didnt suceed in this.
http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-account%C2%A0end_session
Waiting for reply
Thanks in advance
When you are posting to statuses/update.xml using the method you described, you are not logging in, you are simply updating the user’s status and passing the user name and password with the request. As you are not logging in, there is no session and no need to log out. This is good, because it’s easy, and it’s bad, because it’s insecure – you’re passing the password openly. Read the documentation about authentication. The authentication method you’re using right now is called “Basic Auth” there.
You can look at how you post looks in the HTTP request:
$ nc -l 1234
$ curl -d "Status update" http://user:passwd#localhost:1234
The output from netcat looks like this:
POST / HTTP/1.1
Authorization: Basic dXNlcjpwYXNzd2Q=
Host: localhost:1234
Accept: */*
Content-Length: 13
Content-Type: application/x-www-form-urlencoded
Status update
The Authorization line is the “Basic Auth” as described by the Twitter API docs and Wikipedia.