I am using postman client to make REST calls to JIRA API. It says "POST your credentials to http://jira.example.com:8090/jira/rest/auth/1/session" to get SESSION. I tried posting with Form-data, application/x-www-form-urlencoded, raw etc. Nothing worked. which is the right way to do that.
Here is the tutorial i am following: https://developer.atlassian.com/jiradev/jira-apis/jira-rest-apis/jira-rest-api-tutorials/jira-rest-api-example-cookie-based-authentication
Since you're using postman, I'm assuming you're in a dev environment. In this case, it might be simpler to get going with the auth header, which is a base-64 encoded username/password. From the documentation here:
Supplying Basic Auth headers
If you need to you may construct and send basic auth headers yourself. To do this you need to perform the following steps:
Build a string of the form username:password
Base64 encode the string
Supply an "Authorization" header with content "Basic " followed by the encoded string. For example, the string "fred:fred" encodes to "ZnJlZDpmcmVk" in base64, so you would make the request as follows.
curl -D- -X GET -H "Authorization: Basic ZnJlZDpmcmVk" -H "Content-Type: application/json" "http://kelpie9:8081/rest/api/2/issue/QA-31"
In the Headers section of Postman, add Authorization with Basic <base64-encoded-username:password>
Don't forget to also add the header Content-Type as application/json
(You can use base64encode.org to quickly encode your username/password).
Don't forget to put the string in as username-colon-password (username:password)
If you are on the same UI as I for postman, click Authorization, select an auth type (I used basic auth succesfully), and then enter your credentials. Next click over to the body tab, select raw, and on the drop down menu on the right choose JSON(applications/json), and supply the body as normal.
That is the first hurdle. The next hurdle which may be hit (and the one I am stuck on) is that once your basic-auth gets accepted, JIRA will deny access as part of Cross Site Request Forgery checks (XSRF) with a code 403. I have a ticket open right now seeing if there is a possible workaround to post and put from postman, because using postman and newman would be much much simpler than building an entire plugin which I have to jump through a bunch of hoops to access.
With Postman can simply add withCredentials:true to your request header section.
Related
I'm new to APIs and I'm trying to understand how to get a response from a prompt using OpenAI's GPT-3 API (using api.openai.com/v1/completions). I'm using Postman to do so.
The documentation says that there is only one required parameter, which is the "model." However, I get an error saying that "you must provide a model parameter," even though I already provided it.
What am I doing wrong?
You can get this to work the following way in Postman with the POST setting:
Leave all items in the Params tab empty
In the Authorization tab, paste your OpenAI API token as the Type Bearer Token (as you likely already did)
In the Headers tab, add key "Content-Type" with value "application/json"
In the Body tab, switch to Raw, and add e.g.
{
"model":"text-davinci-002",
"prompt":"Albert Einstein was"
}
Hit Send. You'll get back the completions for your prompt.
Note alternatively, you can add the model into the Post URL, like https://api.openai.com/v1/engines/text-davinci-002/completions
While above works, it might not be using the Postman UI to its full potential -- after all, we're raw-editing JSON instead of utilizing nice key-value input boxes. If you find out how to do the latter, let us know.
What solved it for me was adding the content-type header:
"content-type:application/json"
I'm currently learning to use REST API (from WooCommerce in this case) and got some basic questions:
How to see complete request string in Postman software?
I'm testing a simple GET request which works great with for example:
<host>/wp-json/wc/v3/products
to receive the product list. In this case I use the authorization tab to enter my user/pass as Basic Auth.
I also tested curl.exe using another simple Windows command prompt. This also returned product list:
curl.exe <host>/wp-json/wc/v3/products -u mykey:mysecret
What is the difference between them? The last example is a simple GET, i assume, although it's not stated. How about POST or DELETE etc? This is what i don't understand: A https request can only have an address and eventual parameters. Where and how does "GET" come into the picture?!
If possible, I would like the see the complete URL request (as one string) from the working Postman example?
My last question is about testing the same method on another server/service which is not WooCommerce. Afaik this service is created with something called swagger:
curl "<host>/orderapi/item" -H "accept: application/json" -H "X-Customer: <customer>" -H "X-ApiKey: <mykey>" -H "X-ApiSecret: <mysecret>" -H "Content-Type: application/json"
This also returns a list of, in this case orders instead of products. All good.
But for this example I haven't figured out how to achieve the same request in Postman. What auth method should I use?
And again, I don't understand the GET/POST/DELETE thing. And I also would like to see the complete request as one-string.
1) How to see complete request string in Postman software? I would like the see the complete URL request (as one string) from the working Postman example
On version 9.x.x:
The code window(image) shows the choosen method (yellow mark) and the code window(red arrow), where you get the actual
curl code(image)
2) What is the difference between them? The last example is a simple GET, i assume, although it's not stated. How about POST or DELETE etc? Where and how does "GET" come into the picture?
From the curl documentation:
-X, --request
(HTTP) Specifies a custom request method to use when communicating
with the HTTP server. The specified request method will be used
instead of the method otherwise used (which defaults to GET). Read the
HTTP 1.1 specification for details and explanations. Common additional
HTTP requests include PUT and DELETE, but related technologies like
WebDAV offers PROPFIND, COPY, MOVE and more.
GET is the default method for curl, which means:
curl.exe <host>/wp-json/wc/v3/products -u mykey:mysecret
is the same as:
curl.exe <host>/wp-json/wc/v3/products -u mykey:mysecret -X "GET"
so, for a POST/DELETE/... you should change your '-X' parameter for example:
curl.exe <host>/wp-json/wc/v3/products -u mykey:mysecret -X "POST" [...otherOptions]
(Assuming that you can receive a POST on the url above)
3) [On another server/service] I haven't figured out how to achieve the same request in Postman. What auth method should I use?
The -H specify the header parameter you are passing. You have those in your example:
accept: application/json
X-Customer:
X-ApiKey:
X-ApiSecret:
Content-Type: application/json
You need to add those in your postman on the headers(image) tab. In this case you don't need to specify a auth method, once you're sending the ApiKey on the header. In addition to that, you can specify the authorization Type to be "Api Key" and put X-ApiKey as key and your apikey value on the value field(image). It'll generate the same request as shown in the headers image.
curl, at least the GNU one on Linux, uses GET method by default. If you want to change a HTTP method in your request, there's -X option, for example:
$ curl -X DELETE https://example.com
Postman has something called Postman Console which you can open by pressing Alt + Ctrl + C:
and where you can see more details about requests and responses.
Postman also lets you import curl commands, so you don't need to manually prepare the request, you can only paste the curl command in Postman.
There are many resources online on the specifics, e.g. how to import a curl command.
I have started using Postman to map out my API and also wanted have a quick, easy way to document it and share it.
My API is using JWT for auth and this token needs to be present in each request except login.
In order to keep it DRY I have used Postman collection Authorization
as explained on their blog http://blog.getpostman.com/2017/12/13/keep-it-dry-with-collection-and-folder-elements/
Example of how I set up collection authorization type bearer
This header is being used by my API as type "Inherit auth from parent" and this works with no problems during my requests.
But if I choose to view collection in browser this header is not displayed in the request or examples see screenshot.
Collection documentation as viewed in web
Here is the cURL request in Postman:
curl -X GET \
https://example.api/v1/auth/user \
-H 'Content-Type: application/json'
Is it possible to display the auth header while using the collection settings or I should add the header myself for each request in order to make sure that this is added in the examples and documentation?
Edit:
I've found that if I hover over the Authorization header I get the following message:
This temporary header is generated by Postman and is not saved with your request.
Here is a screenshot from the app with Postman collection temporary headers.
This issue will fix in 2 or 3 mounths.
You can track the issue status in https://github.com/postmanlabs/postman-app-support/projects/40#card-33062423
If you are setting up that JWT Token as request headers then it should get displayed in the documentation. Below are the Steps how i am generating and setting up jwt token:
Login api to generate jwt token.
saving that token as environment
variable Using that variable in each request which requires
Authorization header.
please see the screenshot
I'm trying to create a bot which interacts with Facebook Messenger. I've set up my webhook and can receive messages coming from Facebook. However, when I try to send a message, I get the following error back from Facebook:
{"error":{"message":"(#100) The parameter recipient is required","type":"OAuthException","code":100,"fbtrace_id":"F3iVNecj10i"}}
However, I've definitely got the recipient ID in my request. I've sent the request with my bot, cURL and the Chrome Poster extension and get the same result each time. The JSON I send is:
{"recipient":{"id":"XXXXXXXXXXXXXX"},"message":{"text":"hello, world!"}}
When using cURL, I took the example directly from the Facebook documentation and send this:
curl -k -X POST -H "Content-Type: application/json" -d '{"recipient":{"id":"XXXXXXXXXXXXXXXX"},"message":{"text":"hello, world!"}}' "https://graph.facebook.com/v2.6/me/messages?access_token=ACCESS_TOKEN"
The only difference between this and the example on Facebook is the -k which stops cURL from checking the SSL certificate. I'm tunneling through to my app using ngrok for the incoming messages but sending my requests direct to the Facebook Graph API. The fact that it's happening in my app, cURL and Chrome Poster makes me think that it's something to do with the request (but I can't see what) or my Facebook app setup. Any help is greatly appreciated.
Turns out there were a few issues. The cURL request didn't include the quotes in the JSON so the quotes had to be escaped with \ characters. The Chrome Poster request didn't work because "content-type: application/json" wasn't set in the header. And my webapp didn't work because the JSON had a ";" at the end of it.
So, the Facebook message was an indication of poorly formatted JSON, just not a very direct one!
Check that the JSON payload is well formed.
I used the Postman.app to help me out with this — it's also available on Windows.
Steps
Copy the URL into the "Enter request URL field". This would include the access_token
Change the HTTP verb to GET
Under the "Headers" header, set Content-Type to application/json
Under the "Body" header, select "raw" and paste your JSON payload there. Make sure that this JSON payload is well formed by watching the error indicator displayed beside the line numbers.
Once I got this fixed, I was able to move on to the next step.
I got similar error some time back. Try using Postman. I tried the same request and replaced the user id and the page access token. It works fine.
Click on the Import button on the top and paste your curl request under raw. Then try running the call. If you get the same error, go to the body and modify it. Make sure you put this in the body part of the Postman request. Replace the recipient id with yours.
{
"recipient":
{
"id":"123456789"
},
"message":
{
"text":"hello, world!"
}
}
This is the full cURL call : Change Recipient ID and Page Access Token
curl -X POST -H "Content-Type: application/json" -d '{ "recipient":{"id":"1234567" }, "message":{ "text":"hello from bot" }}' "https://graph.facebook.com/v2.6/me/messages?access_token=PASTETHETOKENHERE"
I am trying to do basic authentication to call a rest service.
On service doc the procedure mentioned for CURL is like this
curl -X POST https://secure.clientservice.com/api/transactions.json -u [TOKEN]:[KEY] -H 'Content-type: application/json' \
-d "{\"transaction_type\":\"request\",\"amount_in_cents\":\"3000\",\"email\":\"user#example.com\"}"
I got stuck how to send the [TOKEN]:[KEY] for authentication from chrome rest client.I am having both user token and key and doc is saying i have to do Http Basic access authentication
On rest explorer i am trying like below
But this is giving un authorized access as seems to be the Authorization header is wrong where i am encoding [axkKtfBAaPABCh59SA]:[S7RwBG2eZ3y8mDs8VS] this value to base 64. Am i doing in right way or am i missing something.
Add the Authorization header: Header Forms --> ADD HEADER --> Begin typing in Authorization.
and add the basic auth info by clicking on the Edit (pencil) button on the right. A form to fill credentials will pop up:
Advanced REST Client will take care of encoding
I think should encode without the "[" “]“, it could be your problem. Also verify that your token is still valid (it could be expired)
if this doesn't solve your problem can you provide me the error message you get (in your picture the result seems to be ok).
This is an Old question, and has been answered as to how this should be done in Advanced REST Client. But i would still like to point out that you need to enter the basic Authentication Header like this:
Header Name: Authorization
Header Value: Basic
so if your username was user1 and password was abc then you would need to find the base64 encoded value of "user1:abc" which is "dXNlcjE6YWJj" (you can do this in one of many online tools available, just serach for "base 64 encode online").
In this case your header will become like:
Authorization -> Basic dXNlcjE6YWJj