I am trying to authenticate on the GitHub API via Basic Authentication using MSXML2.XMLHTTP. I understand that I need to pass my credentials using the Authorization HTTP header.
So this is my code, but it always returns unauthenticated. (As per the GitHub API documentation, with a 404 / Not Found). What am I doing wrong? (Obviously the code does not use my real credentials, just "user" and "password" as an example).
Dim o
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "https://api.github.com/user/", False, "user", "password"
o.setRequestHeader "Authorization", "Basic dXNlcjpwYXNzd29yZA=="
o.send
Wscript.Echo o.responseText
My previous answer was based on a misunderstanding, so I removed it.
Trailing slashes in Github API endpoints really matter, /user and /user/ are not equal. You're getting a real 404 Not Found, not one of Github's authorization related workaround 404 responses.
This will work:
Dim o
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "https://api.github.com/user", False
o.setRequestHeader "Authorization", "Basic dXNlcjpwYXNzd29yZA=="
o.send
Wscript.Echo o.responseText
Related
I'm trying to build a gRPC client for Google's Firestore API in Elixir.
Before starting to write some code , I thought that it would be wise to first start with BloomRPC in order to debug the issue.
As base url, I'm using https://firestore.googleapis.com where I pinned the rot certificate.
As auth I'm using an access_token obtained using oauth with the following 2 scopes: "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/datastore"
being passed as a Authorization header:
{
"Authorization": "Bearer 29ya.a0AfH6SMBDYZPsVgQv0PMqyGRXypc3DfWF_2jbvAJKMquTaryCvxEB7X1Rbprfk1Ebrwid2bXbcR3Aw-d1Tytlo_lThkyqRDRIbnSz5-nQ3xWklkmjyFMAuQtFCoz01hk3vbgBwd2gdbFNNWiOU_8NqPC_vElyz2-cQ34"
}
And I get back:
{
"error": "3 INVALID_ARGUMENT: Missing required project ID."
}
So clearly I should be passing the project ID somehow but I can't find it anywhere in the docs. Anybody any clues?
I just figured out what I was doing wrong.
Basically the Bearer token I was using is correct (obtained via the OAuth Playground).
The trick was to specify the PROJECT_ID in the parent parameter of the request:
{
"parent": "projects/[project-id]/databases/(default)/documents",
"page_size": 10
}
I should have just read the docs properly :)
New to TCL and having an issue with using the ::rest::simple url query ?config? ?body? command - specifically getting basic authentication to work. The example given here (https://core.tcl-lang.org/tcllib/doc/tcllib-1-18/embedded/www/tcllib/files/modules/rest/rest.html#section4) is as follows:
set url http://twitter.com/statuses/update.json
set query [list status $text]
set res [rest::simple $url $query {
method post
auth {basic user password}
format json
}]
So my attempt is:
package require rest
package require json
set url http://0.0.0.0:5000/api/id
set response [rest::simple $url {
method get
auth {basic user password}
format json
}]
puts $response
However, I keep getting a 401 error when I try and run the above against a mock API endpoint for GET:
"GET /api/id?auth=basic%20user%20password&method=get&format=json HTTP/1.1" 401 -
I can make a curl request against that same endpoint using basic auth (with Python as well), and if I disable basic auth on the endpoint this works just fine in TCL:
set url http://0.0.0.0:5000/api/id
set response [rest::simple $url {
method get
format json
}]
puts $response
So it's something to do with the basic auth credentials in the TCL rest module.
Thanks to Shawn's comment pointing out I was misreading the meaning of ? in TCL docs. Parameters surrounded by question marks are optional, rather than parameters followed by question marks. I was interpreting ::rest::simple url query ?config? ?body? as meaning the query param was optional. If there is no query, you can use an empty query as the required parameter. This ended up working:
set response [rest::simple $url {} {
method get
auth {basic user password}
format json
}]
I know vb6 is old, but I can quickly do what I need to do with the xml data in vb6 rather than learn a new lang. I just cannot get it to extract successfully from the required REST API sites.
In VB6, I've added the reference Microsoft XML 3 - 6 to try and see if it makes a difference, but it doesn't.
My code is really simple:
Dim sUrl As String
Dim xmlhttp As MSXML2.ServerXMLHTTP60
Set xmlhttp = New MSXML2.ServerXMLHTTP60
sUrl = "<url>"
xmlhttp.Open "GET", sUrl, False
xmlhttp.setRequestHeader "Content-Type", "application/xml"
xmlhttp.send ""
If xmlhttp.Status = 200 Then
Debug.Print xmlhttp.responseText
End If
Set xmlhttp = Nothing
I've tried changing the object ref to 'MSXML2.xmlhttp', 'XMLHTTP60', and 'MSXML2.ServerXMLHTTP', but still no difference.
Every time they either say System Error -2146697208 or access denied.
If I put the URL into a web browser and do view source then I see the xml text that I'm after.
I've even tried to run this all through a Classic ASP web page (I'm more familiar with this tech) and I still can't get this data down.
Does anybody know what the definitive code is to simply connect to a REST API site and bring it down as an xml text object??
Thanks
UPDATE 23-01-19
Hi All
Following on from Peter's comment, I've been trying to do this on my trusted Win XP SP3 machine and it wouldn't have it. I've just tried the below on a local ASP classic site on a Win 10 Pro machine and it works:
URL = "<the url>"
Set oXMLHTTP = Server.CreateObject("MSXML2.XMLHTTP.6.0")
oXMLHTTP.open "GET", URL, false
oXMLHTTP.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
oXMLHTTP.send
IF oXMLHTTP.Status = 200 THEN
Response.Write oXMLHTTP.ResponseText & "<BR>"
ELSE
Response.Write "Error"
END IF
If I run this exact routine on the classic ASP IIS on my Win XP machine it says invalid class string on the 'Set oXMLHTTP = Server.CreateObject("MSXML2.XMLHTTP.6.0")' line. If I change it from '6' to '5' it can see the object but then it doesn't work again.
I'm taking it that this all means that below v6 does not work with these https sites (TLS issue??) so I need to be using v6, but is this available for Win XP??
Thanks
I'm trying to create OpenTok session by Rest services with JWT object as suggested. I tried to generate session with Fiddler.
Here is my fiddler request (JWT string has been changed with *** partially for security reasons)
POST https: //api.opentok.com/session/create HTTP/1.1
Host: api.opentok.com
X-OPENTOK-AUTH: json_web_token
Accept: application/json
Content-Length: 172
eyJ0eXAiOiJKV1QiL******iOiJIUzI1NiJ9.eyJpc3MiOjQ1NzM******OiJkZW5l******XQiOjE0ODI3OTIzO***SOMESIGNEDKEYHERE***.izvhwYcgwkGCyNjV*****2HRqiyBIYi9M
I got 403 {"code":-1,"message":"Invalid token format"} error probably means my JWT object is not correct. I tried creating it using http://jwt.io (as opentok suggests) and other sites and all seems correct and very similar to the one on tokbox (opentok) site.
I need an explanation to fix it and create a session.
May it be because I am using opentok trial?
JWT creation Parameters
I had the same problem. I resolved the error by setting the correct key-value pairs for the payload part.
Example of my payload is as follows in C#:
var payload = new Dictionary<string, object>()
{
{ "iss", "45728332" },
{ "ist", "project" },
{ "iat", ToUnixTime(issued) },
{ "exp", ToUnixTime(expire) }
};
The value of the "ist" should be set to "project", not the actual name of your project.
Update: Looking at your screenshot, I can say you have not set the secret key (here, it's your ApiKeySecret from TokBox account > project) at the very bottom right.
OK I have found the answer at last,
Your Opentok API Secret key should not be used directly as Sign parameter. In java as shown below, it should be encoded first.
Base64.encodeToString("db4******b51a4032a83*******5d19a*****e01".getBytes(),0)
I haven't tried it on http://jwt.io and fiddler but it seems it will work on it too. Thanks. Full code is below;
payload = Jwts.builder()
.setIssuedAt(currentTime)
.setIssuer("YOUR_OPENTOK_KEY")
.setExpiration(fiveMinutesAdded)
.claim("ist", "project")
.setHeaderParam("typ","JWT")
.signWith(SignatureAlgorithm.HS256, Base64.encodeToString("YOUR_OPENTOK_SECRET".getBytes(),0))
.compact();
return payload;
I'm having trouble making an API call. Have got Token, Secret etc, no problem. Difficulties occur when trying to retrieve Contact information. I've tried to access the Sage Developers Forum but just get taken round in circles by the Sage sight.
Here is my own trace.
ACCESS : 2a075f2f204a380505a4f27378056bfa326b582f
REFRESH : 2de459f637c1c89bc7add9a424b04f4a2c29a6ec
POST : POST&https%3A%2F%2Fapi.sageone.com%2Faccounts%2Fv1%2Fcontacts&contact_type=1&1435822573
SIGNING : 4c53564b7b9f1542838e65384b2c506b37bb5c28&2a075f2f204a380505a4f27378056bfa326b582f
HASH : NzY2ODE1ZjJmOTVlMmY5MWVjODI2MjdhMTAyMGMyNWM0N2MyNjA1Ng==
CURL ARGS:
URL : https://api.sageone.com/test/accounts/v1/contacts?contact_type=1
AUTHORIZATION : Bearer 2a075f2f204a380505a4f27378056bfa326b582f
X-SIGNATURE : NzY2ODE1ZjJmOTVlMmY5MWVjODI2MjdhMTAyMGMyNWM0N2MyNjA1Ng==
X-NONCE : 1435822573
ACCEPT : */*
CONTENT-TYPE : application/x-www-form-urlencoded
USER-AGENT : Great Water
STRING : Authorization=Bearer 2a075f2f204a380505a4f27378056bfa326b582f&X-Signature=NzY2ODE1ZjJmOTVlMmY5MWVjODI2MjdhMTAyMGMyNWM0N2MyNjA1Ng==&X-Nonce=1435822573&Accept=*/*&Content-Type=application/x-www-form-urlencoded&User-Agent=Great Water&
RESULTS
{"error":"Authorization header is missing.","error_description":"Please provide an 'Authorization' header with the following format: Bearer xxxxx."}
As you can see, despite the Authorization argument being present, Sage is rejecting it.
Any ideas?
Not sure what language you are using, but there are a couple of PHP classes on github that you can use as a reference.
If you want to use clientId / accessToken like in this documentation: https://developers.sageone.com/docs/en/v1
Use the class by EddieHarrison # https://github.com/eddieharrison/sageone-api-php
If you have requested an Api Key from: https://accounting.sageone.co.za/Marketing/DeveloperProgram.aspx
Use the class i put up today # https://github.com/Sharnw/sage-one-accounting-api