curl request to Microsoft Sharepoint API? - rest

Is there a simple way to use a cURL request to the REST API to access a file on my Sharepoint account? For example
curl -i -H "Authorization: Bearer <some-key-here>" https://mysharepoint.com/_api/web/Lists
I have read all the documentation about authentication and authorization for apps, but in this case I don't have an "application" that I can register. I simply need an API key of some kind to use in REST requests. How can I use the REST API in this way?
I appreciate any insight into this problem.

Create a bash script:
$ nano get_access_token.sh
Paste the next content to it, changing YourTenant, client_id, client_secret to your own values (you could get in Sharepoint's part below).
wwwauthenticate=$(curl -i -H "Authorization: Bearer" -s "https://YourTenant.sharepoint.com/_vti_bin/client.svc/" | grep -i "www-authenticate")
bearer_realm=$(echo $wwwauthenticate | awk -F"," '{print $1}' | awk -F"=" '{print $2}' | tr -d '"')
app_id=$(echo $wwwauthenticate | awk -F"," '{print $2}' | awk -F"=" '{print $2}' | tr -d '"')
grant_type="grant_type=client_credentials"
cl_id="client_id=c2xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx#$bearer_realm"
cl_secret="client_secret=3zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"
res="resource=$app_id/YourTenant.sharepoint.com#$bearer_realm"
url="https://accounts.accesscontrol.windows.net/$bearer_realm/tokens/OAuth/2"
content_type="Conent-Type: application/x-www-form-urlencoded"
access_token=$(curl -X POST -H $content_type --data-urlencode $grant_type --data-urlencode $cl_id --data-urlencode $cl_secret --data-urlencode $res -s $url | awk -F":" '{print $NF}' | tr -d '"}')
echo $access_token
Apply proper permissions: chmod 700 get_access_token.sh
You could use curl with that token the next way:
curl -i -H "Authorization: Bearer $(./get_access_token.sh)" -H "Accept: application/json;odata=verbose" -s "https://YourTenant.sharepoint.com/_api/web"
You could replace ./ by the full path to the script.
Sharepoint's part:
Register a new app by
following https://YourTenant.sharepoint.com/_layouts/15/appregnew.aspx link
generating Client Id and ** Client Secret** values
filling Title, App Domain and Redirect URI fields (I've input localhost.com as on the picture - it works)
clicking Create button
Save somewhere into file the next parameters:
The app identifier has been successfully created.
Client Id: 898c898f-89238-43d0-4b2d-7a64c26f386a
Client Secret: 4/T+21I1DSoAJdOX9DL1Ne4KssEaP7rqb11gdtskhXn=
Title: SomeTitle
App Domain: localhost.com
Redirect URI: https://localhost.com/default.aspx
Apply permissions to this app by
following https://YourTennant.sharepoint.com/sites/SharePointRND/_layouts/15/appinv.aspx
inserting Client Id: 898c898f-89238-43d0-4b2d-7a64c26f386a into App Id field
clicking Lookup button
pasting into Permission Request XML the next code (in my case I needed only Read access, so I changed Rights value from FullControl to Read):
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />
</AppPermissionRequests>
Create bottom button clicking
Trust it button clicking
Here's Postman related but similar answer

If this is still relevant, this did it for me:
curl https://mysharepoint.com/_api/web/Lists -v --ntlm --negotiate -u user:password
You basically authenticate using ntlm (Note that some sharepoints might require Kerberos) and then can easily access the REST API like you can via browser.
Edit does not work with Office 365 apparently.

Related

Using new github tokens to list and create comments on pull requests

After I switched to the new Github Token format, I am not able anymore to perform a call for this github API:
https://docs.github.com/en/rest/issues/comments#list-issue-comments
My script does the following:
[[ -z "$GITHUB_REPO_SLUG" ]] && export GITHUB_REPO_SLUG="$TRAVIS_REPO_SLUG"
GITHUB_API_BASE_URL="https://api.github.com/repos/${GITHUB_REPO_SLUG}"
GITHUB_AUTH_HEADER="Authorization: token $GITHUB_TOKEN"
comment_ids=$(curl -s -H "$GITHUB_AUTH_HEADER" "$GITHUB_API_BASE_URL/issues/$pull_request_id/comments" \
| jq --arg USER "$GITHUB_USER" -r '. | map(select(.user.login==$USER)) | map(.id) | .[]')
for comment_id in $(echo $comment_ids); do
jq -n -r --arg message "$message" '{ body: $message }' \
| curl -s -H "$GITHUB_AUTH_HEADER" "$GITHUB_API_BASE_URL/issues/comments/$comment_id" -X PATCH --data #- > /dev/null
echo "Edited comment with id $comment_id of PR $pull_request_id"
done
The api call that list comments ids responds:
{
"message": "Not Found",
"documentation_url": "https://docs.github.com/rest/reference/issues#list-issue-comments"
}
This still works using tokens in the old format, but doesn't with tokens in the new format.
Is there any way to use the GHP to call that api?
The github user associated with the github token must be provided writing access to the repository.
Since this was missing API responded 404 (default behaviour set for Github APIs).

Check scopes of GitHub token

I want to passively check the permissions (scopes) of a GitHub security token passively (without pushing something into a repository). I tried the following command. I replaced your_username: your access token and the URL of my repo. But it shows an error.
curl: (3) URL using bad/illegal format or missing URL
curl -u your_username:your_access_token \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/octocat/hello-world/collaborators/USERNAME/permission
If the goal is to determine which scopes a token has access to, check the response header with prefix x-oauth-scopes (using curl with -I):
$ GITHUB_TOKEN=ghp_DefineYourOwnToken
$ curl -sS -f -I -H "Authorization: token ${GITHUB_TOKEN}" https://api.github.com | grep ^x-oauth-scopes: | cut -d' ' -f2- | tr -d "[:space:]" | tr ',' '\n'
Note that tr -d "[:space:]" above is essential for removing some unusual whitespace, failing which a matching command such as grep -x doesn't subsequently work correctly.
Sample output 1:
gist
repo
workflow
Sample output 2:
delete:packages
public_repo
read:packages
repo:invite
repo:status
Credit: answer by VK

Trouble downloading ADYEN report

I'm using this script:
wget -O C:\FlairnetLab\output\x.csv --http-user='[My User]' --http-password='[Password]' --no-check-certificate https://ca-test.adyen.com/reports/download/MerchantAccount/FlairnetECOM/payments_accounting_report_2021_06_10.csv
But i get no file found response. But if i type the url in the browser using the same credential i can download the file.
Can some help me?
The problem is likely to be the encoding of the credentials (both Adyen-generated username and password include several special characters).
An option is to generate the base64-encoded string username: password with a command line (or with an online generator)
# example on Mac
$ echo -n '<username>:<password>' | openssl base64
cmVwb3J0.......5LX4=
then pass it in the Authorization header
# example with wget
wget --header "Authorization: Basic cmVwb3J0.......5LX4=" https://ca-test.adyen.com/reports/download/MerchantAccount/MyMerchantAccount/payments_accounting_report_2021_01_01.csv
# example with curl
curl -H "Authorization: Basic cmVwb3J0.......5LX4=" -X GET https://ca-test.adyen.com/reports/download/MerchantAccount/MyMerchantAccount/payments_accounting_report_2021_01_01.csv

Atlassian Confluence : Updating parent container of an attachment

I'd like to move an attachment to a different space (i.e, update the parent container of an attachment in a Confluence page) using Cloud REST API and "curl" command. I looked up REST API endpoint URL and found this:
PUT /rest/api/content/{id}/child/attachment/{attachmentId}
Could somebody provide an example for a correctly constructed JSON input to achieve this? I tried the one below to move an attachment called "test.jpeg" with ID "att000" and current version 5 to parent with ID 1234, but it fails:
curl -v -u 'admin:password' -X PUT -H 'Content-Type:application/json' -d '{"id":"att000","type":"attachment","title":"test.jpeg","version":{"number":5,"minorEdit":false},"ancestors":[{"id":1234}]' -H ‘X-Atlassian-Token:access-token' https://test.atlassian.net/wiki/rest/api/content/170234/child/attachment | python -m json.tool
Given below is the error message
< HTTP/1.1 415 Unsupported Media Type
.
.
.
No JSON object could be decoded
Thank you for your time!
I believe in your curl example you are uploading it under space which is not possible. Attachments in Confluence needs to be under content. Take a look at following example:
curl -v -S -u admin:admin -X POST -H "X-Atlassian-Token: no-check" -F "file=#myfile.txt" -F "comment=this is my file" "http://localhost:8080/confluence/rest/api/content/3604482/child/attachment" | python -mjson.tool
You have to set the container property in the request object.
Specify "container":{"id":"123456","type":"attachment"}
curl -v -u 'admin:password' -X PUT -H 'Content-Type:application/json' -d '{"id":"att000","type":"attachment","title":"test.jpeg","version":{"number":5,"minorEdit":false},"container":{"id":"123456","type":"attachment"}, "ancestors":[{"id":1234}]' -H ‘X-Atlassian-Token:access-token' https://test.atlassian.net/wiki/rest/api/content/170234/child/attachment | python -m json.tool
id => id of the page where attachment is being moved.

ServiceM8 api email - how to relate to job diary

I can send an email from a ServiceM8 account through the ServiceM8 API 'message services' (http://developer.servicem8.com/docs/platform-services/message-services/), and read the resulting ServiceM8 message-id.
But I would like to relate that message to a specific job within ServiceM8, so that it will appear as an email item in that job's diary in the ServiceM8 web application. (Emails sent from within the ServiceM8 web application are related to the diary and appear there - my question is about how to do this from the API).
Worst case, I could create a new 'Note' containing the email text and add that to the job in the hope that it would show up in the diary in the web application as a note.
But I want to check there isn't an easier way since sending the email results in there already being a relatable message-id available within ServiceM8.
Thanks
Using the messaging services API, can't be done. Using the web API, you can do just that.
There's an authorisation code required, which is specific to your account and to this function, you only need to retrieve it once, and then you can integrate that specific URL into your code. It's contained within the ClientSidePlatform_PerSessionSetup URL.
Here is a script that will grab the E-mail URL specific to your login:
Syntax: ./getsm8emailurl.sh "email#address.com" "password"
#!/usr/bin/env bash
#getsm8emailurl.sh
#Create Basic auth
user="$1"
pass="$2"
pass="$(echo -n "${pass}" | md5sum | cut -f1 -d' ')"
auth="$(echo -n "${user}:${pass}" | base64)"
#Get Account specific e-mail url
email_url="https://go.servicem8.com/$(curl --compressed -s -L "https://go.servicem8.com/$(curl --compressed -s -L "https://go.servicem8.com/" -H "Authorization: Basic $auth" | grep -o 'ClientSidePlatform_PerSessionSetup.[^"]*' | grep -v "s_boolFailover")" -H "Authorization: Basic $auth" | grep -o "PluginEmailClient_SendEmail.[^']*")"
#Output base e-mail URL
echo "$email_url"
Once you have the email url, (will start with https://go.servicem8.com/PluginEmailClient_SendEmail and will end with the s_auth code), you can use it like any other rest endpoint.
Required Header Values:
Authorization (same as regular API)
Required Post Params:
s_form_values="guid-to-cc-subject-msg-job_id-attachedFiles-attachedContacts-strRegardingObjectUUID-strRegardingObject-boolAllowDirectReply"
(these have to stay just as they are)
s_auth="your_account_s_auth_code"
to="recipient#domain.com"
Optional Post Params:
subject="subject"
msg="html message body"
boolAllowDirectReply="true|false" (Can recipient reply directly to job diary)
strRegardingObject="job|company"
strRegardingObjectUUID="job|company uuid"
DEMO
#!/usr/bin/env bash
#sendemail.sh
#demo here using random auth codes and uuids
curl --compressed -s "https://go.servicem8.com/PluginEmailClient_SendEmail" \
-H "Authorization: Basic dGVzdHVzZXJAdGVzdGRvbWFpbi5jb206dGVzdHBhc3M=" \
-d s_form_values=guid-to-cc-subject-msg-job_id-attachedFiles-attachedContacts-strRegardingObjectUUID-strRegardingObject-boolAllowDirectReply \
-d s_auth="6akj209db12bikbs01hbobi3r0fws7j2" \
-d boolAllowDirectReply=true \
-d strRegardingObject=job \
-d strRegardingObjectUUID="512b3b2a-007e-431b-be23-4bd812f2aeaf" \
-d to="test#testdomain.com" \
-d subject="Job Diary E-mail" \
-d msg="hello"
Edit/Update/Disclaimer:
This information is for convenience and efficiency - memos, quick tasks, notifications, updates, etc. This isn't to be relied upon for critical business operations as it is undocumented, and since it does not process JS like a browser would, it could stop working if the inner workings of the service changed.