I have followed and double checked the steps to get a bearer token from https://dev.twitter.com/oauth/application-only
i keep getting the following error :
Status : 403 Forbidden
{"errors":[{"code":99,"message":"Unable to verify your credentials","label":"authenticity_token_error"}]}
I tried passing grant_type=client_credentials in body as well as query parameter.
The URL i am hitting is : https://api.twitter.com/oauth2/token?grant_type=client_credentials
Headers Set :
Authorization : Basic [base64encoded(client_key:client_secret)]
Content-Type : application/x-www-form-urlencoded;charset=UTF-8
I am using poster as the rest client to make the calls.
Could any one point out where i may be going wrong.
Thanks a lot.
Send "grant_type=client_credentials" as the payload.
var options = {
"method":"post",
"headers": {
"Authorization":"Basic " + Utilities.base64Encode(param),
"Content-Type":"application/x-www-form-urlencoded; charset=UTF-8"
},
"payload" : "grant_type=client_credentials"
};
var response = UrlFetchApp.fetch(TOKEN_URL,options);
Related
I am running tests on a web application to test WYSIWYG functionality and XSS vulnerabilities. I use the following command before
beforeEACH(() => {
cy.vaderAuth()
});
Cypress.Commands.add('vaderAuth', () => {
let config = Cypress.config();
cy.request({
method: 'POST',
url: Cypress.config('tokenUrl') + '/api/v1?actions=api/v1/login',
body: {
username: config.horizon.username,
password: config.horizon.password,
}
}).then(response => {
window.localStorage.setItem('JWT', response.body['api/v1/login'].token)
})
})
The above command successfully gets the Bearer Token but then the following test throws a 401 Unauthorised error.
it('Sending a regular API request to Welcome Messages', function() {
cy.request({
method : 'POST',
url : '/api/v1/organisations/welcome-message?actions=api/v1/organisations/welcome-message/set-welcome-messages',
body : {"welcome_messages":[{"message":"<p>Test investor welcome message!</p>","type":"User"},{"message":"<p>Internal User welcome message Cypress Test. </p>","type":"Internal User"},{"message":"<p>Test entrepreneur welcome message!</p>","type":"Entrepreneur"}]},
headers : {"Authorization": "Bearer " + window.localStorage.JWT}
})
})
beforeEach working, API request 401
401 cypress error
I have checked the failure and it is sending the Bearer Token as a header, and the request headers match the headers the same request sends if I enter the Bearer Token manually as follows.
it('Sending a regular API request to Welcome Messages', function() {
cy.request({
method : 'POST',
url : '/api/v1/organisations/welcome-message?actions=api/v1/organisations/welcome-message/set-welcome-messages',
body : {"welcome_messages":[{"message":"<p>Test investor welcome message!</p>","type":"User"},{"message":"<p>Internal User welcome message Cypress Test. </p>","type":"Internal User"},{"message":"<p>Test entrepreneur welcome message!</p>","type":"Entrepreneur"}]},
//headers : {"Authorization": "Bearer (insertbearertokenhere)}
})
})
When entering the Bearer Token manually the following tests all run smoothly with no error, but if I have to go in and change the Bearer Token every time I run these tests, it kind of defeats the point of automating it as by the time I've logged into my web app and got the token, I may as well test the application manually.
Any help on this would be greatly appreciated as I have been working on it with no luck for around a week now.
Using this documentation I'm trying to test the request using Postman the example on the right side:
$ curl https://subscriptions.zoho.com/api/v1/organizations
-H 'Authorization: Zoho-oauthtoken 1000.41d9f2cfbd1b7a8f9e314b7aff7bc2d1.8fcc9810810a216793f385b9dd6e125f'
-H 'X-com-zoho-subscriptions-organizationid: 10234695'
Maybe I'm not setting the parameters right but this is how it looks for the moment.
A new GET Request, in the url input: https://subscriptions.zoho.com/api/v1/organizations
And under that, in the Headers tab I added two key-value pairs:
Authorization: Zoho-oauthtoken 1000.41d9f2cfbd1b7a8f9e314b7aff7bc2d1.8fcc9810810a216793f385b9dd6e125f
Authorization: X-com-zoho-subscriptions-organizationid: 1023469
The returned result:
<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
</body>
</html>
If I deleted the second key-value pair it returns this JSON:
{
"code": 57,
"message": "You are not authorized to perform this operation"
}
What is wrong with my approach?
Can you try this?
If you are sure of the api url, do validate the token and create a fresh token and
add it to header as below:
HeaderName : Authorization
HeaderValue: 1000.41d9f2cfbd1b7a8f9e314b7aff7bc2d1.8fcc9810810a216793f385b9dd6e125f
HeaderName : X-com-zoho-subscriptions-organizationid
HeaderValue: 10234695
I tried this and is getting,
{
"code": 14,
"message": "Invalid value passed for authtoken."
}
Might be the token got invalid.
Now I tried with a new token generated myself and I am getting now,
{
"code": 0,
"message": "success",
"organizations": [],
}
In short, you have to generate an auth token first and then hit the url with proper header value as shown above.
Thank you :)
I'm trying to call HPQC API to get some reports but I'm not able to get the QCsession cookie when I call /qcbin/rest/site-session. I successfully authenticated with /qcbin/authentication-point/authenticate but I'm stuck in the next phase.
Not that I can use the API without any trouble with Postman, but my Google script doesn't work.
Here's a look at the call I'm doing :
var headers = { "Accept":"application/xml",
"Content-Type":"application/xml",
"method": "POST",
"headers" : {"Authorization": digestfull },
"muteHttpExceptions": true
};
var resp = UrlFetchApp.fetch(url,headers);
var cookie = resp.getAllHeaders();//['Set-Cookie'];//.split(';')[0].toString();
Logger.log(cookie);
//Get session cookie
param = "/hp/rest/site-session";
var url2 = hpqc + param + api_key;
var payload = "<session-parameters><client-type>REST Client</client-type></session-parameters>";
var headers2 = { "Accept":"application/json",
"Content-Type":"application/xml",
"method": "POST",
"muteHttpExceptions" : true,
"cookie" : cookie,
"body" : payload
};
resp = UrlFetchApp.fetch(url2,headers2);
The first call works fine, but the second gives me the following response :
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>Error 401 Authentication failed. Browser based integrations - to login append '?login-form-required=y' to the url you tried to access.</title>
</head>
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /qcbin/rest/site-session. Reason:
<pre> Authentication failed. Browser based integrations - to login append '?login-form-required=y' to the url you tried to access.</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>
It seems that the cookies aren't correctly sent.
Can you please help me find what is wrong with my code ? I'm sorry if it's too obvious, I'm learning to use google script.
Thank you
I changed the following code
var payload = "<session-parameters><client-type>REST Client</client-type></session-parameters>";
var headers2 = { "Accept":"application/json",
"Content-Type":"application/xml",
"method": "POST",
"muteHttpExceptions" : true,
"cookie" : cookie,
"body" : payload
};
with this and it worked
var payload = "<session-parameters><client-type>REST Client</client-type></session-parameters>";
var headers = {// "accept":"application/json",
//"contentType":"application/json",
"method": "POST",
"muteHttpExceptions" : true,
"headers" : {
"Content-type" : "application/xml",
"Accept" : "application/json",
"Cookie" : cookie
},
"payload" : payload
};
Thank you TheMaster for giving me the hint !!
I tried to follow the RT REST Guide but i can't able to search tickets with query . Every time it is getting empty items . But i have tickets with all query and it is a valid token . All other api is working with this token
I used the command
curl -si http://rt-test.backbonesecure.com/rt/REST/2.0/tickets?token=1-115-31ee899218dfb70735c500cd0a878857 -XPOST --data-binary '[{"field":"Status","value":"open"}]'
curl -H "Content-Type: application/json" -d "#abc.txt" -X POST http://rt-test.backbonesecure.com/rt/REST/2.0/tickets?token=1-115-31ee899218dfb70735c500cd0a878857
abc.txt contains the json query
{
"Queue": "General",
"Status": "new"
"Priority":"0"
"Owner":"Nobody"
}
Does anyone have any advice?
I am having luck using a query string. I haven't tried with a JSON search.
Firstly, I am quite sure that you are misusing the authentication token. It should be put into the header like this. I would recommend you get a simple request working, like the queues/all example.
Here is the request that I send:
POST http://localhost/rt/REST/2.0/tickets
Authorization: token <REDACTED>
User-Agent: libwww-perl/6.15
Content-Type: application/x-www-form-urlencoded
query=subject = 'Test Subject';page=1
And the reponse back:
{
"total" : 1,
"count" : 1,
"page" : 1,
"items" : [
{
"type" : "ticket",
"id" : "1415",
"_url" : "http://localhost/rt/REST/2.0/ticket/1415"
}
],
"per_page" : 20
}
I struggle in call the REST API at Dotmailer.
he provide a document for call the OAuth and get the token.
but it's always throws the same error.
Input is
Post Method
URI: https://r1-app.dotmailer.com/OAuth2/Tokens.ashx
JSON input is
{
"client_id" : "apiuser-XXXXXXXXXXX#apiconnector.com",
"redirect_uri" : null,
"client_secret" : "XXXXXXXXXXXX",
"grant_type": "authorization_code",
"code":"MyServerCode",
"test_mode":true
}
Out put is
{
"error": "invalid_request",
"error_description": "There was a problem with the 'grant_type' parameter: The parameter is required."
}
Anyone know the error.
Thanks in advance...
I think Dotmailer OAuth have some problem.
I was used alternatively Basic Authentication method to access the dotmailer API.
Base URI = https://api.dotmailer.com/v2/
Header
Content-type: application/json
Authorization: Basic base64_convertion(username:password).
Sample
Content-type: application/json
Authorization: Basic XXXXXXXXXXXXXXXX.
Use WADL method.
https://api.dotmailer.com/v2/help/wadl