Edit:
Initially, the question was how to get an Office365 calendar in JSON without authentication; but, what I meant was how to get an Office365 calendar in JSON without requiring the OAuth2 step (so, for example on the server-side other authentication methods are acceptable to retrieve the calendar data).
Problem:
I would like to use the Office 365 REST API to access this published calendar (i.e. the "read" operation only since the calendar is published), so that I can "style" the calendar the way I prefer. So, I am looking for a public API approach to using one of my calendars. The code examples for the Office 365 REST API that I found use OAuth to authenticate the client. This seems like overkill.
I have come up with some possible solutions, so any suggestions on the best approach is welcome.
Background:
I have a published calendar in Office365, which gives me a feed:
http://outlook.office365.com/owa/calendar/USER#DOMAIN/CALENDAR_NAME/calendar.ics
and the URL:
http://outlook.office365.com/owa/calendar/USER#DOMAIN/CALENDAR_NAME/calendar.html
How can I do what "calendar.html" is doing, so that I can display a calendar the way I would like it to be displayed (instead of IFraming what Office365 provides)?
Example:
Here is an example URL using the REST API:
https://outlook.office365.com/api/v1.0/users/USER#DOMAIN/calendars
The browser will bring up a basic authentication dialog, so it looks like OAuth is not the only method required (one possible solution, the request could be proxied from a local server that is calling the REST API using basic authentication).
Issues:
One issue might be that the calendar "publishing" feature is meant for a limited amount of data (e.g. 1 year prior or in the future at the most) which is what I assume is what the iCalendar (*.ics) file would contain for any request.
Using the REST API with authentication assumes that there isn't a date range restriction (since one can query the calendar using the REST API, I assume you could query further back than a year).
Possible solutions:
Proxy the request from another server by making the REST API calls using basic authentication. Caching might also be needed since it appears the response times could be slow. The calendar could be either JavaScript that consumes a local endpoint, or HTML content generated at the server.
It looks like the Office365 AuthenticationContext.AcquireTokenAsync() will accept a ClientCredential (client id and secret) or also a UserCredential (simple username and password). So, I think I can run a local proxy service that uses the Office365 library by manually passing in credentials to the function that acquires a token. (I still need to test this to make sure that the function will indeed work this way.)
Simply iFrame the "calendar.html" page provide by Office 365. (Cross domain is prevented, unless it's on one of the Microsoft hosted solutions "Something Webs".)
If using the iCalendar (*.ics) feed, then one would need a transformation function for the iCalendar format to JSON (https://github.com/kewisch/ical.js), then JavaScript or a calendar library could be used to design a custom calendar. (This wouldn't be very convenient for viewing a year's worth of calendar events without cashing and providing a querying mechanism, except for displaying one month back and forward. So, some sort of ics2json to use on FullCalendar might work for only a couple months of calendar history.)
Any suggestions on the best approach (or another approach not listed here) is welcome.
The Office 365 APIs require Oauth2 in order to function. If you are using Visual Studio to develop your app, the O365 tools for Visual Studio + OWIN middleware will handle a lot of the oauth work for you.
If oauth is absolutely not an option, I'd consider using the EWS APIs instead, which can use basic authentication (more info on that here on MSDN).
Related
I am trying to use the Fantasy Premier League Api's, however for many of them I require a session token.
According to docs, in order to achieve this I need to create a POST request and send my password/login/redirect_uri. If successful I should receive my desired session token in the response headers (which I will later use in the requests needed).
Example of how the request should look
However one thing I have noticed is that the documentation contains examples using python, and I am not sure if I can achieve the same result using the XCode environment. I have no knowledge of Python and would love to know if I can achieve the authentication using only Alamofire/URLSession.
For additional info regarding this type of authentication, you can check out these posts.
Guide 1:
https://medium.com/#bram.vanherle1/fantasy-premier-league-api-authentication-guide-2f7aeb2382e4
Guide 2:
https://medium.com/#frenzelts/fantasy-premier-league-api-endpoints-a-detailed-guide-acbd5598eb19
I am a bit confused. The requirement is that we need to create a REST API in Salesforce(Apex class) that has one POST method. Right now, I have been testing it with POSTMAN tool in 2 steps:
Making a POST request first with username, password, client_id, client_secret(that are coming from connected app in Salesforce), grant_type to receive access token.
Then I make another POST request in POSTMAN to create a lead in Salesforce, using the access token I received before and the body.
However, the REST API that I have in Salesforce would be called from various different web forms. So once someone fills out the webform, on the backend it would call this REST API in Salesforce and submits lead request.
I am wondering how would that happen since we can't use POSTMAN for that.
Thanks
These "various different web forms" would have to send requests to Salesforce just like Postman does. You'd need two POST calls (one for login, one to call the service you've created). It'll be bit out of your control, you provided the SF code and proven it works, now it's for these website developers to pick it up.
What's exactly your question? There are tons of libraries to connect to SF from Java, Python, .NET, PHP... Or they could hand-craft these HTTP messages, just Google for "PHP HTTP POST" or something...
https://developer.salesforce.com/index.php?title=Getting_Started_with_the_Force.com_Toolkit_for_PHP&oldid=51397
https://github.com/developerforce/Force.com-Toolkit-for-NET
https://pypi.org/project/simple-salesforce/ / https://pypi.org/project/salesforce-python/
Depending how much time they'll have they can:
cache the session id (so they don't call login every time), try to reuse it, call login again only if session id is blank / got "session expired or invalid" error back
try to batch it somehow (do they need to save these Leads to SF asap or in say hourly intervals is OK? How did YOU write the service, accepts 1 lead or list of records?
be smart about storing the credentials to SF (some secure way, not hardcoded). Ideally in a way that it's easy to use the integration against sandbox or production changing just 1 config file or environment variables or something like that
When using rooms and equipments, Exchange (in Office 365, but in other versions as well) uses a number of options to handle requests for those resources in events.
By default, Exchange will for instance strip the subject when creating the event in the room's calendar, and replace it with the organiser name. If you then try to fetch the room's calendar (for a meeting room display, for instance), you'll only have the organiser name instead of the subject of each meeting.
This may be appropriate in some scenarios, but in many others one wants the actual subject to be shown in that calendar.
To achieve that, the only option I know of is to use the Powershell Set-CalendarProcessing cmdlet to change DeleteSubject, AddOrganizerToSubject and more.
In a SaaS environment this is pretty annoying as you need the Office 365 admin to use Powershell to do this operation, which may not be completely straightforward, or you need to ask for the user's login and password and pass them to Powershell, which raises security issues, and will not work in many scenarios (2FA, SAML auth...).
Is there a way to access these settings via Microsoft Graph?
Alternatively, if not available via Microsoft Graph, is there a way to use a Microsoft Graph oAuth token to perform this operation via Linux Powershell? I know it's possible to use oAuth tokens, but despite all my efforts I haven't managed to find a way to perform regular hosted oAuth login and use the token received for this purpose.
Any hints welcome!
Edit
To clarify: I'm in a SaaS scenario where I am the SaaS provider, so I need to allow admins of my customers to change those settings easily or automatically, it's not to access my own room mailboxes (I would use powershell for that).
I don't see anything in the MS Graph Reference that would do what you want. With that said, the barriers you state in your question for using the remote powershell api shouldn't be hard to accomodate.
For starters, your IT provider for email should work with you to configure rooms the way that you want/need. If they are willing to delegate this to you, then there are ways to set up Role Based Access Control (https://4sysops.com/archives/create-custom-rbac-roles-in-exchange-and-office-365/) to give you only access to calendar processing.
Likewise, MS has posted instructions and tools to use MFA with Exchange Online Powershell (https://learn.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/mfa-connect-to-exchange-online-powershell?view=exchange-ps).
According to your description, I assume you want to get the subject of a meeting room.
There is no reference on official Doc for your case yet, we can post this issue to the Graph support on the User Voice.
The only interface I'm aware of for managing this (beyond the Exchange UI of course) is PowerShell.
This isn't supported by Microsoft Graph or Exchange Web Services. It's worth noting that even if this operation was supported, it would still require an Admin to execute it. Operations of this nature almost always require Admin Consent.
Try using JEA (Just Enough Administration) or PSSessionConfigurations . Create a constrained endpoints and give access for necessary user/groups for required cmdlets.
I work for an ecommerce site and we are looking to expose much of our core functionality via a set of APIs. We plan on re-writing some of our own public facing applications (e.g. the main shop website and our mobile app) to call these new APIs also. We also want to offer some of these APIs out to third-parties who want to integrate with us.
My first question is - what is a suitable authentication method for these APIs? Everything I read is about OAuth, but am I right in saying that this doesn't fit in this case as we're not looking to use another log in system (e.g. Facebook, Google) but rather restrict access to our own API (so maybe an API key or JWT solution would be better?)
Secondly, our current website has it's own user accounts system. How do you offer /user endpoints (like GET user/1235/paymentmethods) in an API like this? Surely the actual user (website customer) needs to authenticate somehow in order for the given API consumer to access their data.
I've spent the last 2 days reading about this but I'm at a loss as to how to go about this! Any help much appreciated.
I'm using the outlook calendar rest api from Salesforce. To continuously leverage the calendar API I need to get authorisation code, access and refresh token.
I have been able to get the Authorisation code by hitting the API. How to get the access token using development code to use the outlook calendar rest API.
Please find the list of AAD authentication libraries here:
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-libraries
I found this tutorial in Python very helpful for getting access codes:
This tutorial uses Microsoft Graph (which covers several Microsoft products including Microsoft Outlook) rather than the outlook REST API (which covers just Outlook).
https://learn.microsoft.com/en-us/outlook/rest/python-tutorial
At first, I thought setting up a Django server was overkill. Then I realized that I wanted a way for my Python instance to capture the access code after going through single-sign-on. (I MUST use my browser for single-sign-on because my institution uses multi-factor authentation.) Having a Django server is a natural way to do this.
So I created a new PyCharm Django project (which is straight-forward in PyCharm) and began following the tutorial.
I found it essential to continue following the tutorial all the way through displaying my emails to avoid getting authentication errors -- deviate from the tutorial, and I got error messages (such as this one) that were unpenetrable.