I am trying to put a file into Google Cloud Storage by using API KEY. What is the proper way to do it?
I am put into an address of
"https://storage.googleapis.com/my_test?key=AIzaSyD5TnLAX6N_xAuSudUYSS6k1j8UxfaV9YN"
However, I got an error saying I am missing a required header. What should be the proper way to do this?
Thanks.
Server responded with: MissingSecurityHeader; Your request was missing a required header: Authorization
An API key is not an authentication mechanism. See the Authentication page for the supported authentication methods. Namely:
OAuth 2.0
Cookies
Service Accounts
Related
The Paypal API doesn't recognize my Client ID and Secret I got from https://developer.paypal.com/developer/applications/
I wanted to include a server side checkout according to this tutorial https://developer.paypal.com/docs/archive/checkout/how-to/server-integration/
When I do the request to https://api-m.paypal.com/v1/payments/payment I always get a 401 Error with the message "Authentication failed due to invalid authentication credentials or a missing Authorization header.".
I checked multiple times if my credentials were correctly included into the request. I also tested the endpoint in my server environment and as well via Postman.
I also tried the route https://api-m.sandbox.paypal.com/v1/oauth2/token to exchange my credentials with an access token and got the same problem.
I also tried to create multiple Sandbox and Live Accounts and always got the same error.
Has anyone an idea what the problem could be?
There are two separate issues here.
You first need to use /v1/oauth2/token to obtain an access token, and then use that access token to call any of the other actual APIs.
The credentials you obtain from PayPal Developer will be for either "Sandbox", or "Live". Make sure you choose the correct tab (sandbox, for development). Sandbox credentials will only work for api-m.sandbox.paypal.com , and Live credentials will only work for api-m.paypal.com . The two environments are completely separate.
If you still have issues, post the SANDBOX client ID and secret you are using, and the full request and response to the api-m.sandbox.paypal.com endpoint. There should be a PayPal-Debug-Id in any error response, in the headers if nowhere else.
I’m currently experimenting on Metaflow. I followed the documentation and was able to deploy an aws setup with the given cloud formation template.
My question is why is that I’m always getting a:
message: "Missing Authentication Token"
when I access METAFLOW_SERVICE_URL in the browser, even if I made sure that the APIBasicAuth was set to false during the creation of cloudformation?
Shouldn’t this setting make the metadata/metaflow service accessible without the authentication/api key?
How can I resolve this? Or is this expected? That is, I cannot really view the metadata/metaflow service url via browser?
Thanks in advance
This was resolved under this github issue.
You still need to set the x-api-key header if you are trying to access the service url via the browser. To get the api-key you can go to the aws console
Api Gateway -> Api Keys -> show api key
Alternatively you can use the metaflow client in the sagemaker notebook which should be automatically setup for you via the template.
Also worth mentioning that there are two sets of endpoints: The one provided by the api gateway (which you seem to be hitting) and the one provided by the service itself. The api gateway forwards the requests the the service endpoints but needs the x-api-key to be set in the header. You can probably try hitting the service endpoints directly since you disabled auth.
I am very new to WSO2 API manager and trying out my very first simple restful api. which returns json response and has no security since it is an internal api.
I installed WSO2 API manager locally and trying to call the rest api on my dev server which uses http and no security as I mentioned earlier.
Here is how my get url looks like:
and here is my url looks like for production and sandbox environment:
I don't have any message mediation enabled.
I went to the API store and created a trial application (so that I can get the access token. Eventhough, my dev environment api has no security, I was reading that for throttling and other purpose, I need to pass bearer token to the WSO2 api OR it will reject the request.)
When I am trying to consume the api, I get the following binary message.
Is there any way I can see the proxy log on WSO2 server so that I can see the request and its header sent to my dev server?
How can I fix this binary response to get the proper json response?
I searched all over and can't find solution to it.
You can use below steps on WSO2 ESB or APIM to enable Wire Logs.
Uncomment below line in /repository/conf/log4j.properties
log4j.logger.org.apache.synapse.transport.http.wire=DEBUG
Restart Server.
Source - http://lakshanigamage.blogspot.com/2015/03/how-to-enable-wire-logs-in-wso2-esbapim.html
I went through this tutorial on KONG
https://getkong.org/plugins/jwt/
I have an understanding of JWT and authorization concepts. I have prototyped JWT with Spring Boot where I could put my own key value like this {"authorizations":"role_admin, role_user"}.
It is easy to do that in Spring Boot but I am not able to find information on how to do this with KONG. Anyone has any info about it?
Kong community edition can handle only the authentication process, (give or deny access to a customer).
Authorization process (what a given customer can do in your application) is handled by your application or by https://getkong.org/plugins/ee-oauth2-introspection/ oauth2 introspection plugin which is enterprise edition only
you can write your own authorization server based on X-Consumer-Username request header if user passed authentication or original token header proxied by kong
hope helps
The kong jwt plugin does not support sending custom payload parameters to the upstream api. It does however seem like you can use this plugin (I have not tested it):
https://github.com/wshirey/kong-plugin-jwt-claims-headers
Update:
If you set Kong to forward all headers you'll get the raw Authorization header with the jwt token. So you could base64 decode the jwt token and pull out the claims/payload parameters you need manually in your service.
We are using Apigee as our Authorization Server (AS) and we have a few Spring Restful services deployed in IBM Bluemix public cloud which acts as our Resource server (RS).
Each of the services has an equivalent proxy service configured in Apigee. For the proxy services, we have configured the VerifyOAuthTokens policy to verify the token passed by the user and return an error if invalid token is passed
The problem is, since our RS is in the public cloud (no plans or need of moving to a dedicated or private cloud) the api endpoints are open and can be invoked by anyone who knows the url.Though the expectation is everyone should call the apis via APIGEE proxies but we cannot force that since we are in public cloud and there are no options of opening ports coming from apigee or something. We would like to take the following approach to secure the api endpoints.
Accept the Authorization header for each call
Take the token and call a validate token service in Apigee
For 2, We are not able to find an APIGEE api which can validate an access token similar to say googles
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=1/fFBGRNJru1FQd44AzqT3Zg
or Github's
GET /applications/:client_id/tokens/:access_token
Is there actually an external APIGEE service to validate a token?
If not, what would be the best way to make sure that only valid users with valid tokens can access the apis?
Thanks,
Tatha
Did you look at this post in the Apigee Community: Using third-party OAuth tokens
We did something similar to this but not using oauth tokens. We used Apigee to do a callout to a third party IDP (identity provider). The 3rd party IDP wasn't able to generate tokens but exposed a web service to authenticate the user. If the user was authenticated successfully (based on interpreting the result received back from the target endpoint webservice), then you tell Apigee that it was successful by setting the external authorization status to true (step #2 in the link).
NOTE: this has to be done inside an Assign Message Policy step PRIOR to the GenerateAccess token operation. Apigee interprets this as a successful authorization and then can generate a valid oauth token that the caller can then send along to access the protected API.