I'm trying to call getAllSiteAccounts using the following URL:
https://rest.developer.yodlee.com/services/srest/restserver/v1.0/jsonsdk/SiteAccountManagement/getAllSiteAccounts
When I make the call, I get back:
oauth_error_problem=invalid_url_access&oauth_error_code=418
A 418 error code is:
STATUS_HTTP_DNS_ERROR_EXCEPTION
Problem Updating Account(418): We could not update your account because the site is experiencing technical difficulties. Please try later.
Am I using the correct URL? I know they really don't want us to use this call in evaluation mode as it could time out, but I would think I'd get back a different error if that was the case.
Thanks,
Chris
This URL is working. I tried this REST API using an external REST client and successfully got the response.
Below is the request which is being sent.
POST /services/srest/restserver/v1.0/jsonsdk/SiteAccountManagement/getAllSiteAccounts HTTP/1.1
Host: rest.developer.yodlee.com
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
cobSessionToken=xxxxxxxxxxxxx&userSessionToken=xxxxxxxxxxxxxxxxxx
Can you test this again.
Related
I am confused. I've added headers to a request before and, for some reason, this one does not work as I want it to.
I'm trying to perform a post request to Linkedin following their documentation to get an access_token from an OAuth2 flow. I have the preliminary code to pass to the token endpoint, that is not an issue.
This is the sample request from the docs:
POST /oauth/v2/accessToken HTTP/1.1
Host: www.linkedin.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code={authorization_code_from_step2_response}&redirect_uri=hhttps%3A%2F%2Fdev.example.com%2Fauth%2Flinkedin%2Fcallback&client_id={your_client_id}&client_secret={your_client_secret}
I assume the Host header is to avoid CORS issues, but it just isnt being set. When I perform this request, my console gives me this 404:
Given that I know the Header is not 'unsafe', how do I go about setting it in this specific case?
Any help would be greatly appreciated, thank you!
My bad. Remove the Host header from config object and set it directly in the URL. Works just fine. I now have CORS Allow-Origin issues, but that's not related.
I was trying to setup Jmeter for Salesforce API testing. However getting the below error during Salesforce authorization:
"error":"unsupported_grant_type","error_description":"grant type not
supported"
I am passing the parameters as in the screenshots attached. The same parameters when passed in Postman works fine, however I am getting this error in Jmeter. Please let me know if I am making some error in passing the parameters in Jmeter.
Jmeter_HTTP Header Manager
Jmeter_HTTP Request
Jmeter_Sampler Result
According to HTTP Status Code 400 documentation
The HyperText Transfer Protocol (HTTP) 400 Bad Request response status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).
Looking into your request, you're sending Content-Type header as application/json therefore your server expects JSON and you're providing something different.
My expectation is that you should switch to Body Data tab of the HTTP Request sampler and set the request body to look like:
Check out REST API Testing - How to Do it Right article for more information on REST APIs testing using JMeter.
I struggle with the same issue but it finally worked for me by doing the following:
Use Content-Type application/x-www-form-urlencoded in an HTTP Header Manager
Make sure is a POST Method and that you're using https
Not sure if it is necessary but in the Parameters tab make sure all (grant_type, password, client_secret_ client_id and username) are Content-Type application/x-www-form-urlencoded and check the URL Encode option for all
Only check "Follow Redirects" and "Use KeepAlive" options in the HTTP Request
hope it works for you too
i am trying to implement caching for dynamic API calls where data is near-static. The approach i have taken is using the ETag and returning an ETag header for a Web API response headers. However, Browser doesn't seems to return the "if-None-Match" header at all for me to validate the subsequent calls.
Please note that i am using https and i have a valid SSL installed. Anyone had this issue and potential clues?
Found the root cause of the issue, It was due to the wrong cache-headers being sent by the server particularly Cache-Control: no-store
After changing the response headers, Browser is now able to send the If-None-Match request header.
My current response header is as below which is good enough to request the browser to re-validate it.
I have used a proxy tool to capture a certain REST HttpRequest. The request is a HTTP PUT command followed by an extremely long REST link containing specific data that gets sent to the server.
In the proxy tool it looks something like this:
Header
PUT http://XXX.XXX.XXX.XXX:8080/rest/blah/blah/.../ HTTP/1.1
Host: XXX.XXX.XXX.XXX:8080
User-Agent: Mozilla/5.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-language: en-us, en:q=0.5
Proxy Connection:keep-alive
Content-Type:XMLHttpRequest
Referer: http://XXX.XXX.XXX.XXX:8080/plugins/blah/blah
Content-length: 11156
Cookie: JSESSIONID=<really long alpha numeric>
Body:
{"links":{"self":"/rest/plugins/1.0/blah/blah.....
...
... lots and lots of JSON text
}
}
So the proxy tool has been helpful in identifying what the request looks like.
But the only way to generate this request is by clicking a button on the webpage. I would like to send exact same request on my own (like creating a custom link that when clicked generates a similar request to the one shown above). How do I do this?
Also, anything I type in the web browser URL area automatically is a "GET". How do I force a PUT?
Cookie: JSESSIONID=
This clearly indicates that the API you want to use is not a REST API, because it violates the stateless constraint of REST.
How do I force a PUT?
Probably you don't have a way to do that. It depends on the security settings of the web API. If you want to do this with AJAX from the browser, and your domain is different from the APIs domain, then you need a CORS header from the API, which allows your domain to read cross origin responses. By PUT the browsers sends a preflight first, and if it cannot read the response, it will never send the real PUT. Security policy and other headers can block XSS in the browser, so you probably don't have a way to do this from browser.
You can do this from your server by copying the request details and catching the session id somehow.
If the API allows access to 3rd party clients, then I suggest you to contact with them. If not, then you 99% that you won't be able to do this.
I have integrated twitter in my app. but I am not able to log out the session of the user.
For logging I am using http://%##twitter.com/statuses/update.xml
and passing the username and pswd in the url. Inside body i pass the string that needs to be updated and its working fine.
Now For log out they have an request called
http://twitter.com/account/end_session
and it is been said we need to use post request. But I am not able to get what we have to pass in body and header so that twitter should know which user has requested for log out.
Below is the link of documnetation but I didnt suceed in this.
http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-account%C2%A0end_session
Waiting for reply
Thanks in advance
When you are posting to statuses/update.xml using the method you described, you are not logging in, you are simply updating the user’s status and passing the user name and password with the request. As you are not logging in, there is no session and no need to log out. This is good, because it’s easy, and it’s bad, because it’s insecure – you’re passing the password openly. Read the documentation about authentication. The authentication method you’re using right now is called “Basic Auth” there.
You can look at how you post looks in the HTTP request:
$ nc -l 1234
$ curl -d "Status update" http://user:passwd#localhost:1234
The output from netcat looks like this:
POST / HTTP/1.1
Authorization: Basic dXNlcjpwYXNzd2Q=
Host: localhost:1234
Accept: */*
Content-Length: 13
Content-Type: application/x-www-form-urlencoded
Status update
The Authorization line is the “Basic Auth” as described by the Twitter API docs and Wikipedia.