I'm trying to create a comment with Github's api, but it's failing, and I'm looking for debugging tips.
I'm using the url listed in the api docs, which correctly returns a list of comments for a GET request. When I try to do a POST request, I get a 404 response. I'm using an Ajax request from a browser with cors, and I have an OAuth token in the 'Authorization' header field.
The url looks like:
https://api.github.com/repos/username/repo/commits/sha/comments
The post body looks like:
{"body":"hello!","commit_id":"same_as_sha_in_url","line":79,"path":"path/to/file.js","position":2}
I'll answer my own question. It was apparently because my OAuth scope was read-only. Adding 'public_repo' and 'repo' to my OAuth scope fixed the problem.
Related
I have the following code:
string tokenValue = "221e0a91-6530-4790-a969-d1da75b0afd2";
// Configure httpClient to use the above token.
httpClient.DefaultRequestHeaders.Add("token", tokenValue);
The subsequent calls (HEAD, POST, GET) all work fine.
When I try to do the same thing using Swagger Inspector, it fails. I am able to get a token using Swagger Inspector site, and I place the token into a HEAD call as follows:
But as I said, the call fails, with "Authorization has been denied for this request." message returned as an XML file.
I also tried the two other options available on the same page: Basic Authentication, and OAuth 2.0/JWT, all with HTTPS. They all fail.
How can I go about understanding why it's failing?
Also: Is what I am using above called "Bearer Authentication"?
I have below 2 things to mention from your screenshot:
Response for HEAD method never contains the response body, it always contains the response headers
for more details of HEAD: HEAD Request
But in your case response-body is also present (maybe of CML content type).
You should use OAuth 2.0/JWT option on the same page to pass the token along with your request.
To answer your question related to Bearer Authentication:
No, the one you are trying to use is not at all Bearer Authentication.
In your case, "token" will be considered as Custom/User HTTP Header.
I'm trying to access the SmartSheets REST API as described in the "Getting Started" documentation here: https://smartsheet-platform.github.io/api-docs/#getting-started and elsewhere. I generated an access token in the UI and, using Postman, tried a couple of simple GET requests cribbed from the documentation:
https://api.smartsheet.com/2.0/users/me
https://api.smartsheet.com/2.0/sheets
I set the Authorization and Content-Type headers as indicated. In both cases, I get Http 403-Forbidden errors with the message "You are not authorized to perform this action."
So how do I get authorized to perform these (or any other) actions?
You might want to verify that your access token value is correct. Also, when you set your Authorization header, are you including "Bearer " before your access token?
In Postman, it should look something like this:
Just a typo. I was including "Bearer" in the authorization header, but I had 2 spaces between "Bearer"and the token. You can only have one.
I'm trying to use the QBO v3 API object update function described here. The API explorer shows a different uri.
I'm trying to update an account with Id 42. Both of the following URIs get me a 401:
As the documentation would suggest:
https://quickbooks.api.intuit.com/v3/company/0123456789/account?requestid=42
(the above at least gives me a json blob with the 401)
As the api explorer would suggest:
https://qb.sbfinance.intuit.com/v3/company/0123456789/account?operation=update
(here I don't even get the json, just a plain 401)
My request body is successful when I use the api explorer, so I don't believe that's the problem. I also don't believe authentication is the problem, because I can successfully create objects and also make queries with the same headers.
What might I be missing?
Don't put the Account object's ID into the URL. The [?requestid=] from the documentation you mentioned apparently refers to an id related to the request (not the object in question). The API Explorer's URI appears to simply mislead (although I could certainly be missing something here).
In your example, just use this:
https://quickbooks.api.intuit.com/v3/company/0123456789/account
Let the headers and request body do the rest.
Correct BASE URI: https://quickbooks.api.intuit.com/v3/company/
you can refer example request/response section of any entity doc.
Ref -https://developer.intuit.com/docs/0025_quickbooksapi/0050_data_services/030_entity_services_reference/bill
To debug(401 authentication issue), you can use any standard RestClient.
In the following thread, I've explained how to use RestClinet plugin of Mozilla to test any QBO V3 endpoint.
InvalidTokenException: Unauthorized-401
You can download IPP's devkit and using that devkit you can call any endpoints easily.
https://developer.intuit.com/docs/0025_quickbooksapi/0055_devkits
Hope it will be useful.
Thanks
I am new to Sinatra and want to get it working with oauth2-provider gem. I followed instruction https://github.com/songkick/oauth2-provider#readme and looked at example. But after i've got access_token, i can't get information from Oauth endpoint using this. It generate 401 not Unauthorized error. From my application i do request
http://localhost:9292/me?access_token=, i've tried html request as well as json request, but without success.
Anybody faced with this problem ?
Looks like you did your request using HTTP vs HTTPS. Did you try setting Songkick::OAuth2::Provider.enforce_ssl = false for now?
What are the post parameters i need to pass to the facebook login page?
To login to Facebook via http requests you can do this:
make a post request to this url:
https://login.facebook.com/login.php
make sure you have the following header set:
Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F
and use these post parameters:
locale=en_US&email=email#site.com&pass=password&persistent=1
(make sure to set your own email and pass
Facebook doesn't use this method anymore. They even removed all references to it from their docs. Google cache still has them here if you really need those (not sure if that link works for you).
New way of authorization is described here.