how to get a 2 legged authentication on autodesk forge - authentication

i have generated a token using a get request and when i am making an api call the call is getting failed so pls add up your suggestion's
here is the error where i am getting an error ,here is the access token which is generated from the 2-legged authentication how do i verify the access token and make a api call to the Autodesk forge

http status code 401 means that server doesn't know who you are. it may occur when you didn't put 'Authorization' in your request headers (or maybe in an incorrect form).
so make sure you have put 'Authorization' in your http request headers and try again!
(note that you have to add 'Bearer ' in front of your access token, and there's a blank after 'Bearer')
{
Authorization : 'Bearer ' + <your token>
}

Related

axios api authentication headers jwt and security

Two questions here:
I was not able to pass in a post request using axios and authorization headers as such:
axios.post('http://localhost/dashboard', {headers: { 'Authorization': 'JWT xxxxxx' }})
But I was able to get it to work with a preset: axios.defaults.headers.common['Authorization'] = 'JWT xxx'
Am I missing something as to why the headers parameter was sending the "headers" as a data payload instead of as an actual header?
Once I generate a JWT from my login page, on each page request after that I am only showing the page if the response.status is 200. Is this the correct way to redirect someone back to a login page if their jwt is fake or invalid for accessing the page?
The flow is:
/login for user to get JWT
immediately directed to /dashboard but before they are an api call is made to /dashboard using the JWT and if status code is 200, then the /dashboard page is shown. Is this correct or should I be implementing something more than just a 200 code?
Am I missing something as to why the headers parameter was sending the "headers" as a data payload instead of as an actual header?
Because you're passing the headers as the data payload. I suggest reading the axios docs for axios.post()
It's common to automatically refresh the JWT instead of logging the user out. Depends on your security requirements. For ex., if you were a bank, it's better to log the user out than to auto refresh the JWT.
Instead of checking for 200, check if the status is 403 (or whatever status your backend returns for an invalid JWT). If your backend errors (500), or receives a bad request (400), it's not relevant to an invalid JWT and you'd be logging the user out for nothing.

Issue of invalid access token when trying to get households

I haven't had an issue getting access tokens, but when I try to test my access token by requesting households, I am getting 'Invalid Access Token' as a response. My refresh token appears to be working fine, but even refreshed access tokens are failing for this request.
I may be setting up my curl incorrectly for this request, can you please let me know exactly which tokens/keys/values are to be placed in these 2 headers, I don't find the documentation to be clear:
Authorization: ***** Hidden credentials *****
X-Sonos-Api-Key: 00000000-0000-0000-0000-000000000000
Thanks
In the sample getHouseholds request, you need to provide your access token as a header in the format:
Authorization: Bearer <Access-Token>
and then your API Key (generated when you created your integration) in a second header:
X-Sonos-Api-Key: <Api-Key>
Be sure to also include the content-type header:
Content-Type: application/json

eBay API request error: 'Invalid access token. Check the value of the Authorization HTTP request header.'

I've registered as a developer with eBay and created an app.
I generated an Oauth (not Auth'n'Auth)
Using Postman to generate a simple request (image) and recieving an error for token invalidity
Error: Invalid access token. Check the value of the Authorization HTTP request header.
What am I doing wrong here?
If your token is for "sandbox" environment, make sure you use sandbox API endpoints for your requests as well.
Instead of https://api.ebay.com/buy/browse/v1/...,
try https://api.sandbox.ebay.com/buy/browse/v1/....
One of the issues which might have happened is:
The access token might have expired
Use the refresh token to refresh the access token when it expires — you know when to do this when your call to the API returns a status code of 401 and the above body you saw in Postman.

Invalid credentials error requesting oauth2 token from PayPal API

I am using the PayPal REST API for the first time and trying to get an authentication token but keep getting an "Invalid credentials error".
I am following Step 2 in the documentation found here:
https://developer.paypal.com/webapps/developer/docs/integration/direct/make-your-first-call/
I am using the Chrome extension "Advanced rest client"
Here are the values entered in the rest client:
Header:
content-type:application/x-www-form-urlencoded
Accept:application/json
Form data
grant_type:client_credentials
clientId:ASF6RRBP0uTq7FnC90tpFx7vfA-Pliw8uQDjv5RZ10Y_NVspuc88pUPLN6yM
secret: EAdx7BDKzWczDomYG2QDHu8jhaAXj4xDZLHadvL5aRfesjwo5c81zbSpRxuE
When I send the request I get the following error:
{
error: "invalid_client"
error_description: "Invalid client credentials"
}
Can anyone help me to figure what I am doing wrong here?
Form data should only contain
grant_type=client_credentials
and then add header
Authorization: Basic put base64of(clientid:secret)here
don't pass client id and secret in form data.

SurveyMonkey API - Console issue

im trying to test the Survey Monkey api via the online test console but keep getting the following error:
https://developer.surveymonkey.com/io-docs (link)
It's asking me to enter the Authorisation:
Content-Type:
Authorization: bearer %s <--- not sure where to get this from? (Access token)
api_key:
JSON:
and so im getting a "errmsg": "Invalid \"Authorization\" data in request header"
Is this generated elsewhere.. or am i missing something
You get the access token when you perform OAuth - select the app from your existing client credentials, hit Authorize, log into your SurveyMonkey account, and it should auto-populate the 'Access Token' field. Then copy this into the Authorization header in the form "bearer (access token)" (without the quotes or parentheses).
Cheers,
Miles
The authorization header works for me with bearer XXXYYYZZ. Doc here: https://developer.surveymonkey.com/mashery/requests_responses