How to get the right ACCESS_TOKEN in YouTube APIv3? - api

Working with YouTube Data API v3
I want to get Access token using this tutorial: https://developers.google.com/youtube/v3/guides/auth/server-side-web-apps
[[CODE]] :
4%2F0AdQt8qiarZnP_RFvafYA-ABLABLA*UpZ6YlB1_Byzrvqfm9iRthXll6F6TfG_f-cGw
[[CLIENT_ID]] :
27501137863BLABLA*sd2918n2gqqclurlegm6j2.apps.googleusercontent.com
[[CLIENT_SECRET]] :
GOCSPX-T0lF1yVLJ*BLABLAGgfL7qvcwB5p
I send a POST request:
screenshot: https://i.imgur.com/9DzF4aK.png
I get a 400 error, What's wrong?:
Status: 400
Pragma: no-cache
Date: Thu, 11 Aug 2022 18:14:44 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Content-Type: application/json; charset=utf-8
Vary: X-Origin
Vary: Referer
Server: scaffolding on HTTPServer2
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Origin,Accept-Encoding
Transfer-Encoding: chunked
{
"error": "redirect_uri_mismatch",
"error_description": "Bad Request"
}```

Your endpoint is wrong to start with its https://oauth2.googleapis.com/token Thats why you are getting a 404
POST /token HTTP/1.1
Host: oauth2.googleapis.com
Content-Type: application/x-www-form-urlencoded
code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7&
client_id=your_client_id&
client_secret=your_client_secret&
redirect_uri=https%3A//oauth2.example.com/code&
grant_type=authorization_code
You may want to try watching this Understanding Google OAuth 2.0 with curl or this How to set up Oauth2 in PostMan. although im not sure if what you are using is postman or not.

Related

Google safe browsing API not returning threat URLs

I'm sending requests to the Google safe browsing API. I believe I'm following their documentation correctly. I've tried regenerating my key.
I'm sending the request below
POST https://safebrowsing.googleapis.com/v4/threatMatches:find?key=AIxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx HTTP/1.1
User-Agent: Fiddler
Host: safebrowsing.googleapis.com
Content-Length: 511
{
"client": {
"clientId": "yourcompanyname",
"clientVersion": "1.5.2"
},
"threatInfo": {
"threatTypes": ["MALWARE", "SOCIAL_ENGINEERING"],
"platformTypes": ["WINDOWS"],
"threatEntryTypes": ["URL"],
"threatEntries": [
{"url": "http://www.urltocheck1.org/"},
{"url": "http://malware.testing.google.test"},
{"url": "http://www.urltocheck2.org/"},
{"url": "http://www.urltocheck3.com/"}
]
}
}
And getting back an empty response which is not what I'm expecting with the URLs supplied and following their example.
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Date: Wed, 08 Sep 2021 15:05:59 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Content-Length: 3
{}
https://transparencyreport.google.com/safe-browsing/search?url=malware.testing.google.test
https://developers.google.com/safe-browsing/v4/lookup-api
You need to pass API key
You need to pass MALWARE url": "http://www.urltocheck1.org/"
if it is not malware it will show empty. try the following url
https://testsafebrowsing.appspot.com/s/malware.html with your code. please search and test with other maleware site

How to retrieve a list of Github issues using Postman API

I'm using Postman to test pulling a list of issues from my Github
In command line I can do the following
curl -i -H 'Authorization: token <mytoken>' \
https://api.github.com/user/issues
which I think it returning an empty block:
HTTP/1.1 200 OK
Server: GitHub.com
Date: Tue, 04 Oct 2016 22:01:26 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 5
Status: 200 OK
X-RateLimit-Limit: 5000
X-RateLimit-Remaining: 4988
X-RateLimit-Reset: 1475621615
Cache-Control: private, max-age=60, s-maxage=60
Vary: Accept, Authorization, Cookie, X-GitHub-OTP
ETag: "db74aad51113746c20473c4cf2b08bde"
X-OAuth-Scopes: gist, notifications, repo, user
X-Accepted-OAuth-Scopes:
X-GitHub-Media-Type: github.v3
Access-Control-Expose-Headers: ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src 'none'
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
X-Served-By: cee4c0729c8e9147e7abcb45b9d69689
X-GitHub-Request-Id: 520E2ADF:3E4D:3650D52:57F426B6
[
]
So I am testing it in Postman, but whilst I can do a simple token GET request, i'm getting the following in Postman
{
"message": "Not Found",
"documentation_url": "https://developer.github.com/v3"
}
I had missed adding the scope for the Application Token I had setup
https://developer.github.com/v3/oauth/

The request entity body has an incorrect value in the 'Content-Disposition' header. The expected format for this value is 'Content-Disposition:

I have tried multiple HTTP APIs to post a file to OneDrive using the POST method, and I am getting always the same error.
I went to the extreme case of creating my own SSL TCP socket and send the following bytes:
POST /v5.0/folder.a4fb14adbccd1917.A4FB14ADBCCD1917!32089/files HTTP/1.1
Accept-Encoding:
Authorization: Bearer eWciaQ1DBAAUGCCXc8wU/zFu9QnLdZXy%2bYnElFkAAXA4AJqTmiPoOUADOkV98mAdpBZp8SeF0zjYzU4%2bVa0fVR/aWr4X0cHWAzEF7s7HBEABBptxlWcKHEyrgKfbH2YbADpxEjU0gRrOz37WInvPSgFVD8BZ9GtCQwdHh3GUXunbM/Nlqh1TIzELMJYuPEgaEBBWT25f8SoKziZi2kPVlZDPokjJBq2bxrYcAWydDK74ivuiuDGkX4hMpmWZmWtergEybpN2EgObHQa8O3GT2a9ta2hps0ElCv0GkhWG/u1t19/xjokW2dNbbsJ01A9iJkMYXhaMTYg71sGjqzHdXjAJf0hXNg8NiIOTy82MlHqEwCwEyzfXOSGddt0cLkIDZgAACEDf3skftS5%2bWAHGkGlcwFj4DRlrn3/F2DvOZWgyeITjkWfzdx%2b4B8m5olyO5oYKWf77zjVxnUkJ50cIOVCJq/OgnV1kMGB45EExY3%2b3T9JjN0rm91doGnuFGj1m/vuzVN3eP5f3Jr0hMvXbMpzFBImV/c/5SU5esBzA1zas9xt%2bKEi0rriVSqHS4QI4Bps3RN5KpQd4yrNxcTDi%2b9b9AkUVQB%2bxeW5lWGuR5YvaAOHhcePRqNqT2MY7c1zQMoa/C7E63FuOoSdr0KPJbsDKl8aXEt9vT/6A8BK0MnY%2b7MJ1cZaFL%2bhvK0lfI4Z6LJa/3Ayy%2bPt8%2bOc8gNP1Mu/1RCdOT8K1PxwhnvUIE8cnRyI28LUm%2bWUCnurRCNMNBorhZu64JxqOC1EGOja6wNcyI%2bw3TQ1dorDJWN91qENQAxxBMpl1LWdp548kDJcEPwxI4SkXQKnvWcxW1vCZY90SHzruvNmb
Content-Length: 197
Content-Type: multipart/form-data; boundary=8381f8b9-b470-43ce-b23b-f13cf5840014
Host: apis.live.net
Connection: Keep-Alive
Cache-Control: no-cache
--8381f8b9-b470-43ce-b23b-f13cf5840014
Content-Length: 9
Content-Type: application/octet-stream; charset=UTF-8
Content-Disposition: form-data; name="file"; filename="hello.txt"
xxxxxxxxx
--8381f8b9-b470-43ce-b23b-f13cf5840014--
And I always get the following bytes back:
HTTP/1.1 400 Bad Request
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Length: 276
Content-Type: application/json; charset=UTF-8
Server: Live-API/18.105.8117.3007 Microsoft-HTTPAPI/2.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-MSNSERVER: BY3301____PAP073
X-Content-Type-Options: nosniff
X-HTTP-Live-Request-Id: API.f06af310-9b49-4cbf-bf71-8c9d79570ec9
X-AsmVersion: UNKNOWN; 18.105.0.0
Date: Mon, 06 Oct 2014 21:37:15 GMT
{
"error": {
"code": "request_body_invalid",
"message": "The request entity body has an incorrect value in the 'Content-Disposition' header. The expected format for this value is 'Content-Disposition: form-data; name=\"file\"; filename=\"[FileName]\"'."
}
}
All of this happened after I tried to answer this SO question.
Any idea?
UPDATE: I used the onedrive-api tag as recommended in the MSDN forums.
Try putting the Content-Disposition header as the first header after the boundary, followed by the Content-Type:
--8381f8b9-b470-43ce-b23b-f13cf5840014
Content-Disposition: form-data; name="file"; filename="hello.txt"
Content-Type: application/octet-stream; charset=UTF-8
You may need to omit the Content-Length as well to make it work. Pretty fragile really.

How do I authenticate to the GoodData API?

I am trying to authenticate / login with the GoodData API but I am having trouble. On the GoodData API documentation site (docs.gooddata.apiary.io) it says to POST to:
URL:
https://secure.gooddata.com/gdc/account/login
Headers:
Accept: application/json
Content-Type: application/json
JSON Body:
{"postUserLogin":{"login":"user#company.com","password":"YourPassword","remember":1}}
I get the response "Private API, please provide private hash." Any ideas?
The updated GoodData API documentation and API console is located at https://developer.gooddata.com/api
The login URL for this call is actually https://secure.gooddata.com/gdc/account/login
Using the same payload (your credentials instead of sample) you will be able to login and get the SST Token that is returned back in SetCookie header.
Please remember the process to login is:
POST your credentials to the login resource as mentioned here
SST Token is returned back in SetCookie header
GET the token resource with SST Token in your header to receive TT Token
Use the TT Token in your API calls header: -cookie
Also, please remember that TT Token has limited validity. Once you received 401 Unauthorized Response, you need to GET new TT Token in following resource with SST Token specified in call header.
regarding the GoodData Apiary I have example in CURL
1st Step - POST to https://secure.gooddata.com/gdc/account/login:
jirka#x230:~$ curl --include --header "Accept: application/json" --header "Content-Type: application/json" --request POST --data-binary "{\"postUserLogin\":{\"login\":\"jiri.simon#gooddata.com\",\"password\":\"`cat my_pass.txt`\",\"remember\":1}}" "https://secure.gooddata.com/gdc/account/login"
HTTP/1.1 200 OK
X-GDC-REQUEST: 7AEoVKre3lTF8sUV
Server: Apache
Set-Cookie: GDCAuthTT=; path=/gdc; expires=Sat, 07-Sep-2013 22:16:26 GMT; secure; HttpOnly
Set-Cookie: GDCAuthSST=jcftYGCC3u6pkNRK; path=/gdc/account; expires=Wed, 23-Oct-2013 22:16:26 GMT; secure; HttpOnly
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
X-GDC-REQUEST-TIME: 69
Content-Type: application/json;charset=UTF-8
Content-Length: 143
Accept-Ranges: bytes
Date: Mon, 07 Oct 2013 22:16:26 GMT
X-Varnish: 2109577795
Age: 0
Via: 1.1 varnish
Connection: keep-alive
{"userLogin":{"profile":"/gdc/account/profile/254c399a3f5131b7026313d4f8761410","state":"/gdc/account/login/254c399a3f5131b7026313d4f8761410"}}
2nd step is to get GDCAuthTT using SST from the response from 1st step:
jirka#x230:~$ curl --include --header "Cookie: $Version=0; GDCAuthSST=jcftYGCC3u6pkNRK; $Path=/gdc/account" --header "Accept: application/json" --header "Content-Type: application/json" https://secure.gooddata.com/gdc/account/tokenHTTP/1.1 200 OK
X-GDC-REQUEST: GqPnYyk3pKAW5eju
Server: Apache
Set-Cookie: GDCAuthTT=h3CUUg72U2SLhL7Tghj_TVnba6byjgj3L78aJkSFuoji_0DiqXGRYY7C1zWDa-2yIa0Aj3-MuVlWPdNSx7N7CDzM7w21Fl6OaMjuF-98bV6cRx34HW-ql6IGt6ufWo_U5fQa2QqU6b-F0MsGE6orDC6ZMt2anJQdATNYsHfELiB7ImwiOiIwIiwidSI6IjE3Mzk4NyIsImsiOiJiZWQyZWU1ZS05YzYxLTRhNWMtOWJlNi05ZTAxZDQ4NjI5NmEiLCJ1aWQiOiIyNTRjMzk5YTNmNTEzMWI3MDI2MzEzZDRmODc2MTQxMCIsInYiOjEzODExODQ4MTZ9; path=/gdc; secure; HttpOnly
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
X-GDC-TIMESTAMP: 600
X-GDC-REQUEST-TIME: 20
Content-Type: application/json;charset=UTF-8
Content-Length: 2
Accept-Ranges: bytes
Date: Mon, 07 Oct 2013 22:16:56 GMT
X-Varnish: 1661889108
Age: 0
Via: 1.1 varnish
Connection: keep-alive
And then you can use all other calls using your GDCAuthTT, but this GDCAuthTT has validity only 10 minutes and after 10 minutes you'll get 401 and you have to call previous command again for new GDCAuthTT
or you can use python and code should look like following
jirka#x230:~$ python
Python 2.7.3 (default, Jan 2 2013, 13:56:14)
[GCC 4.7.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from urllib2 import Request, urlopen
>>> from json import dumps
>>> values = dumps({"postUserLogin":{"login":"jiri.simon#gooddata.com","password":"secredpassword","remember":1}})
>>> headers = {"Accept": "application/json", "Content-Type": "application/json"}
>>> request = Request("https://secure.gooddata.com/gdc/account/login", data=values, headers=headers)
>>> response_body = urlopen(request)
>>> print response_body.read()
{"userLogin":{"profile":"/gdc/account/profile/254c399a3f5131b7026313d4f8761410","state":"/gdc/account/login/254c399a3f5131b7026313d4f8761410"}}
>>> print response_body.info()
X-GDC-REQUEST: FnETpOmoAPELJoS1
Server: Apache
Set-Cookie: GDCAuthTT=; path=/gdc; expires=Wed, 08-Jan-2014 20:07:00 GMT; secure; HttpOnly
Set-Cookie: GDCAuthSST=QubuMlx3byz6lta1; path=/gdc/account; expires=Sun, 23-Feb-2014 20:07:00 GMT; secure; HttpOnly
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
X-GDC-LOG-HEADER:
X-GDC-REQUEST-TIME: 53
Content-Type: application/json;charset=UTF-8
Content-Length: 143
Accept-Ranges: bytes
Date: Fri, 07 Feb 2014 20:07:00 GMT
X-Varnish: 1076092393
Age: 0
Via: 1.1 varnish
Connection: close
>>> headers = {"Cookie": "$Version=0; GDCAuthSST=QubuMlx3byz6lta1; $Path=/gdc/account", "Accept": "application/json", "Content-Type": "application/json"}
>>> request = Request("https://secure.gooddata.com/gdc/account/token", headers=headers)
>>> response_body = urlopen(request)
>>> print response_body.read()
{}
>>> print response_body.info()
X-GDC-REQUEST: IyuefQK4mMIm4Vqr
Server: Apache
Set-Cookie: GDCAuthTT=VL_Bum5jjd8cEtFUa6XF5tfVmmiFDn7ZyB6a95kEuhzlQw-D67RIL_8u1E9e_z3yDx2bgHrsVNwX6zY1XRzsVpgtvC7HY2JBWiTtq63_Y-XxQwN9cO9RJO6GwM8WnshREwXXgzUk0vr9U4Gg-a4FnEs5NR4ySWOW1bhjnFSJFG17ImwiOiIwIiwidSI6IjE3Mzk4NyIsImsiOiIxYTZiNzc4ZC0yNDkyLTQ2OWEtODliYy1lNWQ1OWU1ODAyNDUiLCJ1aWQiOiIyNTRjMzk5YTNmNTEzMWI3MDI2MzEzZDRmODc2MTQxMCIsInYiOjEzOTE4MDQzMjV9; path=/gdc; secure; HttpOnly
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
X-GDC-TIMESTAMP: 600
X-GDC-LOG-HEADER:
X-GDC-REQUEST-TIME: 30
Content-Type: application/json;charset=UTF-8
Content-Length: 2
Accept-Ranges: bytes
Date: Fri, 07 Feb 2014 20:08:45 GMT
X-Varnish: 1076094531
Age: 0
Via: 1.1 varnish
Connection: close
GoodData authentication is also implemented in the following libraries:
Perl - http://metacpan.org/pod/WWW::GoodData
Java - https://github.com/gooddata/gooddata-http-client

jquery.ajax() POST receives empty response with IE10 on Nginx/PHP-FPM but works on Apache

I use a very simple jquery.ajax() call to fetch some HTML snippet from a server:
// Init add lines button
$('body').on('click', '.add-lines', function(e) {
$.ajax({
type : 'POST',
url : $(this).attr('href')+'?ajax=1&addlines=1',
data : $('#quickorder').serialize(),
success : function(data,x,y) {
$('#directorderform').replaceWith(data);
},
dataType : 'html'
});
e.preventDefault();
});
On the PHP side i basically echo out a HTML string. The jQuery version is 1.8.3.
The problem is in IE10: While it works fine there on Server A which runs on Apache it fails on Server B which runs on Nginx + PHP-FPM: If i debug the success handler on Server B I get a undefined for data. In the Network tab of the IE developer tools I can see the full response and all headers. It may affect other IE versions, but i could only test IE10 so far.
Here are the two response headers:
Server A, Apache (works):
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2013 13:28:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1268
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Server B, Nginx + PHP-FPM (fails):
HTTP/1.1 200 OK
Server: nginx/1.1.19
Date: Thu, 25 Apr 2013 13:41:43 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
The body part looks the same in both cases.
Any idea what could cause this issue?
Please also check the Content-Type Header, since Apache and Nginx are sending different values:
Content-Type: text/html; charset=UTF-8
vs.
Content-Type: text/html; charset=utf8
Update your Nginx config, add this line:
charset UTF-8;