Linked API for get Company Post - api

I have tried to use the API for linkedin company posts.
https://api.linkedin.com/v2/activityFeeds?q=networkShares&count=2&oauth2_access_token={mytoken}
But i am getting this error.
{"serviceErrorCode":100,"message":"Not enough permissions to access: GET-networkShares /activityFeeds","status":403}
I guess i need some extra permission to get response. I have the "client id" and "secret id". So can i get the company posts by any other API ?

If you are attempting to use application authorization via OAuth 2 then you will need to generate an access token along with your client ID & secret. This can then be attempted to the request via Basic authorization.
This article should explain that in more detail

Related

Google Ad API: Linking to manager account, automatic accept of client invitation

I am trying to linking one of the client account to our manager account using Google Ads API.
I followed this link:
https://developers.google.com/google-ads/api/docs/account-management/linking-manager-accounts
I am able to send the invitation to the client but not able to accept the invitation on the behalf of client.
The reason is not able to get manager_link_id. I see the code and that has the following query.
SELECT customer_client_link.manager_link_id FROM " +
"customer_client_link WHERE customer_client_link.resource_name = " +
$"'{customerClientLinkResourceName}'"
The error I get :
User doesn't have permission to access customer. Note: If you're accessing a client customer, the manager's customer id must be set in the 'login-customer-id' header. See https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid
I am using the manager client Oauth. I am not sure we can take it out using that or not.
Please help me how can I solve this issue.
Also is there a way I can get Oauth token for client from my manager account using Ads API.
I used postman to send call the API and it give me below error:
Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.

Which Google OAuth2.0 token do I use to uniquely identify a user and log them in

I'm trying to set up Google OAuth2.0 from this guide and I have everything set up and running. I can get the authorization code, the access_token, and the refresh_token to show up in my console.log's. My question is which one of these tokens can I use to properly identify and log in a user to my backend?
In a normal scenario, a user would enter a username & password and that would uniquely identify them. However in the Google OAuth2.0 case, it seems the authorization code, the access_token, and the refresh_token all cannot be used to properly identify and log someone in. Is this understanding correct?
I read a similar post but it doesn't seem to provide a very recent answer that also securely identifies the logged in user.
If I cannot use any of the above mentioned tokens to securely identify and log in a user, is it even possible? How come I see other websites and apps use "sign in with Google" and "sign in with Facebook"?
Another solution I read in a different StackOverflow post said to just get the account ID and use that as an identifier. Isn't that insecure? Can't someone guess the account ID? Also this would be assuming these account IDs are private.
My question is which one of these tokens can I use to properly identify and log in a user to my backend?
the id token from open id connect.
explanation
You are confusing authorization and authentication.
Oauth2 a user to grant and authorize your application access to their data the access token gives you access to their data for a limited time (1 hour). If the user is off line you can use the refresh token to request a new access token. None of theses will tell you that a user is behind the calls.
open id connect allows you to authenticate a user logging in will return an id token
Id token verification
After you receive the ID token by HTTPS POST, you must verify the integrity of the token. Verify the integrity of the ID token

Google Photos API - authentication

I'm trying to get list of my shared albums from Google Photos.
I found a enable Photos API in Google Developers Console.
HTTP GET:
https://content-photoslibrary.googleapis.com/v1/sharedAlbums?key=AIzaSyCkXXXXXXXXXXXXXZiOSe9IiyM8E
RESULT:
{ "error": { "code": 401, "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", "status": "UNAUTHENTICATED" } } 1
Configuration in developers console:
Please, what I'm doing wrong? Thank you.
Google API need an access token to make sure that the user has the permission to access the feature. Access token is just like cookie that should be send together with the request.
Usually you will need so many setup to get the access token with your own code. But there are a client library that can help you access Google API with small setup.
Access token also has a lifetime, so if you don't use the library you will need to manually refresh the token.
You need to configure OAUth 2.0 credentials (client ID and secret) and not an API key. More details are in the developer documentation here: https://developers.google.com/photos/library/guides/get-started#request-id
The Google Photos library API acts on behalf of a user, that's why you need to authenticate via OAuth 2.0. As part of this request you also need to specify a scope for your users to accept, see this page for more details: https://developers.google.com/photos/library/guides/authentication-authorization
I've been working on a python project to backup google photos library and album info. you can probably modify it to do exactly what you want. It is fully working but does not currently distinguish between shared and private albums.
https://github.com/gilesknap/gphotos-sync
In particular, see https://github.com/gilesknap/gphotos-sync/blob/master/gphotos/authorize.py which handles authentication and authorization for any Google service (it also handles storing the token and refreshing the token).

Access to storage.cloud.google.com with a service account

Posted this on github and was told to come here ask for help
Hello!
I am trying to implement custom authentication for my resources on Google Cloud Storage using this module with a service account. I am trying to abstract away the need for a Google account for my end users.
What the ideal workflow would look like:
User queries https://cdn.example.com/[[BUCKET]]/[[FILENAME]] using Bearer token
The API on that end intercepts the bucket and file name and checks the validity of the token
The API then would request the resource at https://storage.cloud.google.com/[[BUCKET]]/[[FILENAME]]
Step 3 Returns the Location header that I will pass over to the user
After snooping around a bit I found out that the Location header returned in step 3 in the form of https://[[DATA]].googleusercontent.com/download/storage/v1/b/[[BUCKET]]/o/[[FILENAME]]?qk=[[KEY]] is a public link that can be accessed by anonymous users too. Which is exactly what I want. However while using the storage API I can only see selfLink and mediaLink, not the link above.
I tried using google-auto-auth to sign the request with my service account towards the storage.cloud.google.com endpoint but I get an Unauthorized error.
From looking here I understand that to access the storage.cloud.google.com is based on cookie authentication, which google-auto-auth doesn't seem to do. All it does is add a Bearer token to the header of the request.
This looks like you need signedUrls
Yea, that would be great, if it didn't expose the email of the service account.
Cheers!
TL;DR How to get the redirect URL from storage.cloud.google.com links using a service account?

Validating user's API credentials - PayPal DoDirectPayment

Hello I am working on a site that accept PayPal API Credentials for every restaurant owner so that amount could be transferred to their account directly.
The problem that I am facing, some times restaurant owners add wrong API credentials so when any order is placed the error "Security Header is not valid" appears means their API credentials is wrong.
The solution I want is that the API Credentials could be verified when they are added by restaurant owner, so that order could be placed by end user.
Is there any way to Verify/Validate PayPal API Credentials(User Name, Password, Signature), Please help.
Thanks in advance!
PayPal Don't have any External API to validate the API Credentials alone.
instead. You can Use the Express Checkout SETEXPRESSCHEKOUT API to call with very Minimal data and the API credentials, which will validate the API credentials and will generate a Token. If you get a Token it means the API credentials is correct. This will not do any money Movement with this API Call. PP have this API available in both NVP and SOAP format.