I'm using whatsapp cloud api to build a chatbot, I configured webhook, and when the user sends an audio message I get the payload
{
from: 'xxxxxxxxxx',
id: 'wamid.HBgMOTcyNTI2MzY2NjU1FQIAEhgUM0E3QjE0M0MyMTY5QjM0OTNFNzMA',
timestamp: '1658939005',
type: 'audio',
data: {
mime_type: 'audio/ogg; codecs=opus',
sha256: 'Lqg2WcBG7RY4NhzouRYGChsiem7BwyvaRKXrjsD/q/o=',
id: '715960496164079',
voice: true
}
}
I'm trying to understand how can I get the URL of the record, and what to do with this data?
I want to build a bot to convert the record to text using API but I'm not sure how this payload helps me.
If you want to access that media then you have to use get media URL cloud API,
Get the media URL using Retrieve Media URL API
pass media id from data.id to MEDIA_ID
pass your access token to ACCESS_TOKEN
curl -X GET \
'https://graph.facebook.com/v13.0/MEDIA_ID' \
-H 'Authorization: Bearer ACCESS_TOKEN'
You can't access media directly by its URL, you have to pass an access token to access the media, see the Download Media API
pass URL returned from above step to URL
pass your access token to ACCESS_TOKEN
curl -X GET 'URL' \
-H 'Authorization: Bearer ACCESS_TOKEN' > media_file
Related
I have a Firebase function that is triggered onRequest(), using the firebase-admin SDK and using Express as middleware. This function is not expected to be tied to a Firebase client/frontend (meaning, it is expected that this function can be called via curl -X POST ... etc.).
I want to secure this function such that only users with access to the Firebase project can make requests. I've found Firebase ID Tokens, and see how to create them on the client side.
My issue is that I don't have a client to create them from.
Is there a way to create an ID Token for an authorized user using the CLI, or another similar method?
E.g., something like
firebase login
firebase use <project-id>
firebase generate-id-token // would return an ID token with standard expiration rules.
There isn't a command in Firebase CLI to login as a user and print ID token. You can call Firebase Auth REST API using cURL and get the token.
curl --request POST \
--url 'https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=[FIREBASE_API_KEY]' \
--header 'Content-Type: application/json' \
--data '{
"email": "user#domain.tld",
"password": "12345678",
"returnSecureToken": true
}'
I want to secure this function such that only users with access to the Firebase project can make requests.
Anyone can use the REST API but they must know the account's password to login.
Due to the new updates of the Soundcloud API, I'm trying to update the authentication flow in my code ( the project was using login and password ).
But I'm blocked by a problem, and I'm losing my head.
I follow instructions on this page : https://developers.soundcloud.com/blog/security-updates-api
I manage to get a refresh token and an access token with this :
curl --request POST \
--url https://api.soundcloud.com/oauth2/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data client_id=CLIENT_ID \
--data client_secret=CLIENT_SECRET \
--data grant_type=client_credentials
But I'm not able to execute this request, which is an example in the mentionned page, with the access token I got with the previous request :
curl --request GET \
--url 'https://api.soundcloud.com/me/tracks?limit=1' \
--header 'Authorization: OAuth ACCESS_TOKEN'
The request response is always :{"code":401,"message":"","link":"https://developers.soundcloud.com/docs/api/explorer/open-api","status":"401 - Unauthorized","errors":[],"error":null}
I tried with a refresh of my access token, and with the url "https://api.soundcloud.com/me" instead of "https://api.soundcloud.com/me/tracks?limit=1".
And always returning the same error.
Can someone help me ?
Thanks by advance, and thanks for reading.
OK, I think I got it, thanks to this question on github :
https://github.com/soundcloud/api/issues/76
"The client_credentials auth flow is meant only for server-side integration and allows access to public endpoints only. Meaning that for endpoint /me or any other user-related endpoint you have to use the Authorization Code flow which provides the client-side integration."
And here : https://developers.soundcloud.com/docs/api/guide#authentication :
"if your app needs to access only public resources, you can use the OAuth Client Credentials Flow"
I'm done with the error messages too blurry... and with me reading too fast !
I will add the correct authentication method in comments later.
UPDATE : "manual" authentication flow
As the project is behind a VPN, I can't use normal authentication flow ( redirect_uri can't be called by soundcloud !)
So :
Get a "code"
First, authenticate on SoundCloud with the account you want to access ( or ask your customer to do it )
In your browser, type this url :
https://api.soundcloud.com/connect?client_id=YOUR_CLIENT_ID&response_type=code&scope=&state=[random_string]&redirect_uri=YOUR_REDIRECT_URI
Accept the demand and this will redirect you to an URL with the code inside : code=YOUR_CODE. Keep it. If this is done by your customer, simply ask him to copy-paste the url.
That's not really secure, but you can't avoid it if your redirect uri is not accessible from Soundcloud.
Obtain a refresh token and an access token :
With curl, to keep your Client Secret, or App Secret, secret ( indeed :D ). And also the access token.
curl -X POST "https://api.soundcloud.com/oauth2/token"
-H "accept: application/json; charset=utf-8"
-H "Content-Type: application/x-www-form-urlencoded"
-d "grant_type=authorization_code&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&redirect_uri=YOUR_REDIRECT_URI&code=YOUR_CODE"
This last request will answer in json format. Inside, you'll find an access token, and a refresh token.
Register the refresh token in your projet to reuse it to refresh your access token when needed !
Iam trying to get the Channel Subs of a Channel with the following call:
https://api.twitch.tv/kraken/channels/<CHANNELID>/subscriptions?client_id=XXX&oauth_token=XXX
But i get always this response:
{
"error": "Forbidden",
"status": 403,
"message": "Unable to access channel subscribers of <CHANNEL>"
}
Can you please tell me, what I need to pass, that i get the permissions?
Thanks, Greetings
If you are using new Twitch API you should send token in your authorization header starting with Bearer keyword. If you are using API v5 then you should add Oauth keyword. In your example you are trying to send it in query parameters.
Select the one which is correct for you.
In the new Twitch API:
curl -H "Authorization: Bearer <access token>" https://api.twitch.tv/helix/
In Twitch API v5:
curl -H "Authorization: OAuth <access token>" https://api.twitch.tv/kraken/
You can also find more information in the official documentation: https://dev.twitch.tv/docs/authentication/
I am trying to get object storage container details using provided API in post man But I am getting Unauthorized error,
API information available at
http://developer.openstack.org/api-ref/object-storage/index.html?expanded=get-object-content-and-metadata-detail,show-account-details-and-list-containers-detail#accounts
Following details I am set in PostMan,
Method Get
Url: https://{domain}.objectstorage.softlayer.net/auth/v1.0/{userid}?format=json
Header:
Key: X-Auth-Token
Value: {token}
Error got in response of PostMan,
<html>
<h1>Unauthorized</h1>
<p>This server could not verify that you are authorized to access the document you requested.</p>
</html>
To retrieve containers from Object Storage using Postman, follow these steps:
1. We need to generate the token to access Object Storage
You need to get credentials from your object storage, so you can go to:
Control Portal >> Object Storage >>
Select Account Name (e.g. SLOS123123-10) >> Select Cluster (e.g. Milan
1) >> click on "View Credentials"
You will be able to see
"Authentication Endpoint (public and private)"
"username"
"API Key (Password)"
Then, you can go to postman and fill as the below example:
As you see, I had success with the request. So I need the "Headers" information from the response, as the follow example:
2. Retrieve containers
After getting "X-Storage-Url" and "X-Storage-Token", you can retrieve the containers as the example below:
I hope it helps you to access Object Storage using Postman, please let me know any doubt or comment.
Are you using your SoftLayer username or the Object Storage username? To get your Object Storage credentials go to https://control.softlayer.com/storage/objectstorage > Click on your Object Storage Username and on the following page click View Credentials.
Get the Token
curl -i -H "X-Auth-Key: [insert API Key here]" -H "X-Auth-User: [insert Object Storage Username here]" [insert Authentication Endpoint here]
Once you have the Token you can perform basic operations
List Containers
curl -i -H 'X-Auth-Token: [X-Auth-Token from Authentication step]' [X-Storage-Url from Authentication step]
View Objects in a Container
curl -i -H "X-Auth-Token: [X-Auth-Token from Authentication step]" [X-Storage-Url from Authentication step]/[container name]
To start, the error that you're receiving is because the userid parameter in your request is not correct. The X-Storage-Url should be placed in that position.
To retrieve the containers you first need a X-Auth-Token and a X-Storage-Url. For this you could run the next curl command:
curl -i -H "X-Auth-User: ACC-278436-15:USERNAME " -H "X-Auth-Key: API_KEY " https://dal05.objectstorage.softlayer.net/auth/v1.0
ACC-278436-15: The object storage username retrieved from SoftLayer_Account::getHubNetworkStorage method
USERNAME: The username used in Control portal which is the same used in the REST request that calls the SoftLayer_Account::getHubNetworkStorage method
API_KEY: The apikey used in the REST request that calls the SoftLayer_Account::getHubNetworkStorage method
The result will be similar to this:
• X-Auth-Token: AUTH_tkb26239d441d6401d9482b004d45f7259 – the token we need
• X-Storage-Url: https://dal05.objectstorage.softlayer.net/v1/AUTH_df0de35c-d00a-40aa-b697-2b7f1b9331a6 - the URL to access the storage
Now place these values in this way:
Here's a good link on how to manage SoftLayer Object Storage through rest API
https://sldn.softlayer.com/blog/waelriac/managing-softlayer-object-storage-through-rest-apis
I want to make app based on youtube channel. I have google access token but I don't know how to call youtube api with my access token or how to pass parameters.
This is my code:
NSString *newURL = [NSString stringWithFormat:#"googleapis.com/youtube/v3/…;, idToken];
As discussed in Calling the YouTube Data API, after obtaining an access token for a user, your application can use that token to submit authorized API requests on that user's behalf. The following are the two supported ways to specify an access token.
This first option provides greater security and is the recommended approach. Specify the access token as the value of the Authorization: Bearer HTTP request header:
`POST /feeds/api/users/default/uploads HTTP/1.1
Host: gdata.youtube.com
Authorization: Bearer ACCESS_TOKEN
...`
You can test this using cURL with the following command:
curl -H "Authorization: Bearer ACCESS_TOKEN" gdata.youtube.com/feeds/api/users/default/uploads
Specify the access token as the value of the access_token query parameter:
https://gdata.youtube.com/feeds/api/users/default/uploads?access_token=ACCESS_TOKEN
You can test this using cURL with the following command:
curl gdata.youtube.com/feeds/api/users/default/uploads?access_token=YOUR_ACCESS_TOKEN