We Keep Coding

VISA api: Fail to post requests with this error, "Expected input credential was not present"

I'm new to VISA developer and trying to send requests to https://sandbox.api.visa.com/cofds-web/v1/datainfo to check whether the credit card is valid or not in Python.
Python code:
cert = 'C:\\Users\\user\\visa_cert\\cert.pem'
ca_cert = 'C:\\Users\\user\\visa_cert\\ca_cert.cer'
key = 'C:\\Users\\user\\visa_cert\\my_key.pem'
user_id = 'your user id of your project'
password = 'your password of your project'
timeout = 10
cred_info = 'credit_info.json'
payload = json.loads('''{
"requestHeader": {
"requestMessageId": "6da6b8b024532a2e0eacb1af58581",
"messageDateTime": "2019-02-35 05:25:12.327"
},
"requestData": {
"pANs": [
4072208010000000
],
"group": "STANDARD"
}
}
''')
try:
response = requests.post(url,
verify = (ca_cert),
cert=(cert, key),
# headers = headers,
auth=(user_id, password),
json = payload,
timeout=timeout
)
except Exception as e:
print(e)
Execution itself succeeded, but the response says the "Ecpectd input credential was not present"
Response header and contetns are as below.
# response header:
{'Server': 'nginx', 'Date': 'Fri, 03 Jun 2022 13:52:17 GMT', 'Content-Type': 'application/json;charset=UTF-8', 'Content-Length': '130', 'Connection': 'keep-alive', 'X-SERVED-BY': 'c6795c5t4', 'X-CORRELATION-ID': '1654264337_872_241384137_c6795c5t4_VDP_WS', 'X-ERROR-ORIGIN': '9200', 'X-APP-STATUS': '400', 'X-Frame-Options':
'SAMEORIGIN', 'X-XSS-Protection': '0', 'X-Content-Type-Options': 'nosniff', 'Strict-Transport-Security': 'max-age=31536000;includeSubdomains', 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '-1'}
# response content:
b'{"responseStatus":{"status":400,"code":"9125","severity":"ERROR","message":"Expected input credential was not present","info":""}}'
I followed the instruction here(https://developer.visa.com/pages/working-with-visa-apis/two-way-ssl#configuring_a_twoway_ssl_keystor...) to generate the CA certificate, double-checked my user_id and password are correct and two-way SSL certificate is active.
I googled this error, but I'm still not sure how to fix this problem.
Thank you.
passiveradio

So this API requires Message Level Encryption so I have been struggling to figure out how to implement the MLE with the API, if you try to use the Visa Developer Center with MLE enabled you will get the error you're getting but if you run it with MLE enabled it works.
So if you figure out how to implement MLE in the code I would be grateful because the documentation is very vague.
https://developer.visa.com/pages/encryption_guide

Cannot POST request using service account key file in Python, getting 'Invalid IAP credentials: Unable to parse JWT', '401 Status Code'

I am trying to send a POST request to a Google App Engine service with a JSON body accompanied by an authorization token. I am generating the access token from a local service account key JSON file. The code below is generating a credential but finally the authorization is being rejected. I also tried different ways already. Even tried writing the request in Postman with a Bearer token in the Header, or even as a plain cURL command. But whatever I try, getting a 401 authentication error. I need to make sure whether the problem is in my side or on the other side with the service. Explored every documentation avaliable but no luck.
from google.auth.transport import requests
from google.oauth2 import service_account
from google.auth.transport.requests import AuthorizedSession
CREDENTIAL_SCOPES = ["https://www.googleapis.com/auth/cloud-platform"]
CREDENTIALS_KEY_PATH = 'my-local-service-account-key-file.json'
#the example service url I am trying to hit with requests
url = 'https://test.appspot.com/submit'
headers = {"Content-Type": "application/json"}
#example data I am sending with the request body
payload = {
"key1": "value 1",
"key2": "value 2"
}
credentials = service_account.Credentials.from_service_account_file(
CREDENTIALS_KEY_PATH,
scopes=CREDENTIAL_SCOPES
)
credentials.refresh(requests.Request())
authed_session = AuthorizedSession(credentials)
response = authed_session.request('POST',
url,
headers=headers,
data=payload
)
#adding some debug lines for your help
print(response.text)
print(response.status_code)
print(response.headers)
Getting the Output:
Invalid IAP credentials: Unable to parse JWT
401
{'X-Goog-IAP-Generated-Response': 'true', 'Date': 'Mon, 03 May 2021 06:52:11 GMT', 'Content-Type': 'text/html', 'Server': 'Google Frontend', 'Content-Length': '44', 'Alt-Svc': 'h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"'}

IAP expects a JWT(OpenID Connect (OIDC)) token in the Authorization header while your method will attach an access token the the Authorization header instead. Take a look at the below code snippet to make a request to an IAP secured resource.
Your code needs to be something like the following:
from google.auth.transport.requests import Request
from google.oauth2 import id_token
import requests
def make_iap_request(url, client_id, method='GET', **kwargs):
"""Makes a request to an application protected by Identity-Aware Proxy.
Args:
url: The Identity-Aware Proxy-protected URL to fetch.
client_id: The client ID used by Identity-Aware Proxy.
method: The request method to use
('GET', 'OPTIONS', 'HEAD', 'POST', 'PUT', 'PATCH', 'DELETE')
**kwargs: Any of the parameters defined for the request function:
https://github.com/requests/requests/blob/master/requests/api.py
If no timeout is provided, it is set to 90 by default.
Returns:
The page body, or raises an exception if the page couldn't be retrieved.
"""
# Set the default timeout, if missing
if 'timeout' not in kwargs:
kwargs['timeout'] = 90
# Obtain an OpenID Connect (OIDC) token from metadata server or using service
# account.
open_id_connect_token = id_token.fetch_id_token(Request(), client_id)
# Fetch the Identity-Aware Proxy-protected URL, including an
# Authorization header containing "Bearer " followed by a
# Google-issued OpenID Connect token for the service account.
resp = requests.request(
method, url,
headers={'Authorization': 'Bearer {}'.format(
open_id_connect_token)}, **kwargs)
if resp.status_code == 403:
raise Exception('Service account does not have permission to '
'access the IAP-protected application.')
elif resp.status_code != 200:
raise Exception(
'Bad response from application: {!r} / {!r} / {!r}'.format(
resp.status_code, resp.headers, resp.text))
else:
return resp.text
Note: The above method works with implicit credentials that can be set by running command: export GOOGLE_APPLICATION_CREDENTIALS=my-local-service-account-key-file.json to set the path to your service account in the environment and then run the python code from the same terminal.
Take a look at this link for more info.

Deep Security API - Intrusion Prevention Rules - Error

I have a Python API query to gather all the Intrusion Prevention Rules and the ID of the computers associated with each but I get an error after around 14000 records which is :
An exception occurred when calling ComputerIntrusionPreventionRuleDetailsApi.lis
t_intrusion_prevention_rules_on_computer: (500)
Reason:
HTTP response headers: HTTPHeaderDict({'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-P
rotection': '1;mode=block', 'Cache-Control': 'no-cache,no-store', 'Pragma': 'no-
cache', 'X-DSM-Version': 'Deep Security/12.0.296', 'Content-Type': 'application/
json', 'Content-Length': '35', 'Date': 'Fri, 16 Oct 2020 14:04:02 GMT', 'Connect
ion': 'close'})
HTTP response body: {"message":"Internal server error"}
My Script is the following :
# -*- coding: utf-8 -*-
from __future__ import print_function
import sys, warnings
import pymssql
import datetime
import deepsecurity
import json
import requests
import urllib3
from deepsecurity.rest import ApiException
from urllib3.exceptions import InsecureRequestWarning
from pprint import pprint
urllib3.disable_warnings(InsecureRequestWarning)
if not sys.warnoptions:
warnings.simplefilter("ignore")
configuration = deepsecurity.Configuration()
configuration.host = "Server/api/"
# Authentication
configuration.api_key['api-secret-key'] = 'Key'
# Initialization
# Set Any Required Values
conn = pymssql.connect("localhost","" ,"", "DeepSecurity")
cursor = conn.cursor()
cursor2 = conn.cursor()
api_instance = deepsecurity.ComputerIntrusionPreventionRuleDetailsApi(deepsecurity.ApiClient(configuration))
api_instance2 = deepsecurity.ComputersApi(deepsecurity.ApiClient(configuration))
api_version = 'v1'
overrides = False
try:
recorddt = datetime.datetime.now()
api_response2 = api_instance2.list_computers(api_version, overrides=overrides)
for y in api_response2.computers:
api_response = api_instance.list_intrusion_prevention_rules_on_computer(y.id,api_version,overrides=overrides)
for x in api_response.intrusion_prevention_rules:
strCVE=(x.cve)
clean_cve=str(strCVE).replace("['", "").replace("']", "").replace("'", "")
cursor.executemany("INSERT INTO ip_rules VALUES (%d, %s, %s ,%s,%s) ", [(x.id,x.name,clean_cve,recorddt,y.id)])
conn.commit()
except ApiException as e:
print("An exception occurred when calling ComputerIntrusionPreventionRuleDetailsApi.list_intrusion_prevention_rules_on_computer: %s\n" % e)

I guess it happened while looping (list_intrusion_prevention_rules_on_computer) with different computer id (as y.id).
Deep Security Manager seems to be able to identify the exception and return 500 Internal server error (and with header information). So, you might want to check if any exceptions in server0.log where you might get some cues.
You also want to identify which computer(s) failed to get prevention rules assigned and retry again.

Cannot connect to host www.reddit.com:443 ssl:True

I wanted to use aiohttp.request in order to get Reddit post, but when I ran the code it gives me this error, any possible solution?
Code:
#command(name='meme')
#guild_only()
async def meme_cmd(self, ctx):
async with request("GET", "https://www.reddit.com/r/meme/", headers={}) as response:
data = await response.json()
print(data)
Error:
Command raised an exception: ClientConnectorCertificateError: Cannot connect to host www.reddit.com:443 ssl:True [SSLCertVerificationError: (1, "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname m
ismatch, certificate is not valid for 'www.reddit.com'. (_ssl.c:1123)")]

IBM IAM API KEY AUTHENTICATION ERROR

I am executing the code below.. I have supplied the correct API but keep getting an authentication error (provided below)
Here's the code snippet
// Example 1: sets up service wrapper, sends initial message, and
// receives response.
const AssistantV2 = require('ibm-watson/assistant/v2');
// Set up Assistant service wrapper.
const service = new AssistantV2({
iam_apikey: 'xxx', // replace with API key
version: '2019-02-28',
});
const assistantId = 'xxx'; // replace with assistant ID
let sessionId;
Here's the error message
C:\Users\User\Desktop\Insurancebot\test>node sample.js
{ Unauthorized: Access is denied due to invalid credentials.
at RequestWrapper.formatError (C:\Users\User\node_modules\ibm-cloud-sdk-core\lib\requestwrapper.js:219:21)
at C:\Users\User\node_modules\ibm-cloud-sdk-core\lib\requestwrapper.js:207:29
at process._tickCallback (internal/process/next_tick.js:68:7)
name: 'Unauthorized',
code: 401,
message: 'Access is denied due to invalid credentials.',
body: '{"code":401,"error":"Unauthorized"}',
headers:
{ 'x-backside-transport': 'FAIL FAIL',
'content-type': 'application/json',
'x-dp-transit-id': 'gateway02-3627341245',
'x-global-transaction-id': 'ffea405d5d0083b9d834d5bd',
'strict-transport-security': 'max-age=31536000;',
'x-dp-watson-tran-id': 'gateway02-3627341245',
'content-length': '37',
'x-edgeconnect-midmile-rtt': '110',
'x-edgeconnect-origin-mex-latency': '132',
date: 'Wed, 12 Jun 2019 04:46:49 GMT',
connection: 'close' } }

Outside of the wrong IAM key, the most common cause is the wrong service endpoint being used.
It defaults to US, so if you have set up your assistant in U.K. for example, you would set: url: ‘https://gateway-lon.watsonplatform.net/assistant/api’
The full list is here:
https://cloud.ibm.com/apidocs/assistant#service-endpoint