I am trying to linking one of the client account to our manager account using Google Ads API.
I followed this link:
https://developers.google.com/google-ads/api/docs/account-management/linking-manager-accounts
I am able to send the invitation to the client but not able to accept the invitation on the behalf of client.
The reason is not able to get manager_link_id. I see the code and that has the following query.
SELECT customer_client_link.manager_link_id FROM " +
"customer_client_link WHERE customer_client_link.resource_name = " +
$"'{customerClientLinkResourceName}'"
The error I get :
User doesn't have permission to access customer. Note: If you're accessing a client customer, the manager's customer id must be set in the 'login-customer-id' header. See https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid
I am using the manager client Oauth. I am not sure we can take it out using that or not.
Please help me how can I solve this issue.
Also is there a way I can get Oauth token for client from my manager account using Ads API.
I used postman to send call the API and it give me below error:
Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
Related
I have tried to use the API for linkedin company posts.
https://api.linkedin.com/v2/activityFeeds?q=networkShares&count=2&oauth2_access_token={mytoken}
But i am getting this error.
{"serviceErrorCode":100,"message":"Not enough permissions to access: GET-networkShares /activityFeeds","status":403}
I guess i need some extra permission to get response. I have the "client id" and "secret id". So can i get the company posts by any other API ?
If you are attempting to use application authorization via OAuth 2 then you will need to generate an access token along with your client ID & secret. This can then be attempted to the request via Basic authorization.
This article should explain that in more detail
I am developing an iPhone application to demonstrate the MFA using sms factor with MFA APIs for POC. I am using the authorisation flow for getting my access token (where I get a authorisation code and redeem it for an access token)earlier to MFA implementation. From the documentation, I found out that I need an MFA_token to work with MFA APIs. I added few changes with my existing authorisation process.
I am getting an MFA Token by doing the following steps:
Added scope enroll read:authenticators to authorisation endpoint( i.e. “https://<my_domain>/authorize”)
Added an audience:
https://<my_domain>/mfa to the authorisation endpoint
Then I make a post request to token endpoint with authorization code to get the mfa_token.
The only changes I can observe is now the access token(which I presume to be the mfa_token) is in jwt format with expire time 600 sec. By using this access token(=mfa_token)
I built a custom pages for my user for enrollment and challenging the user via sms.
I am able to enroll user, confirm enrollment using this access token.
But when I challenge an user using this access token I get the following error after https://YOUR_DOMAIN/mfa/challenge call.
{
“error”: “invalid_grant”,
“error_description”: “Malformed mfa_token”
}
Can anyone please say me where I am going wrong?
Is the access token same as the MFA_Token in my case?
Thanks in Advance!
I think the access_token only serves as mfa_token during OOB/device registration. Thenafter, the user will get an mfa_token during auth, which is passed for MFA/OTP challenges
https://auth0.com/docs/login/mfa/ropg-mfa/manage-authenticator-factors-mfa-api#resource-owner-password-grant
I am following this guide (https://learn.microsoft.com/en-us/skype-sdk/ucwa/authenticationusingazuread) in order to access Skype for Business. Everything goes fine till the last part but let's do step by step. I am building my .net console application to do this but in order to explain you properly the problem I am having I will show you directly the http calls through Insomnia (software used to make http calls).
Step 1:
GET request towards https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root
I hit 200 and as answer I receive this:
Step 2:
I use the user link.
So I send an http request to https://webdir1e.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user and I get a 401 Unauthorized (everything still correct).
In the header of the answer it points me to the Identity Provider to ask for authorization (authorization_uri)
Step 3: I use that link to authorize my app, which has its own client_Id (that I hide in the following screenshot).
This is how I compose the call:
If I send this http request I get redirected to the page where it asks my personal login and by inserting my credentials I succesfully login and hit 404, where in the answer I receive back my access token.
Step 5: I use the access token towards the same AutodiscoverService link of step 1. This is to register my application. I hit 200 and I receive back the link to access Skype for Business.
Finally (and this is where things go wrong) I send a POST request towards the applications link with the Bearer token, and I receive a 403 Forbidden. I think I am following correctly the guide but I can't figure out why I can access the resource at the last step.
EDIT:
The permissions are granted. I hide the name since it contains the name of my company. But it is the same of the domain of my login.
So the token you generated authorizes you to access resources at https://webdir1e.online.lync.com which you've done to fetch a new set of resources including the "application" resouce which is on a DIFFERENT host: https://webpooldb41e14.infra.lync.com.
You actually have to get another OAuth token now which authorizes you for the application resource and then you can POST to that to generate your session in UCWA.
As a side note... If you've defined your own single-tenant application in Azure that has been granted rights to SkypeForBusinessOnline then I think you should be targeting authorization and authentication endpoints of the form:
https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/authorize
https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token
Also I should add, if you're trying to write a trusted secure client that users in your company will use I would suggest looking up the Resource Owner Password Credentials auth flow. It allows you to directly hit the token endpoint I mentioned above and exchange username/password credentials for an access token. Then you can manage auto-discovery and application creation easily under the hood without getting re-directed back and forth to Azure.
https://learn.microsoft.com/mt-mt/azure/active-directory/develop/v2-oauth-ropc
I want to make a website which users can see their posted pictures on the page.
I have signed up for facebook API and have an app id and app secret.
https://graph.facebook.com/oauth/access_token?client_id={#}&client_secret={#}&grant_type=client_credentials
I send users to the oauth to get the user's access token but I don't know what to do next.
https://graph.facebook.com/v3.0/me?fields=id,name,posts&access_token={#}
I thought this would work but I had the error below
"An active access token must be used to query information about the current user.",
The URL you are using to get the Access Token is actually an App Token API.
To generate the Access Token Please replace
https://graph.facebook.com/oauth/access_token?client_id={#}&client_secret={#}&grant_type=client_credentials
with
https://www.facebook.com/v3.0/dialog/oauth?response_type=token&client_id={#id}&redirect_uri={#}&scope=publish_pages
add a redirection url here where the token is published.
OR
better option is to use the login button mentioned here.
https://developers.facebook.com/docs/facebook-login/web/login-button
Also you can read here about all Access Tokens
https://developers.facebook.com/docs/facebook-login/access-tokens/
Hello I am working on a site that accept PayPal API Credentials for every restaurant owner so that amount could be transferred to their account directly.
The problem that I am facing, some times restaurant owners add wrong API credentials so when any order is placed the error "Security Header is not valid" appears means their API credentials is wrong.
The solution I want is that the API Credentials could be verified when they are added by restaurant owner, so that order could be placed by end user.
Is there any way to Verify/Validate PayPal API Credentials(User Name, Password, Signature), Please help.
Thanks in advance!
PayPal Don't have any External API to validate the API Credentials alone.
instead. You can Use the Express Checkout SETEXPRESSCHEKOUT API to call with very Minimal data and the API credentials, which will validate the API credentials and will generate a Token. If you get a Token it means the API credentials is correct. This will not do any money Movement with this API Call. PP have this API available in both NVP and SOAP format.