I'am making a script that can create and sign Certificate on Mikrotik using their REST API.
The script already worked in creating the Certificate, the problem is, signing it.
In Mikrotik Command Line, signing a certificate requires Unnamed Parameter, which i dont know how to specify it in the REST API Request.
Here is the detail about the Commands that translates to the REST API Request
Creating A Certificate (Worked)
CMD:
> /certificate add name=client-template-to-issue copy-from="client-template" common-name="$USERNAME#$CN"
REST:
URL: https://vpn.mydomain.com/rest/certificate/add
Body: {
"common-name": "$USERNAME#$CN",
"name":"client-template-to-issue",
"copy-from":"client-template"
}
Response: {
"ret": "*14"
}
Signing A Certificate (Diddnt Work)
CMD:
/certificate sign client-template-to-issue ca="$CN" name="$USERNAME#$CN"
REST:
URL: https://vpn.mydomain.com/rest/certificate/sign
Body: {
"ca": "$CN",
"name":"$USERNAME#$CN"
}
Response: {
"detail": "failure: At least one field specifying certificate name must be set!",
"error": 400,
"message": "Bad Request"
}
So how do i fix this? the command line suggest that there is a Unnamed Parameter to specify for it to work. i already tried with the URL like this
https://vpn.mydomain.com/rest/certificate/sign/*14
and it still doesnt work
The following worked for me:
URL: https://vpn.mydomain.com/rest/certificate/sign
Body: {
"ca": "$CN",
"number":"client-template-to-issue" # the "name" entry from your example of creating a certificate
}
I'm just not sure if this is a bug. Tested on ROS 7.7
Related
I want to create an alert rule using ELK dev tools. When I make it in the UI manually, I created like in the image.
I tried with the below code and got the mentioned issue. My elastic version is v 8.4.3.
# POST .monitoring-alerts-7/_create 400
{
"error": "no handler found for uri [/.monitoring-alerts-7/_create?pretty=true] and
method [POST]"
}
# { 400
{
"statusCode": 400,
"error": "Bad Request",
"message": "[request query.method]: Method must be one of, case insensitive
['HEAD', 'GET', 'POST', 'PUT', 'DELETE']. Received '{'."
}
Do I need to use a separate API?
I am using the Auth0 Management API page to test creating a user.
https://auth0.com/docs/api/management/v2#!/Users/post_users
I am sending the following body to POST:/api/v2/users:
{
"email":"me#test.com",
"password":"123DEDed1!",
"connection":"My-Users"
}
However I get the following response:
{
"statusCode": 400,
"error": "Bad Request",
"message": "Sandbox Error: Client: '{{REDACTED}}: Client id not found'"
}
Obviously the client ID does exist. Any ideas what I am doing wrong?
We found the issue was actually internal to another script we had configured in the Action Login Flow
I used the following API in postman with integration key, client secret from the Admin API application but no luck.
GET: https://api-123abc.duosecurity.com/auth/v2/check
Furthermore,
I used basic auth for authorization
Integration key for username and created the password via
https://www.freeformatter.com/hmac-generator.html#ad-output (used
integration key for string and client secret from the duo UI)
I used the following headers:
Authorization:Basic
Integration-key:Secret-key
Date:Fri, 20 May 2022 02:26:39 +0000
Content-Type:application/x-www-form-urlencoded
Besides this I used the code
btoa('integration key:secret key')
to generate authentication code but it still gives the following error
{
"code": 40301,
"message": "Access forbidden",
"message_detail": "Wrong integration type for this API.",
"stat": "FAIL"
}
Add Postman PreRequest script
update/replace integration and secret keys in below script
follow docs
const cannon = [
new Date().toUTCString(),
pm.request.method,
pm.request.url.host.join('.'),
'/'+pm.request.url.path.join('/'),
];
if (pm.request.body.urlencoded){
cannon.push(pm.request.body.urlencoded);
}
function hmacSign(cannon, integrationKey, secretKey){
const message = cannon.join("\n");
console.log(message);
var hmac = CryptoJS.HmacSHA1(message, secretKey)
return btoa(`${integrationKey}:${hmac}`)
}
const sign = hmacSign(cannon, "DIWJ8X6AEYOR5OMC6TQ1", "Zh5eGmUq9zpfQnyUIu5OL9iWoMMv5ZNmk3zLJ4Ep")
pm.request.headers.add({
key: "authorization",
value: sign
});
I have the following security schemes defined for a method in my swagger file:
...
get:
...
security:
- api_key: []
- firebase: []
securityDefinitions:
api_key:
in: query
name: key
type: apiKey
firebase:
authorizationUrl: ''
flow: implicit
type: oauth2
x-google-audiences: project-id
x-google-issuer: https://securetoken.google.com/project-id
x-google-jwks_uri: https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken#system.gserviceaccount.com
However, it will not work if I try to send a request using an api key, but it will if I use a firebase token (even if I do not provide the api key).
The response:
{
"code": 16,
"message": "JWT validation failed: Missing or invalid credentials",
"details": [
{
"#type": "type.googleapis.com/google.rpc.DebugInfo",
"stackEntries": [],
"detail": "auth"
}
]
}
If I remove firebase from the security definition, then it will work using the api key.
Is it a known issue that an api key security scheme will not work if there is also an oauth2 for the same method?
What happens is that "OR" security requirements are not supported when one of the alternatives is an API key. Therefore, you are experiencing the right behavior.
If you provide both alternatives the API key will be ignored, but if OAuth2 is removed and it only accepts the API key, it works.
According to the same documentation that I attached, you could require both authentication methods using an "AND" condition. Something like this:
...
security:
- api_key: []
firebase: []
....
I'm really new to Google API's, so bear with me. I am trying to fetch posts from my blog. Blog is set as private.
Problem lies here:
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "ipRefererBlocked",
"message": "The calling IP address x does not match the IP restrictions configured on the API key. Please use the API Console to update your key restrictions.",
"extendedHelp": "https://console.developers.google.com/apis/credentials?project=x"
}
],
"code": 403,
"message": "The calling IP address x does not match the IP restrictions configured on the API key. Please use the API Console to update your key restrictions."
}
}
I got an google account where I have Blog, project in Google API Console and API key for it. I tried changing API key restriction to HTTP but same problem occurs, thou error message is slightly different.
Fetching works like this:
var apikey = "x";
var blogId = "x";
$(function(){
$.ajax({
type: "GET",
url:"https://www.googleapis.com/blogger/v3/blogs/"+blogId+"/posts?key="+apikey,
dataType: "json",
success: function(data) {
console.log(data);
}
});
});
I double checked all variables and they are correct. API key is correct one, and so is BlogId.
With this stew console is giving me 403 error. I hope I'm being clear enough. Ill be fixing this post when answer is found :)
API key is used to access public data. Public data is data that is not owned by a user personally. Videos uploaded to YouTube as public for example.
Your blogger data is private user data. You are going to need to use Oauth2 to access it. Once you have authenticated using oauth2 you will need to use access_token={tokenfrom auth} instead of using Key.
I am not sure why the IP address isn't working I haven't actually bothered with that before.