Using the Postman collection for Amadeus for Developers I can successfully get access token and execute any api endpoint in the test environment (test.api.amadeus.com)
But after signing up successfully for Production Environment (without Flight Create Offer), I am able to get access token from Production (api.amadeus.com) BUT all api endpoint execution results in 401 error (Code: 701 - Wrong authentication credentials)
Below is the error in postman
{
"errors": [
{
"status": 401,
"code": 701,
"title": "Wrong authentication credentials.",
"source": {
"pointer": "uri"
}
}
]
}
i have made sure the bearer token is valid and my api calls are pointed to api.amadeus.com using the Prodction Key and Secret.
I have been in contact with Amadeus email helpline (self-service.apis#amadeus.com) for the last 3 weeks, and after each week they instructed me to reset my account password and wait 2 hours before making the call, which i did three times now and ended up with the same error.
I hope someone higher in the tech department will notice my question and will be able to shed some light as to why your system is not letting me call production environment.
will be eagerly waiting for some advise.....
Happened to me as well, try to generate an access token few more times and use it, for me is suddenly worked
Related
I'm setting up API calls to test retrieving and creating Invoices to and from Xero. I've set up the oAuth2 and I can retrieve from the Demo Co with no errors.
However, when trying a POST with the same credentials and authentication, I get:
{
"Type": null,
"Title": "Forbidden",
"Status": 403,
"Detail": "AuthenticationUnsuccessful",
"Instance": "f60c6b6e-7f3d-4941-9a8e-654495d3e07b",
"Extensions": {}
}
What have I done wrong? Thank you 😀
I'd recommend ensuring the access_token you are passing to that API call has the required scopes: https://developer.xero.com/documentation/oauth2/scopes - to POST an invoice you will need the scope accounting.transactions - to quickly check the actual scopes on a token you can decode your JWT (aka access_token) using some decryption libraries, or use the site https://jwt.io/ at your discretion.
Thank you for your responses.
I hadn't realised that the {{xero-tenant Id}} had not been added to the Headers in POST Invoices in Postman.
Manually adding that in fixed the bug 😉
Hello Microsoft/Azure/Skype experts,
I'm tasked with accessing presence data from Skype For Business Online accounts from my macOS app (native).
I'm unfortunately stuck and i always get a 403 error when i access the autodiscover request and never get the link to the applications resource
I have been following this documentation
https://learn.microsoft.com/en-us/skype-sdk/ucwa/authenticationusingazuread
STEP 1
We have registered the app in the Azure Management Portal using our Office 365 account credentials.
We have used custome redirect URL (http://localhost)
Allow Implicit Flow is set to true in manifest
We pre-configure the permissions needed for Skype for business
online
STEP 2
Issuing a GET as specified in the documentation to initiate sign in and authorization check.
GET https://login.microsoftonline.com/common/oauth2/authorize?response_type=token&client_id=c#####-4d41-485e-871f-0a22aa79e52b&redirect_uri=http://localhost
This returns a 200 OK.
STEP 3
We got the Auto discover URL as described in the documentation.
This is what i get - i use the domain marked in RED.
STEP 4
As per the documentation, they ask me to do this
Requesting an access token using implicit grant flow
So i issue a GET as described
https://login.microsoftonline.com/oauth2/authorize?
response_type=id_token &client_id=######-4d41-485e-871f-0a22aa79e52b
&redirect_uri=http://localhost
&state=8f0f4eff-360f-4c50-acf0-99cf8174a58b
&resource=https://webdirin1.online.lync.com
Now this shows the sign in page, i sign in and then it throws an error
AADSTS90014%3a+The+required+field+%27nonce%27+is+missing.
I researched and could not fix this error.
So after lots of research and looking at this Microsoft documentation LINK (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#requesting-individual-user-consent) , apparently there is another way of getting the bearer token.
STEP 4 - SECOND TRY
I then Request individual user consent by sending the SCOPE parameter for Skype for Business.
I then issue a GET request to
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=#######-4d41-485e-871f-0a22aa79e52b&response_type=code&redirect_uri=http://localhost&response_mode=query&scope=https://api.skypeforbusiness.com/User.ReadWrite&state=12345
This returns an access code which i use in next step to get the TOKEN
STEP 5 - Get the bearer TOKEN
Issue a POST to following URL
https://login.microsoftonline.com/common/oauth2/v2.0/token With the
following data in POST body
"grant_type": "authorization_code", "client_id":
"######-4d41-485e-871f-0a22aa79e52b", "scope":
"https://api.skypeforbusiness.com/User.ReadWrite", "code":
"OAQABAAIAAACEfexX.........", "redirect_uri": "https://localhost"
This returns the bearer token in the following response JSON
{
"access_token" = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1........w4b-- gnWG_iOGtQ";
"expires_in" = 3599;
"ext_expires_in" = 3599;
scope = "https://api.skypeforbusiness.com/User.ReadWrite";
"token_type" = Bearer;
}
STEP 6
Yay! Got the bearer token at laaast!
Now back to the main documentation
https://learn.microsoft.com/en-us/skype-sdk/ucwa/authenticationusingazuread
And where we do this - 'Resending an autodiscovery request with the bearer token'
We execute a GET request to
https://webdirin1.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user
Now this, as per the documentation should return this JSON
{
"_links":{
"self":
{"href":"https://webdirX.online.lync.com/Autodiscover/AutodiscoverService.svc/root/user"},
"applications":
{"href":"https://webpoolXY.infra.lync.com/ucwa/oauth/v1/applications"}
}
}
BUT i GET A 403: PERMISSIONS denied error
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page
using the credentials that you supplied.</h3>
</fieldset></div>
So thus i have never got the applications url and I have checked the manifest, registration and i have no idea, why i get this error.
Any inputs would be appreciated.
For step 4, you need to specify nonce=somestring in the URL. Typically this should be a securely random value that is only used once. It can contain any value.
Also, you are only requesting an id token. Set response_type=id_token+token.
I deployed my microservice over master tenant and subscript it onlty to subtenant.
If I call:
GET https://subtenant.cumulocity.com/service/mymicroservice/health i get Status Code 200 and UP
However if I call:
GET https://subtenant.cumulocity.com/service/mymicroservice/myendpoint/data
I get Status Code 500 and
{
"timestamp": 1534235792950,
"status": 500,
"error": "Internal Server Error",
"exception": "com.cumulocity.sdk.client.SDKException",
"message": "Http status code: 403\n{error=\"security/Forbidden\",message=\"Access is denied\",info=\"https://www.cumulocity.com/guides/reference-guide/#error_reporting\",details=\"null\"}",
"path": "/ mymicroservice /data"
}
When I subscribe to the master tenant, the microservice is working fine! It seems that the user of subtenant is not allowed to access the Cumulocity API… I also checked the user and the role. The access rights are all granted. How can i access my microservice at subtenants?
I solved the problem by my self. I made a mistake; i forgot to add a role to the manifest to requiredRoles. It was also not working in master tenant.
Please don't confuse this question with this one: Migration from OAuth1 3L to OAuth2:
I have been migrating my system users from google OAuth1 to OAuth2 as specified here.
The usual problem with this migrations is the building of the base_string which was a problem for me before asking this question. After fixing the base_string build up I did migrate 95% of my users but a small amount of users kept returning a 400 error:
{
"error": "invalid_request",
"error_description": "Invalid authorization header."
}
Here are the most important fields to check on:
base_string:
POST&https%3A%2F%2Fwww.googleapis.com%2Foauth2%2Fv3%2Ftoken&client_id%3DXXX%26client_secret%3DXXX%26grant_type%3Durn%253Aietf%253Aparams%253Aoauth%253Agrant-type%253Amigration%253Aoauth1%26oauth_consumer_key%3DXXX%26oauth_nonce%3D178143337915967474871427127026%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1427127026%26oauth_token%3D1%XXX
URL: https://www.googleapis.com/oauth2/v3/token
I have to say, this users do work with OAuth1 at the moment so they are fully valid connections. An invalid/expired connection returns me this 500 error:
{
"error": "invalid_token",
"error_description": "Either the token is invalid or we could not decode it."
}
I am currently researching a way to use the Google Purchase Status API with just HTTP request calls, and I have hit a brick wall. I have an app setup with Google Play, and ownership of the Google Console account.
Basically, I just would like to check the status of a user's purchase on my server. The only information I should be using is the purchase token, product ID, and product package.
I have followed all the documentation on doing this at developer.android.com/google/play/billing/gp-purchase-status-api.html
The HTTPS request call I am attempting to make is this (product names and real strings substituted):
googleapis.com/androidpublisher/v1.1/applications/(com.product.myproduct)/inapp/(com.product.myproduct.product1)/purchases/(myproductpurchasestring)?access_token=(myaccesstokenstring)
and my response is always this:
{
"error": {
"errors": [
{
"domain": "androidpublisher",
"reason": "developerDoesNotOwnApplication",
"message": "This developer account does not own the application."
}
],
"code": 401,
"message": "This developer account does not own the application."
}
}
When polling my access token through this http request call:
googleapis.com/oauth2/v1/tokeninfo?access_token=(myaccesstokenstring)
this is my response:
{
"issued_to": "12345.apps.googleusercontent.com",
"audience": "12345.apps.googleusercontent.com",
"scope": "https://www.googleapis.com/auth/androidpublisher",
"expires_in": 3319,
"access_type": "offline"
}
So according to the documentation at https://developers.google.com/accounts/docs/OAuth2#webserver, I need to:
Authorise myself and retrieve a refreshable access token that is generated from 'Client ID for web applications' in the API access section of the Google API Console. I have done this.
Utilise this access token for google API calls in either of 2 ways: appending the string to the HTTP header 'Authorization', or as part of the HTTPS request itself with the property access_token=(mytokenstring). This part does not work for me, I always get an unauthorised message.
My question I guess would be: is it possible to use a simple HTTPS request call (without external library support) to retrieve the status of a purchased item without user interaction on backend servers?
I would really appreciate any help, most of the other threads are about how to go about getting a refresh token, but I have covered that already.
ok, I figured out my own problem with the help of a colleague. Basically, my access token was being generated under an account which wasn't linked to the project in any way. It would be safest to use the owner of the project's google account when generating the access token.
Phew!