Expected HTTP 401 (Unauthorized), but got HTTP 405 from shop-redact. Your app's HTTPS webhook endpoints must validate the HMAC digest of each request, and return an
HTTP 401 (Unauthorized)
response when rejecting a request that has an invalid digest.
Screenshot
I have used osiset/laravel-shopify package
I have solved this error. Even though one app has been approved, the other app has the same solution in front of it, I still get this error from Shopify in the other app.
First I tried this solution in which the app was rejected. But I applied the same solution in the first app, which was approved
Route::get('/shop-redact',[AbcController::class,'shopRedact'])->middleware('auth.webhook')->name('shop.redact');
And then I tried to create a job for all GDPR webhook but the app was rejected
https://github.com/osiset/laravel-shopify/wiki/GDPR
What is the other solution to this?
Shopify webhooks make POST request to your endpoint so set post request
Route::post('/shop-redact',[AbcController::class,'shopRedact'])->middleware('auth.webhook')->name('shop.redact');
Related
I have some code that looks at "Basic Authorization" requests from many different sites.
I want to know if I can make the following assumptions:
A successful response (credentials are correct) will always have response code 200 OK
A failed response (incorrect credentials) will always have response code 401 Unauthorized
Are the above fair assumptions, or is the success/fail conditions configurable per site?
No, there are other possible response codes.
According to the official spec, there can also be the error code 407.
Also, on MDN:
If a (proxy) server receives invalid credentials, it should respond with a 401 Unauthorized or with a 407 Proxy Authentication Required, and the user may send a new request or replace the Authorization header field.
If a (proxy) server receives valid credentials that are inadequate to access a given resource, the server should respond with the 403 Forbidden status code. Unlike 401 Unauthorized or 407 Proxy Authentication Required, authentication is impossible for this user and browsers will not propose a new attempt.
In all cases, the server may prefer returning a 404 Not Found status code, to hide the existence of the page to a user without adequate privileges or not correctly authenticated.
Besides that, I'm quite sure that an actual successful attempt will result in status code 200.
I'm working with an API and recently something went wrong with the authentication.
The API uses jwt authentication, and when POSTing the client jwt request, instead of getting back an auth jwt, I'm getting a 401 (final) status code (or 404, depending on the library I use to handle requests...), but I'm also getting 407 and 200 when setting a verbose traceback?
I'm pretty new to handling HTTP requests so I'm curious how exactly that might be happening, where are those additional two status codes coming from?
I've registered as a developer with eBay and created an app.
I generated an Oauth (not Auth'n'Auth)
Using Postman to generate a simple request (image) and recieving an error for token invalidity
Error: Invalid access token. Check the value of the Authorization HTTP request header.
What am I doing wrong here?
If your token is for "sandbox" environment, make sure you use sandbox API endpoints for your requests as well.
Instead of https://api.ebay.com/buy/browse/v1/...,
try https://api.sandbox.ebay.com/buy/browse/v1/....
One of the issues which might have happened is:
The access token might have expired
Use the refresh token to refresh the access token when it expires — you know when to do this when your call to the API returns a status code of 401 and the above body you saw in Postman.
What is the system behavior of receiving a request to A restful API with a expired api_key in Moqui? Does the system send back the SC_UNAUTHORIZED error or something else?
The response is status with 500 internal server error.
Hey guys I ran into a weird issue with trying to use the Yammer API's Download URL.
Since this is an API call, you would think that you could just append your users
access token to the end of the API URI to initiate a direct download of the file,
but it seems that this will lead to a 401 Unauthorized when trying to actually use it?
My api urls are set up as so
https://www.yammer.com/domain.com/api/v1/uploaded_files/{file_number}/version/{version_number}/download/somepdf.pdf?access_token={access_token}
Does anyone know why this does not work?
?access_token={access_token} will not work the token should be in the http header and not the url after authentication.
If you are trying to access Yammer programmatically from an application be aware of the following:
Around December 2013 Yammer has slightly modified the authentication process.
By then the access_token could be part of the URL as described in the question.
Calling the API with the old code results in a HTTP 401 error. By now it is important to transport a Bearer Token in the HTTP Request like this:
GET /api/v1/messages/following.json HTTP/1.1
Host: www.yammer.com
Authorization: Bearer abcDefGhi
abcDefGhi is the token gathered after the oauth authorization.
Source:
http://developer.yammer.com/authentication/