I have tried to get the Branch policies using curl / Postman however I keep getting Error "404 Not Found".
Based on the documentation (https://docs.github.com/en/rest/reference/repos#get-branch-protection), I seem to be using the correct API Uri. see below commands used. Ps: Auth Token has been verified.
For Curl :
curl \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/{owner}/{repo}/branches/{branch}/protection
Postman:
https://api.github.com/repos/{owner}/{repo}/branches/{branch}/protection
I need API call to return the Branch protection. Thanks!
while at the moment not clearly documented,
this API URI requires the provided access token to have admin privileges for the repository.
Related
I am working on a simple searching app using LinkedIn's API.
I have set my base-url for the LinkedIn Sales Navigator to:
base_url = "https://api.linkedin.com/v2/search"
I have also obviously added my client_id, client_secret, and access_token in the headers.
However, upon running the program, I am getting the error:
{"serviceErrorCode":0,"message":"Resource search does not exist","status":404}
This makes me think that there is a problem with the base-url. But then, upon visiting the link my program is trying to visit, I am met with a JSON that says:
serviceErrorCode 65604 message "Empty oauth2 access token" status 401
However, as far as I am concerned, I have gone through the OAuth2 flow correctly and in full.
But I'm not sure what it actually is.
Any ideas?
Thanks in advance.
this search point is depreciated. this is allowed to the selected developer only. First, make sure that you have the permissions for that. For reference, you can visit this link
The other thing, if you have permission, then you need to pass the bearer token in the header for authorization.
curl --location --request GET 'https://api.linkedin.com/v2/search' \
--header 'Authorization: Bearer {INSERT_TOKEN}' \
The complete information can be found here.
Due to the new updates of the Soundcloud API, I'm trying to update the authentication flow in my code ( the project was using login and password ).
But I'm blocked by a problem, and I'm losing my head.
I follow instructions on this page : https://developers.soundcloud.com/blog/security-updates-api
I manage to get a refresh token and an access token with this :
curl --request POST \
--url https://api.soundcloud.com/oauth2/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data client_id=CLIENT_ID \
--data client_secret=CLIENT_SECRET \
--data grant_type=client_credentials
But I'm not able to execute this request, which is an example in the mentionned page, with the access token I got with the previous request :
curl --request GET \
--url 'https://api.soundcloud.com/me/tracks?limit=1' \
--header 'Authorization: OAuth ACCESS_TOKEN'
The request response is always :{"code":401,"message":"","link":"https://developers.soundcloud.com/docs/api/explorer/open-api","status":"401 - Unauthorized","errors":[],"error":null}
I tried with a refresh of my access token, and with the url "https://api.soundcloud.com/me" instead of "https://api.soundcloud.com/me/tracks?limit=1".
And always returning the same error.
Can someone help me ?
Thanks by advance, and thanks for reading.
OK, I think I got it, thanks to this question on github :
https://github.com/soundcloud/api/issues/76
"The client_credentials auth flow is meant only for server-side integration and allows access to public endpoints only. Meaning that for endpoint /me or any other user-related endpoint you have to use the Authorization Code flow which provides the client-side integration."
And here : https://developers.soundcloud.com/docs/api/guide#authentication :
"if your app needs to access only public resources, you can use the OAuth Client Credentials Flow"
I'm done with the error messages too blurry... and with me reading too fast !
I will add the correct authentication method in comments later.
UPDATE : "manual" authentication flow
As the project is behind a VPN, I can't use normal authentication flow ( redirect_uri can't be called by soundcloud !)
So :
Get a "code"
First, authenticate on SoundCloud with the account you want to access ( or ask your customer to do it )
In your browser, type this url :
https://api.soundcloud.com/connect?client_id=YOUR_CLIENT_ID&response_type=code&scope=&state=[random_string]&redirect_uri=YOUR_REDIRECT_URI
Accept the demand and this will redirect you to an URL with the code inside : code=YOUR_CODE. Keep it. If this is done by your customer, simply ask him to copy-paste the url.
That's not really secure, but you can't avoid it if your redirect uri is not accessible from Soundcloud.
Obtain a refresh token and an access token :
With curl, to keep your Client Secret, or App Secret, secret ( indeed :D ). And also the access token.
curl -X POST "https://api.soundcloud.com/oauth2/token"
-H "accept: application/json; charset=utf-8"
-H "Content-Type: application/x-www-form-urlencoded"
-d "grant_type=authorization_code&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&redirect_uri=YOUR_REDIRECT_URI&code=YOUR_CODE"
This last request will answer in json format. Inside, you'll find an access token, and a refresh token.
Register the refresh token in your projet to reuse it to refresh your access token when needed !
I am a new user on WSO2 API Manager. I just installed it 2 days back and hosted one simple API on that. It works fine with internal tool. But how to consume it from outside ? eg from Postman or Java code ? Can we make API accessible without any authentication and if i want only jet authentication, how can I do that. please guide. Thanks in advance.
As per suggestion called the API using Curl command and got the token then while calling the
Errors even when providing access token ( which I got after client id and client secret)
Following error when passing Authorization: Bearer 2ee039b0-5cd4-3f31-844c-dd9441593f88
<ams:fault xmlns:ams="http://wso2.org/apimanager/security">
<ams:code>900908</ams:code>
<ams:message>Resource forbidden </ams:message>
<ams:description>Access failure for API: /getcustrates/1.0, version: 1.0 status: (900908) - Resource forbidden </ams:description>
</ams:fault>
Following error when passing Authorization:Basic 2ee039b0-5cd4-3f31-844c-dd9441593f88
<ams:fault xmlns:ams="http://wso2.org/apimanager/security">
<ams:code>900902</ams:code>
<ams:message>Missing Credentials</ams:message>
<ams:description>Invalid Credentials. Make sure your API invocation call has a header: 'Authorization : Bearer ACCESS_TOKEN' or 'Authorization : Basic ACCESS_TOKEN' or 'apikey: API_KEY'</ams:description>
</ams:fault>
If you're new to the product, follow the quick start guide[1]. In the end when you invoke the API using the integrated Try-it tool. When you invoke an API using that, it also gives you the equivalent curl command. You can use that to invoke the API externally.
I assume by Jet you meant to say JWT. You can generate JWTs using the client key/secret pair you get from applications you create at the developer portal. You can use this command to generate further tokens.
curl -k -H "Authorization: Basic EncodeToBase64(<consumer-key>:<consumer-secret>)" -d "grant_type=password&username=<username>&password=<password>" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
or
curl -k -u <consumer-key>:<consumer-secret> -d "grant_type=password&username=<username>&password=<password>" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
[1] https://apim.docs.wso2.com/en/latest/getting-started/quick-start-guide/
I am trying to implement DocuSign OAuth by Authorization Code Grant.
Firstly what I am trying to do:
Make GET request to https://account-d.docusign.com/oauth/auth?response_type=token&scope=signature&client_id=71d5e08f-299d-480a-9520-74d2e5083008&state=a39fh23hnf23&redirect_uri=http://localhost/callback
When i have got token i am trying to make POST request by CURL
curl -i -v -d "grant_type=authorization_code&code=eyJ0eXAiOiJNVCIsImFsZyI6IlJTMjU2Iiwia2lkIjoiNjgxODVmZjEtNGU1MS00Y2U5LWFmMWMtNjg5ODEyMjAzMzE3In0.AQkAAAABAAYABwAABDYucBzVSAgAAJC8dXAc1UgCAISmNWgyUw9Hlk8ldzq-z2gNACQAAAA3MWQ1ZTA4Zi0yOTlkLTQ4MGEtOTUyMC03NGQyZTUwODMwMDgVAAEAAAASAAAAAAAYAAEAAAAFAAAAIAAABDYucBzVSA.0yPv4mlsiuab6ZlC11k_s9rR5gLO0Z1aEoHlyXrE30ba3LD6qBaqqVFcdQDJ3tagx0-6rg48fENjpkglkELnZG7tmF2AZYR98DUYgbot4OMnj0Y0Q-QhhqLvOe6SJmYxfYqCxBC03FVBjH9gTvCVD7kb0msN23-pw5WGRi5p209gNhr-YDv0wb9jwMJdNC-z5QSW0D5qgkbP5HKjIxgITG_qNCyO3CWPvlJIG8u1Wh1oB-EL4JI5fUZSNlipEpZRKG0jU9cbZbO8DaeEhZzfL54wc38r4luN-2XJx1yL48p4HgNP2ujWJAIJiJpy_-TnmMHTHzp3YTaPB7Swus_Leg" -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Basic NzFkNWUwOGYtMjk5ZC00ODBhLTk1MjAtNzRkMmU1MDgzMDA4OjY5MDcwMGI4LTAxMmQtNGU1My05N2FlLTVhNmFkNjg3OWVkYg==" -X POST https://account-d.docusign.com/oauth/token
And always I am getting the same message : "invalid_grant"
I have checked all params twice, and i know about that question DocuSign authorization code grant flow gets invalid_grant error about the same situation, it is not marked as answered
Can anyone explan me what i am doing wrong?
You are mixing two type Authorization Code Grant and Implicit Code Grant, in your first GET URL, you are passing response_type=token instead it should be response_type=code, once you will change response_type from token to code then it will work.
I'm trying to fork a repo using the GitHub V3 API via REST, however, I am having issues making a POST request as per the docs (https://developer.github.com/v3/repos/forks/#create-a-fork).
Basically, what I have so far:
A logged-in user with an OAuth Token
A POST request setup to the API (URL: https://api.github.com/repos/carmichaelalonso/infiniteflight/forks/) - I am testing this with hurl.it to begin with.
Headers in the request: one has the name Authorization with the value 'token ...', the other specifies Content-Type with the value application/json
A body with the following JSON: {"organization" : "shortlisthome"} (shortlisthome is the account I am trying to fork the repo to.
I am not intending to fork this to an organization, instead of a standard user account, which is where I am getting confused. When I run the request, I do not get any authentication errors or 404 errors (I previously had but I had been entering incorrect values by mistake, causing such errors).
When I run this request though, I get the following result (a 422 unprocessable request):
{
"message": "Validation Failed",
"documentation_url": "---url-to-docs---",
"errors": [
{
"resource": "Fork",
"code": "invalid",
"field": "organization"
}
]
}
I am unsure whether or not I am able to fork this to a standard user, or if it is an error with my request. Please let me know if I can provide any more info (first post here so a bit unfamiliar with the convention).
Thanks!
In order for shortlisthome to fork the repository you need to authenticate as them. The repository you're trying to fork is public, so all you need to do is obtain a OAuth token for shortlisthome and then make a similar request to the one you're making now. The only difference will be that you do not need to provide the JSON body of {"organization": "shortlisthome"}.
For what it is worth, the optional JSON body is intended for you to use when you are a member of an organization with proper permissions and you want to fork the repository to that organization. You cannot fork a repository to someone else's account unless you are authenticated as them.
I've so far avoided OAuth2, and do not know hurl. Yet, perhaps this can help.
This post shows how it can be done using cURL's -u username flag:
curl -u 'myusername' https://api.github.com/repos/carmichaelalonso/infiniteflight/forks/ -d ''
The -d (or alternatively --data) flag turns it into a POST request.
Without that flag cURL defaults to a GET request, which is not what you want.
Since, the data is part of the URI for this request, send an empty string for the data that must follow the -d param, as such: -d ''.
Of course, using -u will require you to also supply a password..
Here is what GitHub shows using OAuth2 with their API:
OAuth2 Token (sent in a header):
curl -H "Authorization: token OAUTH-TOKEN" https://api.github.com
OAuth2 Token (sent as a parameter):
curl https://api.github.com/?access_token=OAUTH-TOKEN
Read more about OAuth2. Note that OAuth2 tokens can be acquired programmatically, for applications that are not websites.
OAuth2 Key/Secret
curl 'https://api.github.com/users/whatever?client_id=xxxx&client_secret=yyyy'
I suspect that adding -d '' (or some equivalent in hurl),
plus one of the formats above for sending OAuth2 info might get you most of the way there.
I used this command to fork on github enterprise
curl -vX POST https://git.redacted.com/api/v3/repos/<org-to-fork-from>/<repo-to-fork>/forks?access_token=<api-token> -d #gh-fork.json --header "Content-Type: application/json"
gh-fork.json is just
{
"organization": "org-to-fork-to",
"description": "",
"homepage": "https://git.redacted.com",
"private": false
}