I want to access these APIs from cowin.gov.in
This API is for getting the vaccination certificate -
https://ndh.digitallocker.gov.in/public/marketplace/api/cowin/cowincert
But when I access this using mobile number and a beneficiary ID , I get unauthorized access.
It requires to generate token and require following this from this site - https://openapi.aarogyasetu.gov.in/profile
I am integrating this to my Flutter App how can I get the following
Your Public Key (Callback data will be signed using this)
Callback URL
I am an individual using this API but it needs some company info too. What should I do?
Check this image for more details of registration
I checked the website https://openapi.aarogyasetu.gov.in/ and got the contact details
openapi.aarogyasetu#gov.in. Please try to send a mail to this id and lets see what they are going to respond. I am not sure whether individuals can get access to those API's since they are asking a lot of information about company/organization.
As stated in the image below, We might need to contact the Ministry of Health and Family Welfare, Government of India to get access to the protected APIs.
You can now raise your issues on https://github.com/cowinapi/developer.cowin
This is official github repository of COWIN
You can check all the open issues as well the closed issues for clarifications.
You don't need an api key for accessing the public api end points
mention general user agent like this {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Edg/90.0.818.56"} to avoid getting the error.
Co-WIN Public APIs allow any third-party application to access certain un-restricted information, that can be shared with its users. This is limited only to read access in Co-WIN. The appointment availability data is cached and may be up to 5 minutes old. Further, these APIs are subject to a rate limit of 100 API calls per 5 minutes per IP.
Swager API documentation official resource
https://apisetu.gov.in/public/api/cowin/cowin-public-v2
header = {
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36',
'origin': 'https://selfregistration.cowin.gov.in/',
'referer': 'https://selfregistration.cowin.gov.in/'
}
also needs
data = {"mobile": mobile,
"secret": "U2FsdGVkX1+z/4Nr9nta+2DrVJSv7KS6VoQUSQ1ZXYDx/CJUkWxFYG6P3iM/VW+6jLQ9RDQVzp/RcZ8kbT41xw=="
}
source
https://github.com/pallupz/covid-vaccine-booking/
Related
I would like to:
Use AWS Cognito user pool to authenticate users and make requests to an API Gateway.
have some way to grant different permission levels to different user groups.
Log the users making requests and pass the user details to backend.
Currently, I am using IAM authoriser on the API Gateway, and sign the incoming requests with AWS Signature 4. I am also using User Pool Groups to give different permissions to different users.
I'm not sure how best to identify users making the request, though. Is it possible to access those details? To log the username (or some user ID) and pass a user ID to the Lambda function backend to inspect further ?
Or would it be better to use a JWT access token and OAuth scopes or something like that?
If you're using api gateway with lambda as proxy, then you can access the event object in lambda to obtain the relevant information. Try to get event.requestContext.identity which contains
{
"cognitoIdentityPoolId": null,
"accountId": null,
"cognitoIdentityId": null,
"caller": null,
"sourceIp": "52.255.255.12",
"principalOrgId": null,
"accessKey": null,
"cognitoAuthenticationType": null,
"cognitoAuthenticationProvider": null,
"userArn": null,
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36",
"user": null
},
in your lambda function.
ref: https://github.com/awsdocs/aws-lambda-developer-guide/blob/main/sample-apps/nodejs-apig/event.json
Thank you for browsing.
I want to use this API’s “Create a new payment”.
https://shopify.dev/docs/admin-api/rest/reference/sales-channels/payment?api[version]=2020-07
But, I got HTML on “POSTMAN”.
The details are as follows.
Url
https://XXXXXXXXXXXX.myshopify.com/admin/api/2020-07/checkouts/0076fd26194e9a11e1ad2fef27e6d369/payments.json
Body
{
"payment": {
"request_details": {
"ip_address": "114.179.82.76",
"accept_language": "en-US,en;q=0.8,fr;q=0.6",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36"
},
"amount": "11000.00",
"session_id": "east-a2fe97e4239a2141004a2586da22babd",
"unique_token": "7d80c851451dcbe1d36af87c55c573a3"
}
}
Result
<html>
<body>
<noscript>
Continue
</noscript>
<script type="text/javascript" defer>
window.location = "https:\/\/accounts.shopify.com\/oauth\/authorize?client_id=7ee65a63608843c577db8b23c4d7316ea0a01bd2f7594f8a9c06ea668c1b775c\u0026destination_uuid=194909e9-a17a-40dd-bfb7-61a6a8739c9c\u0026nonce=28f174d1a0c3dcad2ee819c1ab6772eb\u0026prompt=merge\u0026redirect_uri=https%3A%2F%2Fdrupal-integration.myshopify.com%2Fadmin%2Fauth%2Fidentity%2Fcallback\u0026response_type=code\u0026scope=email%20https%3A%2F%2Fapi.shopify.com%2Fauth%2Fdestinations.readonly%20openid%20profile%20https%3A%2F%2Fapi.shopify.com%2Fauth%2Fpartners.collaborator-relationships.readonly%20https%3A%2F%2Fapi.shopify.com%2Fauth%2Fbanking.manage\u0026state=0ed03b89f02f335f13bdc36f4813a822\u0026ui_locales=en\u0026ux=shop";
</script>
</body>
</html>
I don’t know what I am doing wrong. But, I think the following is suspicious.
I used token on URL “0076fd26194e9a11e1ad2fef27e6d369". This is “web_url”. I got it at “Creates a checkout”.
https://shopify.dev/docs/admin-api/rest/reference/sales-channels/checkout?api[version]=2020-07#create-2020-07
I used parameter of “session_id” on body. I got it at “Stores a credit card in the card vault”.
https://shopify.dev/docs/admin-api/rest/reference/sales-channels/payment?api[version]=2020-07#create_payment_session-2020-07
I used parameter of “unique_token” on body. I got it this way.
I want to use Shopify API of "payment" but I didn't understand parameter of "unique token"
Sorry for my poor English, but I want help.
Your API call is running into issues at API Authentication step. This problem arise, when you are sending cookies with POST request.
From the Shopify documentation,
Shopify prevents HTTP Basic Auth POST requests that have cookies,
which can cause POST calls to fail. If your POST call fails, then you
should try clearing your cookies.
To clear the cookies, use the Cookie manager in Postman app that can be accessed using Cookies button located below the Send and Save buttons.
Clearing Cookies in Postman
For sending authentication information, Shopify uses Basic Auth. You can read more about generating credentials and sending request at Shopify Docs for Authetication.
Context
I am working on an application which detects the user's IP address from the request and restricts them from doing certain actions on a page based on the country they are in.
Problem
When a user makes a request to our application via some Web proxy, we are unable to fetch the original IP address of user's device and hence, the country from it. Examples of web proxies can be a website like hide.me, OR a browser extension such as GeoProxy, etc.
I tried to scan the whole request object inside my Rails controller to see if there is any information about the real IP address of user, but my every attempt seems to return the IP address of web proxy instead. See some results (development mode + ngrok) below:
> request.ip
=> "154.48.196.3" # This is IP address of web proxy i used, while my actual IP address is "119.82.x.x"
> request.remote_ip
=> "154.48.196.3"
> request.remote_addr
=> "127.0.0.1"
> request.env
=> {"GATEWAY_INTERFACE"=>"CGI/1.1",
"PATH_INFO"=>"/shops/alinea",
"QUERY_STRING"=>"",
"REMOTE_ADDR"=>"127.0.0.1",
"REMOTE_HOST"=>"localhost",
"REQUEST_METHOD"=>"GET",
"REQUEST_URI"=>"https://86d3f832.ngrok.io/shops/alinea",
"SERVER_NAME"=>"86d3f832.ngrok.io",
"SERVER_PORT"=>"443",
"SERVER_PROTOCOL"=>"HTTP/1.1",
"SERVER_SOFTWARE"=>"WEBrick/1.3.1 (Ruby/2.1.10/2016-04-01)",
"HTTP_HOST"=>"86d3f832.ngrok.io",
"HTTP_USER_AGENT"=>"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36",
"HTTP_ACCEPT"=>"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
"HTTP_X_FORWARDED_PROTO"=>"https",
"HTTP_X_FORWARDED_FOR"=>"154.48.196.3",
...}
> request.env['HTTP_X_FORWARDED_FOR']
=> "154.48.196.3"
Can someone guide me on how to generate a foolproof solution that will return me the original IP address of users every time, no matter how they try to access our application?
Best solution should cover as many points from this doc as possible.
Configuration
Ruby v2.1.3
Rails v3.2.22.5
I have created an OKTA API using token and admin account url to export the events(logs) reffered to the activities done on my okta account.
i am able to export the events but the IP address details or the source IP (from where) info is not getting exported.
anything more need to added to API for the same. please advise.
Modify Okta API com.okta.sdk.models.event.Actor.java
Add a property:
private String ipAddress;
Add get/set funcitons.
Compile source code to a new Okta API jar, use this jar substitute the original one, then you will get your IpAddress attribute value in event.actor.ipAddress
The ipAddress depends on the Actor objectType. Events with a Client ObjectType will include the ipAddress as shown in the example below:
{
"id": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.65 Safari/537.36",
"displayName": "CHROME",
"ipAddress": "127.0.0.1",
"objectType": "Client"
}
One way to debug this would be to use the public Events API and filter the events to validate that for the ipAddress is getting captured for the appropriate Events. If the ipAddress is included in the JSON response but is not getting parsed in the CSV export, then you may have uncovered a bug. That said, I just tested this and it worked for me ;-)
When a browser like Chrome makes a request for a web page or image like a gravatar icon the server receives the userAgent information like so:
"Chrome/2.0 AppleWebKit/400.1.1 (KHTML, like Gecko)"
But if an Adobe AIR app makes a request for an image in the Image component what does the server receive? Is the same as a URLRequest?
"Chrome/2.0 AppleWebKit/400.1.1 (KHTML, like Gecko) AdobeAIR/3.0"
Background:
My AIR app shows Gravatar icon for the user and recently it stopped working. I'm wondering if it's gravatar is denying calls from user agents it doesn't recognize.
I've tried changing the userAgent to test the theory and it's throwing an error:
// 1195: Attempted access of inaccessible method userAgent through a reference with static type Class.
URLRequestDefaults.userAgent("chrome");
Update:
It looks like I need to set the user agent as a property and not a method. Was referring to this forum post. So I can change that might fix the gravatar issue but not answer how Adobe AIR apps appear to the server.
i hope this result's comes useful
Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like
Gecko) AdobeAIR/3.1
also i cant realize that what's difference between requesting for an Image and URLRequest, they are same.