I'm trying to get data with SharePoint REST API but stucking with "System.UnauthorizedAccessException" error.
How can I fix this?
What I did is...
I got access token.
POST https://login.microsoftonline.com/{{tenantName}}/oauth2/v2.0/token
I tried to get sharepoint list items with the access token I got.
GET https://{{xxx.sharepoint.com}}/sites/{{sitename}}/_api/web/lists/GetByTitle('CSV')/items
With the 2nd command, I got error message like below.
"odata.error": {
"code": "-2147024891, System.UnauthorizedAccessException",
"message": {
"lang": "en-US",
"value": "Access denied. You do not have permission to perform this action or access this resource."
}
Check whether the site you requested matches the scope set by app permission xml.It is possible that the scope does not match and the requested site fails to authenticate the request.
Related
I need to test with PostMan the API
https://learn.microsoft.com/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=http
But always return 403...
{
"error": {
"code": "Forbidden",
"message": "",
"innerError": {
"request-id": "76cf26ec-0be3-4b51-a8a8-5c70d71e426c",
"date": "2020-05-25T15:38:50"
}
}
}
I have follow this articole to setup postman microsoft article and all work very well, except this API, and I don't understand why
For this problem, it was caused by the app doesn't have permission to create online meeting. When you click the "Get User Access token" in your postman, it will get the access token which includes the permissions you added to the app before. If you want to test the create online meeting api, you need to go to azure portal and add appropriate permissions for it. Please refer to the steps below:
1. Go to azure portal and click "Azure Active Directory" --> "App registrations" --> "All applications". Search the app by the ClientID which you set in your postman for the graph environment.
2. In you registration app, click "API permissions" and add the OnlineMeetings.ReadWrite permission for it.
After add the OnlineMeetings.ReadWrite permission, don't forget grant admin consent for it.
3. Now you need to get the user access token again in your postman, please click "Get User Access Token" in your postman. You can check the permissions by copy the access token to this page, it will parse the access token and you can check if the token contains the OnlineMeetings.ReadWrite permission.(As add the permission to access token requires a few minutes, so you'd better parse the access token to check if it contains the permission)
4. Then you can test this api in your postman (below I provide a create online meeting sample for your reference).
I tried to use below mixpanel API for fetching event data.
Link
But I am facing a below 403 forbidden error.
{
"request": "/api/2.0/events",
"error": "You do not have the required scope(s) for this request"
}
It seems to be like some permission is missing for accessing the API. But I can't able to find out where to set this scope
Please help me how to get rid of this error
We've found success with the schema if you generate a Service Account from the Organization/Project Settings and use those credentials when authorizing the request.
To do this, go to your Organization Settings, click "+ Service Account" and use the credentials that are generated in the request you submit.
When I try to authenticate against the Zendesk API as an end-user, and then list tickets, it always responds with 403 Forbidden:
e.g.
GET
https://mysite.zendesk.com/api/v2/requested.json
Basic Authorization
returns with a 403
{
"error": {
"title": "Forbidden",
"message": "You do not have access to this page. Please contact the account owner of this help desk for further help."
}
}
It appears that the "tickets" API (like above) is not for end-users. Instead they must use the "requests" API .
So use: https://mysite.zendesk.com/api/v2/requests.json instead...
I am getting the following JSON exception while I am executing the query using the java application for Big-Query API. Following is the exception I am getting:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "accessDenied",
"message": "Access Denied: Job eco-span-847:job_LyHmZIvlY1_0J8JQ3pxThEBf19I: The user does not have permission to run a query in project eco-span-847"
}
],
"code": 403,
"message": "Access Denied: Job eco-span-847:job_LyHmZIvlY1_0J8JQ3pxThEBf19I: The user does not have permission to run a query in project eco-span-847"
}
}
Why is this occurring and how could I resolve this?
To insert a query job in a project the calling user must be at least a Reader on the project.
When using the BigQuery API, you need to construct the client with OAuth credentials for some user. For programmatic access, this is often a Service Account identity. When you create a new Service Account, that account is not automatically added a membership role to your project.
To update the users and service accounts that are members of your project, go to https://console.developers.google.com/ for your project, select "Permissions" in the navigation panel, and make sure the user or service account identity you are calling with is a "Reader" on the project.
Check email/service account is it added in google cloud's IAM&Admin.
Verify the role/permission to use certain api. access control
If above are not met, communicate with the Owner/Admin of the project to add them in.
I was able to retrieve access-token using Google Service account but when I tried to use the same access-token to retrieve GooglePlus User Profile API I'm getting the error mentioned below:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "notFound",
"message": "Not Found"
}
],
"code": 404,
"message": "Not Found"
}
}
I used scope value as https://www.googleapis.com/auth/plus.me while retrieving access-token using Google service account and I was able to fetch access-token, but then if I try to use the same access-token to request User profile API- I.e
https://www.googleapis.com/plus/v1/people/me?prettyprint=true I get the error above.
Can anyone help me on this?
This is most likely because the account that has done the authentication does not have a Google+ account/profile. For testing, you may wish to replace the "me" with the profile ID in question to verify this. In production, of course, you should catch this error and indicate that they don't have a Google+ profile.
If you need to check for a Google login, even if they don't have a Google+ profile, you can use the https://www.googleapis.com/auth/userinfo.profile scope. See https://developers.google.com/accounts/docs/OAuth2Login for more details.