GitHub API Access denied trying to update a workflow via API - api

I created a public repository within my personal account, created a PAT w/ the workflow permissions checked, but am unable to disable the workflow via the API as I receive a message stating that I must have admin rights to the repository. I believe the PAT has the correct permissions so I’m unsure as to why this isn’t working.
Here is the command I am attempting to use (based on the documentation):
curl -s christronyxyocum:MY-PAT -X PUT -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/MY-USERNAME/MY-REPO/actions/workflows/workflow.yml/disable
I can retrieve information about the workflow without any issues so I believe that I have the correct URL and formatting, etc. I have even tried creating a new PAT with the same permissions and that one experiences the same error.

I have figured this out. Rather than using the username:token format like they show repeatedly in their documentation, you must use the -H "Authorization: bearer TOKEN" header with the curl command.

Related

How to get fullAccountNumber in Yodlee

Calling the /accounts/{accountId} endpoint with the include fullAccountNumber returns an error Y821 - fullAccountNumber not supported.
I'm doing:
curl -i -H "Api-version: 1.1" -H "Authorization: Bearer {token}" -X
GET https://production.api.yodlee.com/ysl/accounts/{accountId}
?container=bank&include=fullAccountNumber,holder,profile
Note: the line breaks are just for readability
How do you get fullAccountNumber?
It looks like you are calling the API correctly. This feature needs to be enabled for your account, after approval from the Yodlee Security Office. You can make an application through your account manager.
The error message should be updated to something more helpful, like “fullAccountNumber feature is not enabled for account. Please contact Yodlee support.”
Circling back to this because it's been more than a year and want to have a solution:
This was not possible with Yodlee and we went with a different solution.

Login as a user in parse-server without having his password useing the master key?

It's possible to "simulate" a user using the master key? I would like this feature to test what the user can really see in the application and verify that he does not have access to some part of it etc.
Is this possible without knowing the password of the user?
If you want to test how user, roles, and permissions work, a simple way to do it is to make command line REST requests against the parse-server. Here's the guide.
You should be able to go into your parse dashboard and locate a user, look at their session token and then use that in queries to simulate that user's permissions.
With a session token, you can query objects in parse like this:
$ curl \
-X GET \
-H 'X-Parse-Application-Id: ABC123 \
-H "X-Parse-Session-Token: r:XXXXXX" \
-H "Content-Type: application/json" \
https://cloud.so.good/parse/classes/Product
For a complex system, you'll want to cover your cloud code to ensure that all is working as expected. A good place to start would be with parse-server's extensive test coverage, including ACL's
You can create a Parse.Session object for the particular user, setting the user and expiresAt fields. You creating the object, get the sessionToken key from the object.
Then for any request you are trying to make, you will set the X-Parse-Session-Token header to be the value of the session token.

Autodesk Forge Authentication - "The client_id specified does not have access to the api product"

Trying to follow tutorials but cannot get past authentication. From OSX shell:
curl -v 'https://developer.api.autodesk.com/authentication/v1/authenticate' -X 'POST' -H 'Content-Type: application/x-www-form-urlencoded' -d 'client_id=MY_CLIENT_ID&client_secret=MY_SECRET&grant_type=client_credentials&scope=data:read'
I get back:
...
* Connection #0 to host developer.api.autodesk.com left intact
{ "developerMessage":"The client_id specified does not have access to the api product","userMessage":"","errorCode":"AUTH-001","more info":"http://developer.api.autodesk.com/documentation/v1/errors/AUTH-001"}
I have enabled all of the APIs in the app's configuration page.
I regenerated the secret key twice - same result.
If I had screwed up the client_id/secret key somehow, it looks like I would get an AUTH-003 error so I don't think that is the problem.
Documentation lists several possible errors but not AUTH-001.
Any ideas on how to debug this?
TIA
Only way to get past that was to delete that app and create a whole new one from scratch. The new ID/Secret works.

Login Github with Curl

I tried call this command
curl -l -u "my_user_name" https://my-enterprise-github.com
Then, I input my password manually.
But it returns this
<html><body>You are being redirected.</body></html>
Please explain what's wrong with my command.
Thank you.
cURL should not be used for access to GitHub's (or most web) UI without specific reasons. GitHub provides an API to allow accessing data as a well-defined structure.
You mentioned wanting to get-a-single-pull-request. This relies on a URL pattern following GET /repos/:owner/:repo/pulls/:number.
So if you had a GitHub account, facebook, and wanted to look up a specific pull request 15947 in react-native. The full URL would be
https://api.github.com/repos/facebook/react-native/pulls/15947
The cURL command would be
curl -u osowskit -X GET https://api.github.com/repos/facebook/react-native/pulls/15947
Note that:
You will likely want to start using a PAT or OAuth token instead of username/password
There are tools that make exploring the GitHub API easier. postman or octokit
To start with you may want the -L flag. From the cURL Frequently Asked Questions
3.8 How do I tell curl to follow HTTP redirects?
Curl does not follow so-called redirects by default. The Location: header that informs the client about this is only interpreted if you're using the -L/--location option. As in:
curl -L http://redirector.com
Not all redirects are HTTP ones, see 4.14
There's also a CLI now that can be helpful for many similar use-cases:
https://cli.github.com/
$ gh pr list
Showing 2 of 2 open pull requests in Roblox/service-comms-nomad
#16 chi1 Traefik 1.7 GLB jobs chi1-glb-prep
#6 Cgt/t2 cgt/t2

Authentication for foxx APIs

I am working on ArangoDB 3.1 in stand-alone mode.
We are creating a Foxx API to authenticate the users who are accessing our database and our custom APIs. In order to activate authentication, we added the following statements in the arangod.conf file.
authentication = true
authentication-system-only = true
We created a user in arangosh for the database we are working on. When we log into the web console the username and password worked and we are able to access the database,APIs and also able to create users using the APIs.
But when we try to access using another browser or using curl command we are not able to see the user information. HTTP and curl commands are given below.
http://username:password#ip-address:portno/_db/AdtheorentDB/test-app/whoami
curl --basic --user "username:password" -X GET --header 'Accept: application/json' 'http://ip-address:portno/_db/databasename/test-app/whoami'
What might be the issue ?
The above curl command is obtained from the link given below.
ArangoDB authentication via HTTP