Trying to authorize an 'app' in 3dcart
The api is fairly well documented using Swagger and they have this page w/ instructions https://apirest.3dcart.com/v1/getting-started/index.html#getting-started
You are supposed to make this first call, which is supposed to give you token you use in the subsequent step
https://apirest.3dcart.com/oauth/authorize?
Client_Id=22613fdfc5a6200bece02a29524XXXXX
&state=12345
&response_type=code
&store_url=www.***********.com
&redirect_uri=www.!!!!!!!!!!.com <============== WHAT SHOULD THIS BE
Using postman, I can play with the various parameters.
I beleive clientId should be the guid-ish string you get associated w/ each store that has subscribed to your app.
Store Url - i know this. Should I include the https:// protocol in the string?
It sounds like STATE is just something you pass in and the store parrots it back to you.
redirect_uri - not sure what this is/ should be
I can get status 200 OK, but i am getting an HTML page .
Pasting same URL in a browser, I am getting a login page. I login as an admin user and then get 404 because it is redirecting me to the redirect_uri
??? I really just want to login. I tried passing in a blank uri and omitting the parameter. Both yield
Status 400 Error 101 redirect_uri is required
Am I doing this correctly? Is there an example of authorizing so you can use the API?
I have downloaded the GIT repository. That helps a bit, but still missing something
tyia
Using the URL you're talking about will allow the customer to grant access to your application. The Redirect URI in the URL you have the customer click on MUST match the Redirect URI you have set up on your app in 3dcart Developer.
After that, there are 5 steps to getting the Authorization Token and then use it to work with the 3dcart API.
The redirect URI is your endpoint where 3dcart will send the code.
Step one:
Set up your Redirect URIs: under the Oauth tab on your application on 3dcart Developers
Step 2:
3dcart will post to this URL a "Code". You can get this from the URL with GET
$code = $_GET['code'];
Step 3:
Use Curl (or whatever) to make a postback to 3dcart with the code
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://apirest.3dcart.com/oauth/token");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
$data = array('Code' => $code, 'client_id' => '{your public app key}', 'client_secret' => '{your private app key}', 'grant_type' => 'authorization_code');
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'application/x-www-form-urlencoded'
));
$response = curl_exec($ch);
Step 4:
parse the response to get the access_token:
$info = json_decode($response, true);
$access_token = $info['access_token'];
Step 5:
Use the Access token to make calls to 3dcart using the following parameters in curl
$auth = array(
"Content-Type: application/xml",
"Accept: application/json",
"Authorization: Bearer $access_token",
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://apirest.3dcart.com/3dCartWebAPI/v2/{API END POINT}");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_HTTPHEADER, $auth);
$response = curl_exec($ch);
curl_close($ch);
Related
Recently, Twitch bring a new API version using new endpoints etc..
I was working on the V5, but I didn't use Curl command line, I work with URL.
So I decide to look at the references of the new version, trying for example to getting the followers and found this :
https://api.twitch.tv/helix/users/follows?to_id='user ID'
So I replace the user_ID by an id (mine and/or another) and get :
{
"error":"Unauthorized",
"status":401,"message":"Must provide a valid Client-ID or OAuth token"
}
When I was working on the V5, I was putting the client_id and the oauth at the end of the URL like this :
https://api.twitch.tv/kraken/channels/CHANNELNAME?client_id=xXxXxXxXxX&oauth_token=aaaabbbbccc111
And it was working, but in the new API, I already have a parameter so I added the client_id and token after with a & connector... But still have the same error.
I also try to put them before the to_id parameter, but same...
So my question is really stupid but anyone know the URL format on the new API?
You should send your Client-ID in request's header now, not as a param in URL. But there's other problem with SSL/HTTPS in this case if you use curl.
Here is a solution to your problem
DEFINE (TWITCH_API_KEY,'YOUR_KEY_HERE');
$url = 'https://api.twitch.tv/helix/streams/metadata';
$ch = curl_init();
$headers=['Client-ID: '.TWITCH_API_KEY];
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$result = curl_exec ($ch);
curl_close ($ch);
echo $result;
I am using rest api to fetch basic profile data from linkedin with php code. I am successfully able to generate access code and access token but I am getting ssl required error whenever I tried to get basic profile using following url
https://api.linkedin.com/v1/people/~?format=json
I followed all steps to make authenticated requests as listed there https://developer.linkedin.com/docs/oauth2
I am using a non ssl url as call back parameter , Is it necessary to use ssl url ? If not then why I am getting this error .
looking for a solution
below is code to get profile fields
$host = "api.linkedin.com";
$path = "/v1/people/~)";
//$arr = array('oauth2_access_token' => $access['access_token']);
$token = $access['access_token'];
$header[] = "Authorization: Bearer ".$token;
$header[] = "Connection: keep-alive";
$header[] = "Keep-Alive: 300";
$ch = curl_init();
// endpoint url
curl_setopt($ch, CURLOPT_URL, $host . $path);
// set request as regular post
//curl_setopt($ch, CURLOPT_HTTPGET, true);
// set http version
curl_setopt($ch, CURLOPT_HTTP_VERSION, 'HTTP/1.1');
// set data to be send
//curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($arr));
// set header
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
// set header
curl_setopt($ch, CURLOPT_CERTINFO, true);
// return transfer as string
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
var_export($response);
My solution was to use https:// instead of just http://
Where can I find the access_token, refresh_token in my youku account?
I found out how to upload video to youku.com using external script with the use of a API, but I need access_token, refresh_token to use it.
You need to authorize your Youku app and to use the get code to obtain a token.
Go to https://openapi.youku.com/v2/oauth2/authorize?client_id={YOURCLIENTID}&response_type=code&redirect_uri={YOURCALLBACKURL}.
Accept the authorization. You will be redirected to your callback URL. Be careful, it should be the same than the one you entered while creating your Youku application (same protocol too).
Use the get parameter code to get your access token by doing a POST CURL call to https://openapi.youku.com/v2/oauth2/token with the following parameters
if(isset($_GET['code']))
{
$url = "https://openapi.youku.com/v2/oauth2/token";
$params = array(
"client_id" => $client_id,
"client_secret" => $client_secret,
"grant_type" => 'authorization_code',
"code" => $_GET['code'],
"redirect_uri" => $callback_url
);
$str_params = http_build_query($params);
$ch = curl_init();
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $str_params);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
echo $result;
}
The $result will be a json array containing the access_token {"access_token":"3cc08bffcd48a86a0e540f9ed1be42f4","expires_in":"2592000","refresh_token":"f8d78ce2005c9d1e0b62cd29f61ba3f9","token_type":"bearer"}
More infor here : http://open.youku.com/docs/docs?id=101
You can find the Youku api here: http://open.youku.com/docs/tech_doc.html
It is in Chinese, so I suggest you open this link using google chrome, then right click the page (after it is finished loading) and press 'Translate to English'
Hope this helps
I have an issue when trying to generate Access Token by POST data to https://login.bigcommerce.com/oauth2/token. There is an exception error ('The remote server returned an error: (400) Bad Request.'). I don't know why but I already read the document at https://developer.bigcommerce.com/apps/callback#token
If I open that URL on any web browsers. It said that "The page you were looking for doesn't exist."
Could you please help me this?
Thank you,
Trung
If you are getting a 400 response to your POST request to https://login.bigcommerce.com/oauth2/token then that is indicating a problem with your data. The most likely causes are:
You are not including the following header in your POST request:
Content-Type: application/x-www-form-urlencoded
You are not URL encoding your POST data such as the following example:
client_id=236754&client_secret=m1ng83993rsq3yxg&code=qr6h3thvbvag2ffq&scope=store_v2_orders&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fapp.example.com%2Foauth%26context%3Dstores%2Fg5cd38&context=stores%2Fabc123
Also note that the error response message body that you receive should have some more details about the source of the problem.
If you have confirmed the above points then maybe try giving a sample of your POST data or some information about what you are doing to URL encode your data. Make sure not to include your actual client ID, client secret, or redirect URI.
Try ussing cURL
$data = array( "client_id" => "sdfgdfgdfkxddfgdfgdfdfgdfgddfgdfg2",
"client_secret" => "sdfgsdfgsdfgsdfgsdfgdf",
"redirect_uri" => "https://youapp.com/oauth",
"grant_type" => "authorization_code",
"code" => $_GET["code"], "scope" => $_REQUEST["scope"], "context" => $_GET["context"], );
$postfields = http_build_query($data);
$ch = curl_init();
$url = "https://login.bigcommerce.com/oauth2/token";
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec ($ch);
curl_close ($ch);
$obj = json_decode($output);
var_dump($obj);
Firstly you need to get temporary authorization code, but sending GET request to https://login.bigcommerce.com/oauth2/authorize with parameters clientId, Scope, Context ("stores/{your_store_hash}") and redirect_url.
Only after this, you can change your temporary token to permanent token (see previous post).
This permanent token expires in 30-60 days, but I don't know how to renew it automatically without user action. If you know that, please write how.
I'm trying to build a simple script to import page view counts for articles published via my CMS. I easily constructed my query using the Google Analytics API query builder which quickly returns the desired result. A scheduled job on my web server will run the query once per day and update and page view counts.
Because I'm only pulling in pageviews, I believe it wasn't necessary to go through the entire oAuth process. This Google account has only one web property and only one profile, so there isn't a routine needed to derive that.
I registered an app and created an API key. I have ensured that Google Analytics is turned on for this profile. Based on my reading of the API, I believe I can pass this key as an http parameter to properly authorize the query.
When I run the query via http, I get an authorization error (401). The query is included below:
https://www.googleapis.com/analytics/v3/data/ga?ids=ga%3A[MY ID]&metrics=ga%3Apageviews&start-date=2012-08-09&end-date=2012-08-23&max-results=50&key=[MY API KEY]
I've Googled many examples of this, but they all seemed to implementing a very elaborate (and in my use case unnecessary) authentication routine. But maybe I'm missing something.
Many thanks in advance.
Kris, frustrated Googler
Use this example to fix 401 error http://dumitruglavan.com/ganalytics-class-access-google-analytics-data-api-with-php/
You need to authorize:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.google.com/accounts/ClientLogin");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, true);
$data = array(
'accountType' => 'GOOGLE',
'Email' => $email,
'Passwd' => $password,
'service' => 'analytics',
'source' => ''
);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$output = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);
$auth = '';
if($info['http_code'] == 200) {
preg_match('/Auth=(.*)/', $output, $matches);
if(isset($matches[1])) {
$auth = $matches[1];
} else {
throw new Exception('Login failed with message: ' . $output);
}
}
And after authorize send authorization token in headers:
$headers = array("Authorization: GoogleLogin auth=$auth");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$output = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);