I'm setting up API calls to test retrieving and creating Invoices to and from Xero. I've set up the oAuth2 and I can retrieve from the Demo Co with no errors.
However, when trying a POST with the same credentials and authentication, I get:
{
"Type": null,
"Title": "Forbidden",
"Status": 403,
"Detail": "AuthenticationUnsuccessful",
"Instance": "f60c6b6e-7f3d-4941-9a8e-654495d3e07b",
"Extensions": {}
}
What have I done wrong? Thank you 😀
I'd recommend ensuring the access_token you are passing to that API call has the required scopes: https://developer.xero.com/documentation/oauth2/scopes - to POST an invoice you will need the scope accounting.transactions - to quickly check the actual scopes on a token you can decode your JWT (aka access_token) using some decryption libraries, or use the site https://jwt.io/ at your discretion.
Thank you for your responses.
I hadn't realised that the {{xero-tenant Id}} had not been added to the Headers in POST Invoices in Postman.
Manually adding that in fixed the bug 😉
Related
Using the Postman collection for Amadeus for Developers I can successfully get access token and execute any api endpoint in the test environment (test.api.amadeus.com)
But after signing up successfully for Production Environment (without Flight Create Offer), I am able to get access token from Production (api.amadeus.com) BUT all api endpoint execution results in 401 error (Code: 701 - Wrong authentication credentials)
Below is the error in postman
{
"errors": [
{
"status": 401,
"code": 701,
"title": "Wrong authentication credentials.",
"source": {
"pointer": "uri"
}
}
]
}
i have made sure the bearer token is valid and my api calls are pointed to api.amadeus.com using the Prodction Key and Secret.
I have been in contact with Amadeus email helpline (self-service.apis#amadeus.com) for the last 3 weeks, and after each week they instructed me to reset my account password and wait 2 hours before making the call, which i did three times now and ended up with the same error.
I hope someone higher in the tech department will notice my question and will be able to shed some light as to why your system is not letting me call production environment.
will be eagerly waiting for some advise.....
Happened to me as well, try to generate an access token few more times and use it, for me is suddenly worked
I have downloaded postman collection of Twitter API and set all the required keys in environment variables.
When I try to run following URL ,
https://api.twitter.com/2/tweets/search/all?query=%23haiku
I am getting following error in postman.
{
"client_id": "22929871",
"detail": "When authenticating requests to the Twitter API v2 endpoints, you must use keys and tokens from a Twitter developer App that is attached to a Project. You can create a project via the developer portal.",
"registration_url": "https://developer.twitter.com/en/docs/projects/overview",
"title": "Client Forbidden",
"required_enrollment": "Standard Basic",
"reason": "client-not-enrolled",
"type": "https://api.twitter.com/2/problems/client-forbidden"
}
For following API, I am getting response.
https://api.twitter.com/2/tweets/search/recent?query=%23haiku
Can someone suggest me, what I am missing.
When I try to authenticate against the Zendesk API as an end-user, and then list tickets, it always responds with 403 Forbidden:
e.g.
GET
https://mysite.zendesk.com/api/v2/requested.json
Basic Authorization
returns with a 403
{
"error": {
"title": "Forbidden",
"message": "You do not have access to this page. Please contact the account owner of this help desk for further help."
}
}
It appears that the "tickets" API (like above) is not for end-users. Instead they must use the "requests" API .
So use: https://mysite.zendesk.com/api/v2/requests.json instead...
I am currently researching a way to use the Google Purchase Status API with just HTTP request calls, and I have hit a brick wall. I have an app setup with Google Play, and ownership of the Google Console account.
Basically, I just would like to check the status of a user's purchase on my server. The only information I should be using is the purchase token, product ID, and product package.
I have followed all the documentation on doing this at developer.android.com/google/play/billing/gp-purchase-status-api.html
The HTTPS request call I am attempting to make is this (product names and real strings substituted):
googleapis.com/androidpublisher/v1.1/applications/(com.product.myproduct)/inapp/(com.product.myproduct.product1)/purchases/(myproductpurchasestring)?access_token=(myaccesstokenstring)
and my response is always this:
{
"error": {
"errors": [
{
"domain": "androidpublisher",
"reason": "developerDoesNotOwnApplication",
"message": "This developer account does not own the application."
}
],
"code": 401,
"message": "This developer account does not own the application."
}
}
When polling my access token through this http request call:
googleapis.com/oauth2/v1/tokeninfo?access_token=(myaccesstokenstring)
this is my response:
{
"issued_to": "12345.apps.googleusercontent.com",
"audience": "12345.apps.googleusercontent.com",
"scope": "https://www.googleapis.com/auth/androidpublisher",
"expires_in": 3319,
"access_type": "offline"
}
So according to the documentation at https://developers.google.com/accounts/docs/OAuth2#webserver, I need to:
Authorise myself and retrieve a refreshable access token that is generated from 'Client ID for web applications' in the API access section of the Google API Console. I have done this.
Utilise this access token for google API calls in either of 2 ways: appending the string to the HTTP header 'Authorization', or as part of the HTTPS request itself with the property access_token=(mytokenstring). This part does not work for me, I always get an unauthorised message.
My question I guess would be: is it possible to use a simple HTTPS request call (without external library support) to retrieve the status of a purchased item without user interaction on backend servers?
I would really appreciate any help, most of the other threads are about how to go about getting a refresh token, but I have covered that already.
ok, I figured out my own problem with the help of a colleague. Basically, my access token was being generated under an account which wasn't linked to the project in any way. It would be safest to use the owner of the project's google account when generating the access token.
Phew!
I want to use Google Shopping Search API for products search. I have followed all the steps stated in document. First I created a google account, then went to GOOGLE APIs console to create a project and got an API key. I want to use this service as publishers in the Google Affiliate Network who can use the API to access product offers from their advertisers of choice.
Then I signed up at google affliate network to get pid. Then I send request to some advertisers to join their program from my affiliate admin panel. Now I have one advertiser approved. Now on this document, it states that to request feed to access products from google affiliate network advertisers of publisher I have to use the following url
https://www.googleapis.com/shopping/search/v1/source/products
Where source in the url is replaced by gan:mypublisherid after putting this my url looks like
https://www.googleapis.com/shopping/search/v1/gan:myid/products?key=mykey&country=US
But When I access this url i found following json error
{
"error": {
"errors": [
{
"domain": "global",
"reason": "conditionNotMet",
"message": "authentication is required for GAN",
"locationType": "header",
"location": "If-Match"
}
],
"code": 412,
"message": "authentication is required for GAN"
}
}
Now my question is how to get authenticated? Is my url is correct or there is some thing other way to do this?
Best Regards.
Read this article. The last part i.e. authentication.
You have to get an access token before using the API. You can either use OAuth or Client Login token. To get a token using Client login you can use cURL. Remember to put servicetype as shoppingapi as the document says.