I have this situation. Im trying to display user photos from an external site, all the configurations about remote sites are already set. I created a connected app in org A and from org B i'm retrieving the users from org A.
All of this works however i cannot show the photos from those users because for that to happen i have to be able to use the ConnectApi.UserProfiles.GetPhoto method which i'm doing right now but i keep getting the "insufficient privileges" error. I tried getting the AccessToken through postman like this
This redirects me to the login site so i can log into my org with my credentials. After that i get an AccessToken.
Next up, i want to be able to get the photos from users from the external site with the AccessToken, However i'm still getting the same error message "Insufficient Priviledges". Am i missing something? thanks in advance
According to: https://sforcenotes.blogspot.com/2015/10/solution-to-display-salesforce-user.html?showComment=1596211057195#c5848226245946017759
The solution is fairly easy but this does not work
I'm bit lost. You have some app that wants to log in to Salesforce and pull images from it? Or do you want to call out from Salesforce and pull images from external app? For first one you likely need "connected app". But you need "remote site settings" or "named credentials" only for calling out.
I'm assuming it's option 1.
There are lots of ways to log in to SF, SOAP API (just username + password), REST API (lots of OAuth2 options, with username+pass or username + JWT or just OAuth2 client id and user logs in to SF interactively, you don't see the password)... Sounds like you're past this stage?
A successful login response will look bit like that (depends on method used):
{"id":"https://login.salesforce.com/id/00Dx0000000BV7z/005x00000012Q9P",
"issued_at":"1278448832702",
"instance_url":"https://yourInstance.salesforce.com/",
"signature":"0CmxinZir53Yex7nE0TD+zMpvIWYGb/bdJh6XfOH6EQ=",
"access_token":"00Dx0000000BV7z!AR8AQAxo9UfVkh8AlV0Gomt9Czx9LjHnSSpwBMmbRcgKFmxOtvxjTrKW19ye6PE3Ds1eQz3z8jr3W7_VbWmEu4Q8TVGSTHxs",
"token_type":"Bearer"}
You're supposed to take from it the access_token (that's your session id. It'll always start with org's id, compare with Setup -> Company information) and instance_url (that's where you're supposed to send any subsequent requests. No more calling the login gateways: login.salesforce.com, test.salesforce.com or mydomain.my.salesforce.com). If you're getting "Insufficient Privileges" I think you didn't change the endpoint.
You can test you logged in OK by sending a GET to the id endpoint you received. It'll give you OpenId info about your user.
Here's my GET to fetch OpenId data with the "Authorization: Bearer " request
So another GET with same header and I have my ugly mug:
If you want somebody else's picture - query similar to /services/data/v48.0/query?q=SELECT SmallPhotoUrl, FullPhotoUrl FROM User WHERE Id = '005...' should work. Check User fields.
{
"totalSize" : 1,
"done" : true,
"records" : [ {
"attributes" : {
"type" : "User",
"url" : "/services/data/v48.0/sobjects/User/(redacted)"
},
"SmallPhotoUrl" : "https://(redacted)/profilephoto/7293L0000008Tfq/T",
"FullPhotoUrl" : "https://(redacted)/profilephoto/7293L0000008Tfq/F"
} ]
}
The key thing is to use the new endpoint and pass the session id in the header. You might even find it easier to use Chatter API to pull photos (also REST-based)
Related
A am just beginning to familiarize myself with the eBay RESTFUL API, forgive me this basic question, but I found no answer yet.
I have an eBay account since many years ago. I registered a developer account (same eMail address) recently, and I got the Tokens for Sandbox and Production. I have successfully used public APIs like list items, search items, and such, to verify the tokens, by querying some items in eBay.
How do I preceed from here to access data specific to my eBay account, like, for instance, the list of purchases and sales? Somehow I need to connect my app to my live eBay account, I guess, and give my app permissions to read data, but I could not find any matching setting in my eBay account settings nor in the API calls.
Please guide me through the next step: how do I give my app the required permissions, and how do I build a simple read-only query to query, for instance, the items I have purchased.
I think this question does not depend on any programming language, feel free to use any programming language you like.
Many Thanx!
Ok so if we are talking only about Authorization token and calling seller api like orders (in ebay it's called fullfilments i believe).
We need to start with creating User Token.
You can create one here:
Then you need to add ebay redirect URL:
I don't know much about Auth'n'Auth so I will talk only about OAuth
After adding new redirect URL you should add url address for authorization success and failure.
You will be redirected there after authorization.
Now we can test if generation of token works.
For this example i did set my redirect url like that:
We need to click "Test Sign-in" (set radio button to OAuth before)
You should be redirected to website:
You need to sign in with account which have access to sandbox.ebay.com or ebay.com (depends if you are on sandbox or production environment)
After logging in I don't remember if there will be another window with confirmation of App scopes to confirm (I already done it before).
But if that is the case just click confirm button.
Now you should be redirected to https://localhost.com which we did set up as our success redirect url
Url should look like that
https://localhost.com/?code=v%5E1.1%0VeMTI%3D%3D&expires_in=299
That code parameter is much longer btw. And you can see that it's url encoded so you need to decode it before using
And now you are almost at home :D
You have 300 seconds to call a POST request to authorize with that code parameter.
POST https://api.sandbox.ebay.com/identity/v1/oauth2/token
Header required
Remember first screen shot?
You need to go there and get your App ID, Cert ID then concatenate it with ":" then encode it to Base64 and add before that value "Basic " keyword.
In pseudo code it should looks like that:
Authorization:Basic Base64.encode(AppID + ":" + CertID)
Body required
format of Body needs to be "x-www-form-urlencoded" (key:value format basically)
here you need
grant_type:authorization_code
code:{code}
redirect_uri:{redirect_name}
{code} - is value from success authorization url
{redirect_name} - you can find it on screen below marked with red circle
If you did everything right you should get response from ebay
{
"access_token": "v^1.1#i^1#r^0VbbxW1wjv4HZGAAA",
"expires_in": 7200,
"refresh_token": "v^1.1#i^1#f^0#r^FDQ=",
"refresh_token_expires_in": 47304000,
"token_type": "User Access Token"
}
You should save that data, access_token is used for accessing data, refresh_token is used to refresh access_token.
Example request with authToken
GET https://api.sandbox.ebay.com/sell/fulfillment/v1/order?filter=creationdate:[2022-03-31T08:25:43.511Z..]
You need Authroization header:
Authorization:Bearer v^1.1#i^1#r^0VbbxW1wjv4HZGAAA
That's it I guess. To implement that into your app you need to be able to generate the first url which you are redirected to after clicking "Test Sign-in" and that's basically it.
Btw you refresh token like that
POST https://api.sandbox.ebay.com/identity/v1/oauth2/token
Body x-www-form-urlencoded
grant_type:refresh_token
refresh_token:v^1.1#i^1#f^0#r^FDQ=
Header
Authorization:Basic Base64.encode(AppID + ":" + CertID)
I hope that will help someone. :)
I have a static list of music artists and i want to get the id or screen_name of each one of them in Twitter.
I found this api endpoint: users/search which allows to run a query on Twitter and get all the accounts that match with the query. For example:
https://api.twitter.com/1.1/users/search.json?q=muse
will return all the accounts that match the query "muse".
I need to call this endpoint in client_credentials flow, i don't need any permission by the user (which is only me in any case). The problem is that Twitter returns the following response when i try to access the endpoint in client_credentials flow:
"message": "Your credentials do not allow access to this resource", "code": 220
I have tested other API endpoints such users/show, statuses/retweets, statuses/user_timeline and they all works in client_credentials, just the one i need doesn't work.
Is there anything i can do about that? Or i must change the OAUth flow?
mentioned error,
"{"errors":[{"message":"Your credentials do not allow access to this resource","code":220}]}"
comes when requesting an end point which requires a user context (such as statuses/home_timeline) using application only token.
You can verify whether or not same error comes for end points like statuses/home_timeline or statuses/retweets_of_me. These end points work only in some twitter user context. The end point that you want, users/search, also requires user context.
I am suspecting some issue in obtaining oauth token and secret. How are you getting authorized tokens for a given twitter user account?
i am using this link
https://api.instagram.com/v1/users/[user-id]/relationship?access_token=[ACCESS-TOKEN]
in the above link user_id is the id of the person to whom i want to follow and Access token is created for my app in instagram developer site.
and it give response like
{
"meta":
{
"error_type":"OAuthPermissionsException",
"code":400,
"error_message":"This request requires scope=relationships, but this access token is not authorized with this scope. The user must re-authorize your application with scope=relationships to be granted write permissions."
}
}
i searched on internet and some one told me to add scope=relationships while creating access token i don't know how to do this..
Simple Words
Follow a Instagram user on click of a button .
scope=likes+comments+relationships+basic
use it then you are trying to login
"To request multiple scopes at once, simply separate the scopes by a space. In the url, this equates to an escaped space (“+”)."
https://instagram.com/developer/authentication/
I have used Facebook API but I am new to Linkedin api.
I need some help on how to get information (name, birthday, etc) about my ALL Connections, and I need help with both the token and the info-related API calls.
As for the token -- in Facebook there is the Facebook Console to generate tokens at runtime and test our API calls... Does LinkedIn have something similar?
Update: I'm able to get list of connections using:
http://api.linkedin.com/v1/people/~/connections?modified=new
... but how can I also get birthdates (if shared publicly)? I've attempted:
http://api.linkedin.com/v1/people/~/connections:(headline,first-name,last-name,date-of-birth)
...however, that shows me the first and last name but NOT the date of birth.
You can use the rest console here: http://developer.linkedin.com/rest-console
There is a template method you can use called "Get My Connections".
I hope this helps.
Update: LinkedIn has restricted their open API access, and this no longer works.
https://apigee.com/console/linkedin
Select OAuth2, click connect, then allow LinkedIn to privede apigee to your LI profile. Then in the left collumn, select Get My Connections. apigee prepares most of params, except format (xml/json), which you can add yourself.
Looks like now no such API available(Looks like depricated by Linkedin). Please let me know if i am wrong and suggest other ways to achieve user's connections.
I am getting this in response
{
"errorCode": 0,
"message": "Access to connections denied",
"requestId": "6Sxxxxxxx",
"status": 403,
"timestamp": 14xxxxxxxxx
}
Please see : https://developer.linkedin.com/support/developer-program-transition
I think what you are looking for, is the Linkedin Connections API. You can look at the documentation provided here -> http://developer.linkedin.com/documents/connections-api
There are also various other APIs for accessing profile, groups, companies, and jobs.
It returns an XML document so, you should be able to generate tokens and test your API calls without any problem.
These APIs are no longer available
2019 still works but with a different approach.
Do this:
You may follow the steps from here:
https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin/consumer/context
1 - Create an APP with r_1st_connections permission
2 - Authorization (STEP 2 from link)
GET https://www.linkedin.com/oauth/v2/authorization
scope should be r_1st_connections (your app must have this permission)
3 - Log in with your username and password
4 - Linkedin will return you code
something like: ?code=QWERTY
5 - Get your Access Token (STEP 3 from link)
POST https://www.linkedin.com/oauth/v2/accessToken
6 - Get your connections
GET https://api.linkedin.com/v2/connections?q=viewer&start=0&count=50
Link: https://learn.microsoft.com/en-us/linkedin/shared/integrations/people/connections-api?context=linkedin/compliance/context
I am quite new in Facebook application development. I was playing the all day with "how to post a message on the wall of a page?". I finally succeeded but each message got "via Graph API Explorer". I tried to find how to change it to my application name without success. I tried to see if I could force the value of application in the api command but it did not take it into account. Maybe I miss something :( If someone can help, that would be great!
I am still quite confused. Let me try to explain what I want to do: I would like to automatically publish on a page (as the page) some event that are defined on a website (in a kind of agenda). What I miss, I think, is how everything is working together on Facebook side:
1. the login process: as the application will run in a cron, this should not display a login dialog box.
2. the access token: application or page one?
3. the permissions: from my understanding, I need manage_pages (and publish_stream) but not clear how this should be set.
Thx for any clarification and maybe a clear example :o)
You need the user to authorise your own App using one of the Login flows and grant you one of the publishing Permissions -
If it says 'via Graph API Explorer' on the posts your app makes you're using the access token you retrieved when you were testing the API using the Graph API Explorer tool, not one produced by your own app
OK I think I have finally found the way to do it. I needed a page access code and not an application access code. The token must be generated outside the application as a long live one.
Get a code using:
https://www.facebook.com/dialog/oauth?client_id={app_id}&redirect_uri={my_url}&scope=manage_pages,publish_stream
app_id is your application ID
my_url is your application URL
scope is the permission you want to be granted
In the redirected URL, you will have a code parameter. Copy it.
Generate the user access code using:
https://graph.facebook.com/oauth/access_token?client_id={app_id}&redirect_uri={my_url}&client_secret={app_secret}&code={code}
app_secret is your application secret key
code is the code from step 1
You will get as output the user access token. This one is a short live one.
convert the short live to a long live user access token using:
https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id={app_id}&client_secret={app_secret}&fb_exchange_token={short live access token}
Replace the "short live access token" by the one you got on step 2
You will get as output the infinite user access token.
Get the page access token (this one will be infinite access token as
the user access token is now an infinite access token too):
https://graph.facebook.com/me/accounts?access_token={infinite user access token}
Replace the "infinite user access token" with the value you got on step 3.
This command will list all the pages you administer. The output contains the page access token you need in field "access_token". You can so use this token in any API command in your application.
The best of the best is to do all those steps via a server side program (PHP for me) as the application secret key should remain "secret".