I have some problem with Postman.
If I use curl via command window - everything works fine:
curl -H "Authorization: Token *************************" http://localhost:8000/me/
I have some access to my data.
How to use this token via Postman?
I was trying and I still have error like:
{
"detail": "Authentication credentials were not provided."
}
Have a nice evening!
Ok, I was using the Authorization or Body Field - That was the problem.
If you want to do it just use Headers Field and:
As Key set "Authorization"
and
As Value "Token <your_token>"
Related
Due to the new updates of the Soundcloud API, I'm trying to update the authentication flow in my code ( the project was using login and password ).
But I'm blocked by a problem, and I'm losing my head.
I follow instructions on this page : https://developers.soundcloud.com/blog/security-updates-api
I manage to get a refresh token and an access token with this :
curl --request POST \
--url https://api.soundcloud.com/oauth2/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data client_id=CLIENT_ID \
--data client_secret=CLIENT_SECRET \
--data grant_type=client_credentials
But I'm not able to execute this request, which is an example in the mentionned page, with the access token I got with the previous request :
curl --request GET \
--url 'https://api.soundcloud.com/me/tracks?limit=1' \
--header 'Authorization: OAuth ACCESS_TOKEN'
The request response is always :{"code":401,"message":"","link":"https://developers.soundcloud.com/docs/api/explorer/open-api","status":"401 - Unauthorized","errors":[],"error":null}
I tried with a refresh of my access token, and with the url "https://api.soundcloud.com/me" instead of "https://api.soundcloud.com/me/tracks?limit=1".
And always returning the same error.
Can someone help me ?
Thanks by advance, and thanks for reading.
OK, I think I got it, thanks to this question on github :
https://github.com/soundcloud/api/issues/76
"The client_credentials auth flow is meant only for server-side integration and allows access to public endpoints only. Meaning that for endpoint /me or any other user-related endpoint you have to use the Authorization Code flow which provides the client-side integration."
And here : https://developers.soundcloud.com/docs/api/guide#authentication :
"if your app needs to access only public resources, you can use the OAuth Client Credentials Flow"
I'm done with the error messages too blurry... and with me reading too fast !
I will add the correct authentication method in comments later.
UPDATE : "manual" authentication flow
As the project is behind a VPN, I can't use normal authentication flow ( redirect_uri can't be called by soundcloud !)
So :
Get a "code"
First, authenticate on SoundCloud with the account you want to access ( or ask your customer to do it )
In your browser, type this url :
https://api.soundcloud.com/connect?client_id=YOUR_CLIENT_ID&response_type=code&scope=&state=[random_string]&redirect_uri=YOUR_REDIRECT_URI
Accept the demand and this will redirect you to an URL with the code inside : code=YOUR_CODE. Keep it. If this is done by your customer, simply ask him to copy-paste the url.
That's not really secure, but you can't avoid it if your redirect uri is not accessible from Soundcloud.
Obtain a refresh token and an access token :
With curl, to keep your Client Secret, or App Secret, secret ( indeed :D ). And also the access token.
curl -X POST "https://api.soundcloud.com/oauth2/token"
-H "accept: application/json; charset=utf-8"
-H "Content-Type: application/x-www-form-urlencoded"
-d "grant_type=authorization_code&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&redirect_uri=YOUR_REDIRECT_URI&code=YOUR_CODE"
This last request will answer in json format. Inside, you'll find an access token, and a refresh token.
Register the refresh token in your projet to reuse it to refresh your access token when needed !
How to present this string as a GraphQL query
curl -H "Authorization: bearer token" https://api.github.com/graphql
Help me please
You can follow "Forming Calls with GraphQL", which involves "Creating a personal access token for the command line" to get a token.
Your header should then be: Authorization: bearer xxx, with xxx being the token you have generated.
As a concrete example: "Get started with GitHub GraphQL API".
Iam trying to get the Channel Subs of a Channel with the following call:
https://api.twitch.tv/kraken/channels/<CHANNELID>/subscriptions?client_id=XXX&oauth_token=XXX
But i get always this response:
{
"error": "Forbidden",
"status": 403,
"message": "Unable to access channel subscribers of <CHANNEL>"
}
Can you please tell me, what I need to pass, that i get the permissions?
Thanks, Greetings
If you are using new Twitch API you should send token in your authorization header starting with Bearer keyword. If you are using API v5 then you should add Oauth keyword. In your example you are trying to send it in query parameters.
Select the one which is correct for you.
In the new Twitch API:
curl -H "Authorization: Bearer <access token>" https://api.twitch.tv/helix/
In Twitch API v5:
curl -H "Authorization: OAuth <access token>" https://api.twitch.tv/kraken/
You can also find more information in the official documentation: https://dev.twitch.tv/docs/authentication/
I am trying to implement DocuSign OAuth by Authorization Code Grant.
Firstly what I am trying to do:
Make GET request to https://account-d.docusign.com/oauth/auth?response_type=token&scope=signature&client_id=71d5e08f-299d-480a-9520-74d2e5083008&state=a39fh23hnf23&redirect_uri=http://localhost/callback
When i have got token i am trying to make POST request by CURL
curl -i -v -d "grant_type=authorization_code&code=eyJ0eXAiOiJNVCIsImFsZyI6IlJTMjU2Iiwia2lkIjoiNjgxODVmZjEtNGU1MS00Y2U5LWFmMWMtNjg5ODEyMjAzMzE3In0.AQkAAAABAAYABwAABDYucBzVSAgAAJC8dXAc1UgCAISmNWgyUw9Hlk8ldzq-z2gNACQAAAA3MWQ1ZTA4Zi0yOTlkLTQ4MGEtOTUyMC03NGQyZTUwODMwMDgVAAEAAAASAAAAAAAYAAEAAAAFAAAAIAAABDYucBzVSA.0yPv4mlsiuab6ZlC11k_s9rR5gLO0Z1aEoHlyXrE30ba3LD6qBaqqVFcdQDJ3tagx0-6rg48fENjpkglkELnZG7tmF2AZYR98DUYgbot4OMnj0Y0Q-QhhqLvOe6SJmYxfYqCxBC03FVBjH9gTvCVD7kb0msN23-pw5WGRi5p209gNhr-YDv0wb9jwMJdNC-z5QSW0D5qgkbP5HKjIxgITG_qNCyO3CWPvlJIG8u1Wh1oB-EL4JI5fUZSNlipEpZRKG0jU9cbZbO8DaeEhZzfL54wc38r4luN-2XJx1yL48p4HgNP2ujWJAIJiJpy_-TnmMHTHzp3YTaPB7Swus_Leg" -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Basic NzFkNWUwOGYtMjk5ZC00ODBhLTk1MjAtNzRkMmU1MDgzMDA4OjY5MDcwMGI4LTAxMmQtNGU1My05N2FlLTVhNmFkNjg3OWVkYg==" -X POST https://account-d.docusign.com/oauth/token
And always I am getting the same message : "invalid_grant"
I have checked all params twice, and i know about that question DocuSign authorization code grant flow gets invalid_grant error about the same situation, it is not marked as answered
Can anyone explan me what i am doing wrong?
You are mixing two type Authorization Code Grant and Implicit Code Grant, in your first GET URL, you are passing response_type=token instead it should be response_type=code, once you will change response_type from token to code then it will work.
I want to make app based on youtube channel. I have google access token but I don't know how to call youtube api with my access token or how to pass parameters.
This is my code:
NSString *newURL = [NSString stringWithFormat:#"googleapis.com/youtube/v3/…;, idToken];
As discussed in Calling the YouTube Data API, after obtaining an access token for a user, your application can use that token to submit authorized API requests on that user's behalf. The following are the two supported ways to specify an access token.
This first option provides greater security and is the recommended approach. Specify the access token as the value of the Authorization: Bearer HTTP request header:
`POST /feeds/api/users/default/uploads HTTP/1.1
Host: gdata.youtube.com
Authorization: Bearer ACCESS_TOKEN
...`
You can test this using cURL with the following command:
curl -H "Authorization: Bearer ACCESS_TOKEN" gdata.youtube.com/feeds/api/users/default/uploads
Specify the access token as the value of the access_token query parameter:
https://gdata.youtube.com/feeds/api/users/default/uploads?access_token=ACCESS_TOKEN
You can test this using cURL with the following command:
curl gdata.youtube.com/feeds/api/users/default/uploads?access_token=YOUR_ACCESS_TOKEN