I able to create a ticket in OSticket by using api as below:
Header:
- Content-type : application/json
- X-API-Key : 11CB7DD1E1F02123XX0696C455053BFB
Body
{
"alert": true,
"autorespond": false,
"source": "API",
"name": "User Name",
"email": "ifwat#gmail.com",
"phone": "0178791211",
"subject": "Create ticket using API",
"ip": "10.224.16.*",
"message": "data:text/html,MESSAGE <b>User create using api</b>"
}
One X-API-Key for one IP address. Since I use this API in chatbot and install it in the same server with OSticket so I don't have to worry about the user's IP. By right my IP will be the same all the time.
But it's weird because the IP keep rotate between 10.224.16.4 and 10.22.16.5
So it will come out with "INVALID API KEY" when the X-API-Key is not for that IP.
when its failed I have to re-try again until 3 times then it will rotate and using ..*.4
Then after 2-3 times call this API it will change the API again to ..*.5
Please advise what should I do to make it the API never change and only use one either ..*.4 or ..*.5
Related
So I know there's several SDK packages for many languages available for nHost, however I need to create my own interface to the system since the language I'll be using isn't typical.
I basically just need to know how to interact with authentication endpoints, send a users un/pw and recieve a JWT token. I've been successfully able to do this with aws Cognito, but I'd like to explore this instead.
I'm also not sure if I'm using the right base url, here's my thought so far:
https://kbvlufgpikkxbfkzkbeg.nhost.run/auth/login
So I would POST to there with some json in the body with the un/pw stuff, and the response should be the jwt token right?
I get a "resource does not exist" response from the above, however, so obviously I'm not forming the url correctly in the first place.
Thanks for the help!
Nhost supports multiple sign-on methods.
For example, using the email+password method, you would send:
POST https://xxxxxxxxxxxxx.nhost.run/v1/auth/signin/email-password
{"email":"foo#example.com","password":"bar"}
and the response:
{
"session": {
"accessToken": "somejwt....",
"accessTokenExpiresIn": 900,
"refreshToken": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"user": {
"id": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"createdAt": "2022-09-17T19:13:15.440221+00:00",
"displayName": "foo#example.com",
"avatarUrl": "",
"locale": "en",
"email": "foo#example.com",
"isAnonymous": false,
"defaultRole": "user",
"metadata": {},
"emailVerified": true,
"phoneNumber": null,
"phoneNumberVerified": false,
"activeMfaType": null,
"roles": [
"user",
"me"
]
}
},
"mfa": null
}
The JWT is short-term, when it expires, the refresh token is used to get a new one.
The Nhost JavaScript SDK handles it automatically for you, that's a big benefit to the platform (in addition to being integrated with Hasura). If you are trying to port it to another unsupported language, you'd have to reimplement it. Probably by reading the library and/or running one of their sample client application and reverse-engineering the HTTP over the wire.
I have setup a two way communication between business account and customer using whatsapp business apis. I am having trouble understanding media providers that there documentation talks about for sending text message to customer with image/media.
Heres the link to it: https://developers.facebook.com/docs/whatsapp/api/settings/media-providers/
Who are these providers? are they some specified organisation?
I am currently storing the media files in AWS S3 using some pre-signed url method. Can I use media stored in S3 in whatsapp media message?.
An example would be great help.
According to the Whatsapp API media messages documentation, there are two ways of sending an image outbound message:
Send the image by its Media ID
Send the image by its URL
When choosing 2, sending it by its URL, sometimes you may need to setup a Media Provider settings if the images URL you reference is not directly accessible and requires a username/password authentication or even a bearer token. (check https://developers.facebook.com/docs/whatsapp/api/messages).
Sending images by Media ID
To send it by ID, you need first to upload the image file using the POST /v1/media endpoint. That will return the Media-ID (e.g: 456) that you should use to compose the message object on the POST /v1/messages/ endpoint, like this:
{
"to": "1234567",
"type": "image",
"recipient_type": "individual",
"image": {
"caption": "The image caption",
"id": "456"
}
}
Sending images by URL
When sending it by URL, you can simply inform the URL of a image file (e.g.: http://yourcompany.com/images/your_image.png) on the link field of the POST /v1/messages/ endpoint, just like this:
{
"to": "1234567",
"type": "image",
"recipient_type": "individual",
"image": {
"caption": "The image caption",
"link": "http://yourcompany.com/images/your_image.png"
}
}
What if the URL http://yourcompany.com/images/your_image.png is behind some authentication on the server? (username/password ou maybe a bearer token). Then you need first to setup a Media Provider with such credentials, using the POST /v1/settings/application/media/providers endpoint, like this:
[{
"name": "yourcompany-images",
"type": "www",
"config": {
"basic": {
"username": "the-username",
"password": "the-password"
}
}
}
]
Once you have this set up on your API, then you are able to reference this Media Provider by its name on the POST /v1/messages/ endpoint, like this:
{
"to": "1234567",
"type": "image",
"recipient_type": "individual",
"image": {
"caption": "The image caption",
"link": "http://yourcompany.com/images/your_image.png"
"provider": {
"name" : "yourcompany-images"
}
}
}
Using S3 pre-signed URLs as image links
You have to consider that pre-signed URLs are temporary links that will expire after a while. It can work when everything is fine with you Whatsapp API Client and the message is promptly received by the recipient. But if something goes wrong on this chain, maybe the Whatsapp API will try to download the image again later. So keep this in mind and try to create pre-signed URLs with long expiration time (maybe a 7 day expiration link using IAM User as explained here).
I have an angular 6 application which makes requests to various oauth2 providers. I’ve managed to successfully request access tokens from these providers using the implicit grant type (will be working on authorization code soon). Now I’m trying to find a list of API endpoints that I can test the access tokens with. For example, requesting user profile information from Google.
So far, I’ve been able to get access tokens from the following providers:
Google (https://accounts.google.com)
Anilist (http://anilist.co)
OneDrive (https://login.live.com)
DropBox (https://www.dropbox.com)
Does anyone know any publicly accessible API endpoints for any of the above (or any other oauth2 provider) that I can test with?
Thanks
Here is how you can answer your question for Google.
You first connect to the Google API explorer web application: https://developers.google.com/apis-explorer/#p/
This web page helps you browse the many Google APIs. So, search for an API named API Discovery Service. It will answer an API that provides information about other Google APIs, such as what APIs are available, the resource, and method details for each API.
Therefore, to get a list of every APIs, you can call the list entry point of this API Discovery Service here: https://www.googleapis.com/discovery/v1/apis?preferred=true
Here is the beginning of the result:
{
"kind": "discovery#directoryList",
"discoveryVersion": "v1",
"items": [
{
"kind": "discovery#directoryItem",
"id": "abusiveexperiencereport:v1",
"name": "abusiveexperiencereport",
"version": "v1",
"title": "Abusive Experience Report API",
"description": "Views Abusive Experience Report data, and gets a list of sites that have a significant number of abusive experiences.",
"discoveryRestUrl": "https://abusiveexperiencereport.googleapis.com/$discovery/rest?version=v1",
"icons": {
"x16": "https://www.gstatic.com/images/branding/product/1x/googleg_16dp.png",
"x32": "https://www.gstatic.com/images/branding/product/1x/googleg_32dp.png"
},
"documentationLink": "https://developers.google.com/abusive-experience-report/",
"preferred": true
},
[...]
On each of those APIs listed by the previous call, the discoveryRestUrl field gives you an URL on which you can get informations like the entrypoint of the corresponding API.
For instance, you can find that the GMail API is described here: https://www.googleapis.com/discovery/v1/apis/gmail/v1/rest
In the output, extract the OAuth2 part from the auth entry to get the scopes:
"auth": {
"oauth2": {
"scopes": {
"https://mail.google.com/": {
"description": "Read, compose, send, and permanently delete all your email from Gmail"
},
"https://www.googleapis.com/auth/gmail.compose": {
"description": "Manage drafts and send emails"
},
"https://www.googleapis.com/auth/gmail.insert": {
"description": "Insert mail into your mailbox"
},
"https://www.googleapis.com/auth/gmail.labels": {
"description": "Manage mailbox labels"
},
"https://www.googleapis.com/auth/gmail.metadata": {
"description": "View your email message metadata such as labels and headers, but not the email body"
},
"https://www.googleapis.com/auth/gmail.modify": {
"description": "View and modify but not delete your email"
},
"https://www.googleapis.com/auth/gmail.readonly": {
"description": "View your email messages and settings"
},
"https://www.googleapis.com/auth/gmail.send": {
"description": "Send email on your behalf"
},
"https://www.googleapis.com/auth/gmail.settings.basic": {
"description": "Manage your basic mail settings"
},
"https://www.googleapis.com/auth/gmail.settings.sharing": {
"description": "Manage your sensitive mail settings, including who can manage your mail"
}
}
}
},
In the description, you will also find the endpoint for the GMail API : https://www.googleapis.com/gmail/v1/users/
Finally, you can access this API by means of OAuth2.
NOTE: every scopes associated with one or several APIs are listed here: https://developers.google.com/identity/protocols/googlescopes
I have a instance of User and instance of Role attached to it. Both are basic models provided from Loopback and they show up in RoleMapping and they work in ACL fine.
So, lets say I logg user in from my Vue client, then I get the response containing the access token in id field so I can make further auth requests, how do I then retrieve basic user info from that access token. Is there a way of parsing it or should I somehow modify the /login remote hook?
Any thoughts?
you need to call the login api with "include" option
/api/users/login?include=User
in response you will get something like this
{
"id": "CZY4lbJbJ2J6DrEIAjYAHfTEZbLMC2tWpyM7sZaKs7rZ1PhIY3mycua0kOHlDXfR",
"ttl": 1209600,
"created": "2018-01-21T17:01:20.183Z",
"userId": "5a3e614339e67f0e580642af",
"user": {
"createdAt": "2017-12-23T13:59:31.314Z",
"email": "dummy#dummy.co",
"id": "5a3e614339e67f0e580642af",
"name": "dummy",
}
you can try it in explorer
https://anypoint.mulesoft.com/apiplatform/anypoint-platform/#/portals/organizations/68ef9520-24e9-4cf2-b2f5-620025690913/apis/8617/versions/40329/pages/35412
/applications/{domain}/logs Traits: environment_based
Retrieve log messages for the application, ordered newest to oldest.
I am trying to access this api but am unable to relate what client id does it ask. Also I am unable to relate to oauth authentication this needs.
I am new to mule.
i am sharing the steps by step instructions to access the details of apps from api.
Step 1 : Get the access token from the Api
https://anypoint.mulesoft.com/accounts/login?username=YOUR_USERNAME&password=YOUR_PASSWORD
NOTE : Use POST method and add Header Content-Type=application/json
You will get response in JSON format like below
{
"access_token": "44126898-7ed8-4453-8d28-skajnbf",
"token_type": "bearer",
"redirectUrl": "/home/"
}
Step 2: Get your organization id
https://anypoint.mulesoft.com/accounts/api/me
NOTE : Use GET method and add below Headers
Content-Type = application/json
Authorization = Bearer ACCESS_TOKE_YOU_GOT_ABOVE
Example : Authorization = Bearer 44126898-7ed8-4453-8d28-skajnbf
In the response you will have a section where you will get you organization related details like below
"organization": {
"name": "Sample",
"id": "c1e68d1e-797d-47a5-b",
"createdAt": "2016-11-29T09:45:27.903Z",
"updatedAt": "2016-11-29T09:45:27.932Z",
"ownerId": "68df9a5",
"clientId": "7200350999564690",
"domain": "******",
"idprovider_id": "mulesoft",
"isFederated": false,
"parentOrganizationIds": [],
"subOrganizationIds": [],
"tenantOrganizationIds": [],
"isMaster": true,
"subscription": {
"type": "Trial",
"expiration": "2016-12-29T09:45:27.906Z"
},
Step 3: Get the environment Details
https://anypoint.mulesoft.com/accounts/api/organizations/YOUR_ORGANIZATION_ID_FROM_ABOVE/environments
NOTE : Use GET method and add below Headers
Content-Type = application/json
Authorization = Bearer ACCESS_TOKE_YOU_GOT_ABOVE
Example : https://anypoint.mulesoft.com/accounts/api/organizations/c1e68d1e-797d-47a5-b/environments
You will get all available environments in the response in JSON format as below
{
"data": [
{
"id": "042c933d-82ec-453c-99b2-asmbd",
"name": "Production",
"organizationId": "c1e68d1e-797d-47a5-b726-77asd",
"isProduction": true
}
],
"total": 1
}
Step 4: Now specify the domain name and fetch the logs
https://anypoint.mulesoft.com/cloudhub/api/v2/applications/YOUR_CLOUDHUB_APP_NAME/logs
Example : https://anypoint.mulesoft.com/cloudhub/api/v2/applications/first-test-api-application/logs
NOTE : Use GET method and add below Headers
Content-Type = application/json
Authorization = Bearer ACCESS_TOKE_YOU_GOT_ABOVE
X-ANYPNT-ENV-ID = ENVIRONMENT_ID_YOU_GOT_ABOVE
Example : X-ANYPNT-ENV-ID = 042c933d-82ec-453c-99b2-asmbd
You will get the logs in JSON format as below
{
"data": [
{
"loggerName": "Platform",
"threadName": "system",
"timestamp": 1480503796819,
"message": "Deploying application to 1 workers.",
"priority": "SYSTEM",
"instanceId": "583eb1f1c4b27"
},
{
"loggerName": "Platform",
"threadName": "system",
"timestamp": 1480503797404,
"message": "Provisioning CloudHub worker...",
"priority": "SYSTEM",
"instanceId": "583eb1f1e4b27"
}
],
"total": 2
}
NOTE : FOR ENHANCED LOGGING YOU SHOULD SELECT APPROPRIATE DEPLOYMENT AND INSTANCE IDs TO GET LOGS IN SIMILAR MANNER
Hope this Helps for Beginners
To see the clientID. Log into your CloudHub account. Click on the "gear" icon in the upper right corner. Click on the name of your organisation. you should now see your "clientID" and the "ClientSecret" ID.
Before you use the CloudHub APIs or the Anypoint platform APIs you have to create an account on the Anypoint Platform - Check the architecture of the Anypoint API platform #
https://docs.mulesoft.com/anypoint-platform-for-apis/anypoint-platform-for-apis-system-architecture
Once your are done with the registration with the Anypoint API platform you need to set up users, roles & privileges as an admin -
https://docs.mulesoft.com/anypoint-platform-administration/managing-accounts-roles-and-permissions
As admin you need to control access to APIs by creating & supplying client Id and client Secret - https://docs.mulesoft.com/anypoint-platform-administration/manage-your-organization-and-business-groups
I guess that's the client you referring to. It needs to be present in the request for all the APIs.
As far as OAuth is concerned, it is not completely functional on Cloudhub API. You will have to raise a ticket for support. Check this out -
https://docs.mulesoft.com/mule-user-guide/v/3.7/mule-secure-token-service
If you are new to Mule, run through the Mule Intro videos and try out the Anypoint Studio to get feel of Mulesoft Applications.
Hope this helps.