I'm working on setting up a flow that will make an API request against a protected API. Since it requires authentication, I'm using HTTP with Azure AD. I'm able to sign in correctly, and I appear to be getting an authorization code:
I'd like to exchange this code for an access token so I am invoking this HTTP request:
It's complaining about the Headers not being a valid json. I'm also not sure what to include in the Body to exchange the authorization code for an access token.
Since I don't know much about this connector, so I'm sorry that I can't explain to you why your API calls still require logging in(which you asked in previous post). But if just for the questions and screenshot you provided above, I can provide some suggestions for your reference.
In you power-automate, you can add a "Initialize variable" action to initialize a variable named "header" and set the value shown as below screenshot:
Then you can use "Parse JSON" action to parse this variable(convert it to json format)
Now you can use the "Body" from the "Parse JSON" as the value of the "Headers" box in your "Invoke an HTTP request". It will solve the issue of headers not being a valid json.
For the value of "Body of the request", you can put the value as I provided in the previous post:
grant_type=password&client_id=xxxxx&scope=xxxxx&username=xxxxx&password=xxxxxclient_secret=xxxxx
Hope it would be helpful to your problem~
Related
I am a beginner in JMeter, trying to perform load test to my Rest API. First, the Get request gets the access_token as below:
Then the following Post request runs with that authorization token to produce the Json, but I am missing something so the Post Request is failing as Authentication denied as below,
Added the Regular expression extractor to extract the token from the Get request's response as below:
Then storing it in the HTTP Header Manager in a variable as below
I am missing to link the value to the Post request, I dont know how to do it, please help.
In header manager, instead of access_token, the header name should be Authorization. Please reconfirm this with developer team / retry this same request in postman
The regex expression used should look something like this
"access_token":"(.*?)"
Also, another pro tip: because the response to getToken api call is JSON, you can use JSON Post Processor to extract the access_token by saying something like $.access_token. It is much clean way to process JSON object.
Which is the right approach to send user credentials from the front end to the backend server?
I see examples where some developers use the authorization headers and some pass the credentials in the POST body.
Credentials usually go to the request body once, when trying log in.
You should receive a token in return, although whether you send this token via HTTP header, request body or as a GET param is up to you ( or the protocol you are implementing ).
It's generally a good practice to use the header, because GET requests shouldn't include request body and passing the token as a GET parameter may not always be an option ( e.g. due to the token appearing in various logs ).
Either way, I would advise you to avoid trying to implement your own protocol and use an existing standard instead.
The only safe method for a website to transfer a password to the server is using HTTPS/SSL. If the connection itself is not encrypted, a ManInTheMiddle can modify or strip away any JavaScript sent to the client. So you cannot rely on client-side hashing.
Moreover always use headers for sending sensitive data like USER-ID, API-KEY, AUTH-TOKENS
You can refer to this stack question also link for more information and this link
I'm trying to test my API with Identity Server Asp.net Core using Postman.
This is the way that I'm trying to do:
First request HttpGet to https://localhost:5000/Account/Login and in response body I received: <input name="__RequestVerificationToken" type="hidden" value="CfDJ8MoS9upoM4dNp8Kx-AdvA-uYr13_PAkuMZpzYMV8UmxZq5GdLTvN-Ht5NpTLmPtlhL5d5z2Hu2vUJoJGhk1AMlARDcOwqgq7Cef1dfQL_vl4tIFM4kx9RZPz8DHU26-U9qLnKAIstZgR42-1FuGNh24" />
And in Cookie (not sure for what it is though):
Then HttpPost to https://localhost:5000/Account/Login with RequestVerificationToken with token received from body HttpGet request.
And always error 400 as you can see at screen shot above.
In Visual studio I can see that some request was catched but clearly was incorrect.
If I'll remove attribute [ValidateAntiForgeryToken] then of course everything works fine but obviously because that validation is disabled.
You'd need to do followings to send such a request:
1.) Enter __RequestVerificationToken key value (don't forget double underscores) into x-www-form-urlencoded
2.) You need to add .AspNetCore.Antiforgery cookie to the Cookies section in Postman.
For example like this
.AspNetCore.Antiforgery.1XHiLFgQI2w=your cookie value; Path=/; Domain=localhost;Expires=Session;
You can find .AspNetCore.Antiforgery cookie in Application section in Google Developer Tools
.AspNetCore.Antiforgery cookie in Google Developer Tools picture
Add cookie in Postman picture
Just spent a lot of time on this.
I did several things:
Setup an Environment and added a variable.
Added a pre-request script that...
Uses pm.SendRequest to Get the page
uses cheerio to find the first input field named __RequestVerificationToken and get its value
set the environmental variable to the value retrieved from the field
send the form data (since I'm using asp.net core, the values for the model), as x-www-form-urlencoded
and last, but not least, I added __RequestVerificationToken as one of the key value pairs in the form data and set it to the use the variable already setup
The main reason I am posting this answer is the last, I saw a lot of things on the web that indicated that name was supposed to be RequestVerificationToken, and that doesn't work, just leads to a 400 response (bad request).
In postman, you’d need to set the content type to form url encoded.
And send the request Verification token in the header as "RequestVerificationToken"
However, if you just need a Bearer token then you need to call
POST https://<your identity server>/connect/token with the
Hi I am using postman client for Chrome to run my rest api calls. I am trying to update issue in JIRA via rest API. I have referred to JIRA API also for updating an issue.
I am using PUT method to update an issue fields. Here is the syntax.
PUT /rest/api/2/issue/{issueIdOrKey}
I am trying to update summary field like this.
{"update":{"summary":[{"set":"Bug in business logic"}]}}
But it is giving me the 400 bad request error.
and in the body its showing message "No content to map to Object due to end of input".
Please find the attached screenshot for more reference. Thanks in Advance.Jira Update issue
In postman rest API client, add the json object to Body as in the below picture.
I added authorization as Basic Authorization and provided JIRA credentials.
Note that the body should be raw and type should be JSON(application/json) instead of Text(default).
Response for this PUT request is 204 when update is successful.
Here is REST API Documentation for additional options.
I'm trying to use the Survey API.
When I try and use the form online to request an Authorization token I get a
error message.
Invalid or missing access token" error message.
The form to test the API calls also asks for a Client Secret code but yet it auto fills the box with the API Key.
Any help here would be nice.
I'm not sure if this is a bug on Survey Monkey's end either in the API or the form that tests the API.
You should have received a reply to this via email but I wanted to ensure this was answered here in case anyone else is having the same issue.
There was a bug on our API console preventing an access token being issued, this is now fixed.
The access token has to be copied into the "Authorization" parameter in the format "bearer ". e.g. if your access token is 'fdhjfu3cc8ss=', make sure the Authorization parameter has "bearer fdhjfu3cc8ss=" in it (with no quotes). Note that you need to use the Access Token returned, not the Authorization Code.