How to present this string as a GraphQL query
curl -H "Authorization: bearer token" https://api.github.com/graphql
Help me please
You can follow "Forming Calls with GraphQL", which involves "Creating a personal access token for the command line" to get a token.
Your header should then be: Authorization: bearer xxx, with xxx being the token you have generated.
As a concrete example: "Get started with GitHub GraphQL API".
Related
Due to the new updates of the Soundcloud API, I'm trying to update the authentication flow in my code ( the project was using login and password ).
But I'm blocked by a problem, and I'm losing my head.
I follow instructions on this page : https://developers.soundcloud.com/blog/security-updates-api
I manage to get a refresh token and an access token with this :
curl --request POST \
--url https://api.soundcloud.com/oauth2/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data client_id=CLIENT_ID \
--data client_secret=CLIENT_SECRET \
--data grant_type=client_credentials
But I'm not able to execute this request, which is an example in the mentionned page, with the access token I got with the previous request :
curl --request GET \
--url 'https://api.soundcloud.com/me/tracks?limit=1' \
--header 'Authorization: OAuth ACCESS_TOKEN'
The request response is always :{"code":401,"message":"","link":"https://developers.soundcloud.com/docs/api/explorer/open-api","status":"401 - Unauthorized","errors":[],"error":null}
I tried with a refresh of my access token, and with the url "https://api.soundcloud.com/me" instead of "https://api.soundcloud.com/me/tracks?limit=1".
And always returning the same error.
Can someone help me ?
Thanks by advance, and thanks for reading.
OK, I think I got it, thanks to this question on github :
https://github.com/soundcloud/api/issues/76
"The client_credentials auth flow is meant only for server-side integration and allows access to public endpoints only. Meaning that for endpoint /me or any other user-related endpoint you have to use the Authorization Code flow which provides the client-side integration."
And here : https://developers.soundcloud.com/docs/api/guide#authentication :
"if your app needs to access only public resources, you can use the OAuth Client Credentials Flow"
I'm done with the error messages too blurry... and with me reading too fast !
I will add the correct authentication method in comments later.
UPDATE : "manual" authentication flow
As the project is behind a VPN, I can't use normal authentication flow ( redirect_uri can't be called by soundcloud !)
So :
Get a "code"
First, authenticate on SoundCloud with the account you want to access ( or ask your customer to do it )
In your browser, type this url :
https://api.soundcloud.com/connect?client_id=YOUR_CLIENT_ID&response_type=code&scope=&state=[random_string]&redirect_uri=YOUR_REDIRECT_URI
Accept the demand and this will redirect you to an URL with the code inside : code=YOUR_CODE. Keep it. If this is done by your customer, simply ask him to copy-paste the url.
That's not really secure, but you can't avoid it if your redirect uri is not accessible from Soundcloud.
Obtain a refresh token and an access token :
With curl, to keep your Client Secret, or App Secret, secret ( indeed :D ). And also the access token.
curl -X POST "https://api.soundcloud.com/oauth2/token"
-H "accept: application/json; charset=utf-8"
-H "Content-Type: application/x-www-form-urlencoded"
-d "grant_type=authorization_code&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&redirect_uri=YOUR_REDIRECT_URI&code=YOUR_CODE"
This last request will answer in json format. Inside, you'll find an access token, and a refresh token.
Register the refresh token in your projet to reuse it to refresh your access token when needed !
I have some problem with Postman.
If I use curl via command window - everything works fine:
curl -H "Authorization: Token *************************" http://localhost:8000/me/
I have some access to my data.
How to use this token via Postman?
I was trying and I still have error like:
{
"detail": "Authentication credentials were not provided."
}
Have a nice evening!
Ok, I was using the Authorization or Body Field - That was the problem.
If you want to do it just use Headers Field and:
As Key set "Authorization"
and
As Value "Token <your_token>"
Iam trying to get the Channel Subs of a Channel with the following call:
https://api.twitch.tv/kraken/channels/<CHANNELID>/subscriptions?client_id=XXX&oauth_token=XXX
But i get always this response:
{
"error": "Forbidden",
"status": 403,
"message": "Unable to access channel subscribers of <CHANNEL>"
}
Can you please tell me, what I need to pass, that i get the permissions?
Thanks, Greetings
If you are using new Twitch API you should send token in your authorization header starting with Bearer keyword. If you are using API v5 then you should add Oauth keyword. In your example you are trying to send it in query parameters.
Select the one which is correct for you.
In the new Twitch API:
curl -H "Authorization: Bearer <access token>" https://api.twitch.tv/helix/
In Twitch API v5:
curl -H "Authorization: OAuth <access token>" https://api.twitch.tv/kraken/
You can also find more information in the official documentation: https://dev.twitch.tv/docs/authentication/
I am trying to implement DocuSign OAuth by Authorization Code Grant.
Firstly what I am trying to do:
Make GET request to https://account-d.docusign.com/oauth/auth?response_type=token&scope=signature&client_id=71d5e08f-299d-480a-9520-74d2e5083008&state=a39fh23hnf23&redirect_uri=http://localhost/callback
When i have got token i am trying to make POST request by CURL
curl -i -v -d "grant_type=authorization_code&code=eyJ0eXAiOiJNVCIsImFsZyI6IlJTMjU2Iiwia2lkIjoiNjgxODVmZjEtNGU1MS00Y2U5LWFmMWMtNjg5ODEyMjAzMzE3In0.AQkAAAABAAYABwAABDYucBzVSAgAAJC8dXAc1UgCAISmNWgyUw9Hlk8ldzq-z2gNACQAAAA3MWQ1ZTA4Zi0yOTlkLTQ4MGEtOTUyMC03NGQyZTUwODMwMDgVAAEAAAASAAAAAAAYAAEAAAAFAAAAIAAABDYucBzVSA.0yPv4mlsiuab6ZlC11k_s9rR5gLO0Z1aEoHlyXrE30ba3LD6qBaqqVFcdQDJ3tagx0-6rg48fENjpkglkELnZG7tmF2AZYR98DUYgbot4OMnj0Y0Q-QhhqLvOe6SJmYxfYqCxBC03FVBjH9gTvCVD7kb0msN23-pw5WGRi5p209gNhr-YDv0wb9jwMJdNC-z5QSW0D5qgkbP5HKjIxgITG_qNCyO3CWPvlJIG8u1Wh1oB-EL4JI5fUZSNlipEpZRKG0jU9cbZbO8DaeEhZzfL54wc38r4luN-2XJx1yL48p4HgNP2ujWJAIJiJpy_-TnmMHTHzp3YTaPB7Swus_Leg" -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Basic NzFkNWUwOGYtMjk5ZC00ODBhLTk1MjAtNzRkMmU1MDgzMDA4OjY5MDcwMGI4LTAxMmQtNGU1My05N2FlLTVhNmFkNjg3OWVkYg==" -X POST https://account-d.docusign.com/oauth/token
And always I am getting the same message : "invalid_grant"
I have checked all params twice, and i know about that question DocuSign authorization code grant flow gets invalid_grant error about the same situation, it is not marked as answered
Can anyone explan me what i am doing wrong?
You are mixing two type Authorization Code Grant and Implicit Code Grant, in your first GET URL, you are passing response_type=token instead it should be response_type=code, once you will change response_type from token to code then it will work.
I want to ask a bit about Authentication of this API
Do "The token" of the response have some expired time or something? or is it for eternity?
Documentation link is here :
https://www.microsoft.com/cognitive-services/en-us/Speech-api/documentation/API-Reference-REST/BingVoiceRecognition#Authorize
Expiry is 10 minutes. Its specified in the documentation : https://www.microsoft.com/cognitive-services/en-us/speech-api/documentation/API-Reference-REST/BingVoiceRecognition
Bing Speech Team
The token is a JSON Web Token (JWT), which—unless it's encrypted—can be decoded to inspect its contents (a web service to perform that task can be found here).
Expiry claims are set with the exp property in the resulting JSON document.
If you want to not have to login each time instead of using the 'Authorization': 'Bearer {TOKEN}' header you could use the 'Ocp-Apim-Subscription-Key': '{YOUR AZURE TOKEN}' in order to not have to make a authorisation factory or more requests than necessary to the application and make it faster
NOTE: {TOKEN} is a JWT token like
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzY29wZSI6Imh0dHBzOi8vc3BlZWNoLnBsYXRmb3JtLmJpbmcuY29tIiwic3Vic2NyaXB0aW9uLWlkIjoiZmFhZTNlYTkxNmI1NGMxZWEyODY4MDlhYTg3ZWE1MmUiLCJwcm9kdWN0LWlkIjoiQmluZy5TcGVlY2guUHJldmlldyIsImNvZ25pdGl2ZS1zZXJ2aWNlcy1lbmRwb2ludCI6Imh0dHBzOi8vYXBpLmNvZ25pdGl2ZS5taWNyb3NvZnQuY29tL2ludGVybmFsL3YxLjAvIiwiYXp1cmUtcmVzb3VyY2UtaWQiOiIiLCJpc3MiOiJ1cm46bXMuY29nbml0aXZlc2VydmljZXMiLCJhdWQiOiJ1cm46bXMuc3BlZWNoIiwiZXhwIjoxNTAwODgxNjIzfQ.KdlCrIJ_H0jxs1yyeyYxYR7ucbLuFKT__ep7lGJmGbU
NOTE2: {YOUR AZURE TOKEN} is like d5kals90935b40809dc6k38533c21e85 and you find it here
The request would look like this:
curl -v -X POST "https://speech.platform.bing.com/speech/recognition/interactive/cognitiveservices/v1?language=es-ES&locale=es-ES&format=simple&requestid=req_id" -H "Ocp-Apim-Subscription-Key: d5kals90935b40809dc6k38533c21e85" -H 'Transfer-Encoding: chunked' -H 'Content-type: audio/wav; codec="audio/pcm"; samplerate=8000' --data-binary #"{BINAYFILE}.wav"