dry_run can be set so that pushes aren't sent, but that tokens can be validated by FCM.
If the response to a dry_run is 200 and there are no errors, does that guarantee that if dry_run was not set that there is a an app installation on a device that FCM could target with that message.
The only scenario I can think of is if there is a delay:
dry run enabled in request
user uninstalls the app (or some other event which invalidates the token)
FCM returns 200/no error
FCM receives data relayed from the device that the app was uninstalled and token is invalid
Are there other scenarios?
You can validate the FCM token by calling the
(GET) https://iid.googleapis.com/iid/info/YOUR_APP_TOKEN_HERE
[Header] => 'Authorization: key=YOUR_KEY'
Simple and easy.
If token is valid then it will return 200 status code with some more details in JSON format or if it's invalid then status code will be 400 with error detail in JSON format.
Implement this code server side. get token from database (if you are saving token in database) and passin the above URL and it will send you token status whether if it expired or not.
Related
Expected HTTP 401 (Unauthorized), but got HTTP 405 from shop-redact. Your app's HTTPS webhook endpoints must validate the HMAC digest of each request, and return an
HTTP 401 (Unauthorized)
response when rejecting a request that has an invalid digest.
Screenshot
I have used osiset/laravel-shopify package
I have solved this error. Even though one app has been approved, the other app has the same solution in front of it, I still get this error from Shopify in the other app.
First I tried this solution in which the app was rejected. But I applied the same solution in the first app, which was approved
Route::get('/shop-redact',[AbcController::class,'shopRedact'])->middleware('auth.webhook')->name('shop.redact');
And then I tried to create a job for all GDPR webhook but the app was rejected
https://github.com/osiset/laravel-shopify/wiki/GDPR
What is the other solution to this?
Shopify webhooks make POST request to your endpoint so set post request
Route::post('/shop-redact',[AbcController::class,'shopRedact'])->middleware('auth.webhook')->name('shop.redact');
All major web applications (Google, Facebook, etc.) return page status 200 ok in case of authentication failure, i.e. wrong login/password pair.
Although by definition, if a resource is not found with request URI - status 404 Not found is returned.
Wikipedia says:
[404 Not Found] Used when the requested resource is not found, whether it doesn't exist or if there was a 401 or 403 that, for security reasons, the service wants to mask
How does the login case differ?
Server code 200 means you get the response . Whether it is your wrong credentials or not. if Your request has not been processed then server returns different error code . But for your case,
Your login request has been processed , connection with database has been established and from that you get you wrong credential message . So code 200 is for your successfully processed request.
I've registered as a developer with eBay and created an app.
I generated an Oauth (not Auth'n'Auth)
Using Postman to generate a simple request (image) and recieving an error for token invalidity
Error: Invalid access token. Check the value of the Authorization HTTP request header.
What am I doing wrong here?
If your token is for "sandbox" environment, make sure you use sandbox API endpoints for your requests as well.
Instead of https://api.ebay.com/buy/browse/v1/...,
try https://api.sandbox.ebay.com/buy/browse/v1/....
One of the issues which might have happened is:
The access token might have expired
Use the refresh token to refresh the access token when it expires — you know when to do this when your call to the API returns a status code of 401 and the above body you saw in Postman.
What is the system behavior of receiving a request to A restful API with a expired api_key in Moqui? Does the system send back the SC_UNAUTHORIZED error or something else?
The response is status with 500 internal server error.
Is there a way to tell when a GCM token is no longer valid, without actually attempting to send a notification and receive an error?
Thanks.
You can do this by using the dry run feature provided by the google.
When sending request for a notification from your web server to GCM servers you can add dry_run key to be true
This parameter allows developers to test a request without actually sending a message. The default value is false, and it must be a JSON boolean.
If the Notification key is invalid it would give the corresponding http response of the request