I am requesting access token from Gfycat API.
I have entered the details in Postman as mentioned below, i.e. Client secret, still getting BAD Request error.
Please help me identifying what I am doing wrong.
For details, please see the below screenshot.
enter image description here
I can see two issues in the screenshot:
There's client_id twice, instead of one client_id and one client_secret
You put the key/values in Postman's Header tab instead of the Params tab.
It's a straightforward request, you can even get an auth token from your browser with a simple URL (no header or body)
https://api.gfycat.com/v1/oauth/token?client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=client_credentials
Related
A am just beginning to familiarize myself with the eBay RESTFUL API, forgive me this basic question, but I found no answer yet.
I have an eBay account since many years ago. I registered a developer account (same eMail address) recently, and I got the Tokens for Sandbox and Production. I have successfully used public APIs like list items, search items, and such, to verify the tokens, by querying some items in eBay.
How do I preceed from here to access data specific to my eBay account, like, for instance, the list of purchases and sales? Somehow I need to connect my app to my live eBay account, I guess, and give my app permissions to read data, but I could not find any matching setting in my eBay account settings nor in the API calls.
Please guide me through the next step: how do I give my app the required permissions, and how do I build a simple read-only query to query, for instance, the items I have purchased.
I think this question does not depend on any programming language, feel free to use any programming language you like.
Many Thanx!
Ok so if we are talking only about Authorization token and calling seller api like orders (in ebay it's called fullfilments i believe).
We need to start with creating User Token.
You can create one here:
Then you need to add ebay redirect URL:
I don't know much about Auth'n'Auth so I will talk only about OAuth
After adding new redirect URL you should add url address for authorization success and failure.
You will be redirected there after authorization.
Now we can test if generation of token works.
For this example i did set my redirect url like that:
We need to click "Test Sign-in" (set radio button to OAuth before)
You should be redirected to website:
You need to sign in with account which have access to sandbox.ebay.com or ebay.com (depends if you are on sandbox or production environment)
After logging in I don't remember if there will be another window with confirmation of App scopes to confirm (I already done it before).
But if that is the case just click confirm button.
Now you should be redirected to https://localhost.com which we did set up as our success redirect url
Url should look like that
https://localhost.com/?code=v%5E1.1%0VeMTI%3D%3D&expires_in=299
That code parameter is much longer btw. And you can see that it's url encoded so you need to decode it before using
And now you are almost at home :D
You have 300 seconds to call a POST request to authorize with that code parameter.
POST https://api.sandbox.ebay.com/identity/v1/oauth2/token
Header required
Remember first screen shot?
You need to go there and get your App ID, Cert ID then concatenate it with ":" then encode it to Base64 and add before that value "Basic " keyword.
In pseudo code it should looks like that:
Authorization:Basic Base64.encode(AppID + ":" + CertID)
Body required
format of Body needs to be "x-www-form-urlencoded" (key:value format basically)
here you need
grant_type:authorization_code
code:{code}
redirect_uri:{redirect_name}
{code} - is value from success authorization url
{redirect_name} - you can find it on screen below marked with red circle
If you did everything right you should get response from ebay
{
"access_token": "v^1.1#i^1#r^0VbbxW1wjv4HZGAAA",
"expires_in": 7200,
"refresh_token": "v^1.1#i^1#f^0#r^FDQ=",
"refresh_token_expires_in": 47304000,
"token_type": "User Access Token"
}
You should save that data, access_token is used for accessing data, refresh_token is used to refresh access_token.
Example request with authToken
GET https://api.sandbox.ebay.com/sell/fulfillment/v1/order?filter=creationdate:[2022-03-31T08:25:43.511Z..]
You need Authroization header:
Authorization:Bearer v^1.1#i^1#r^0VbbxW1wjv4HZGAAA
That's it I guess. To implement that into your app you need to be able to generate the first url which you are redirected to after clicking "Test Sign-in" and that's basically it.
Btw you refresh token like that
POST https://api.sandbox.ebay.com/identity/v1/oauth2/token
Body x-www-form-urlencoded
grant_type:refresh_token
refresh_token:v^1.1#i^1#f^0#r^FDQ=
Header
Authorization:Basic Base64.encode(AppID + ":" + CertID)
I hope that will help someone. :)
I am trying to use the Privacy API but the Authorization Header is confusing me a lot. I am not sure how to format the header no matter what method I use for calling the request.
Below is the exact format they asked me to use but now I'm not getting any response. If anyone knows how to authorize Privacy's request calls it would help me so much, thank you in advance! Privacy API
If picture describe what you try to do, remove two dots after Autorization in Key input
Key: Autorization (without two dots on the end)
value: api-key xxxxx
We keep playing this cat and mouse game with Robinhood.com. I have a trading app which used to trade stocks with Robinhood, but they keep changing the unsupported unofficial API to make it difficult for traders to use. I know that many people are doing the same thing and I want to reach out to them to see if there is a new answer. The latest problem is when I try to get a Bearer token using the URL https://api.robinhood.com/oauth2/token/ the API returns the following JSON: {"detail":"This version of Robinhood is no longer supported. Please update your app or use Robinhood for Web to log in to your account."}. This started happening on 4/26/2019.
Has anyone found a work around for this, yet, or have they finally beaten us into submission?
A more complete solution (not need browser):
Use requests.session.
Obtain the login page by making a GET request to "https://robinhood.com/login".
At this point the session's cookies will contain 'device_id'.
Obtain this device_id and use it in making the oauth2 token request to "https://api.robinhood.com/oauth2/token/" also add in the data request "challenge_type" (either "sms" or "email").
This request will fail with a 400 error code. Robinhood will send an SMS message or Email with a temporary (5 minute) code.
Also at this point use the 400 response's body to get "id" from "challenge" inside of the JSON object.
Confirm the challenge by making a POST request to "https://api.robinhood.com/challenge/CHALLENGEID/respond/" where CHALLENGEID is the same id mentioned in the first failed /oauth2/token/ POST request.
Make the same POST request to "https://api.robinhood.com/oauth2/token/" and include in the header "X-ROBINHOOD-CHALLENGE-RESPONSE-ID" with the value CHALLENGEID.
You can reuse a device_id with user/pass after this even after logging out.
Be cautious with storing device_id as it is the result of user/pass login and successful SMS/email 2FA.
Just got it working. At the risk of them seeing this post and changing it more, here we go:
First, you're going to want to log into your RH account in a web browser
View Source on the page, and look for clientId - it should be a big hex number separated by dashes
Add that number to your POST requests to /oauth2/token under the field device_token
There's probably another way to retrieve the device token, and I'm not even sure it's unique, but that way should work.
Good to be back here after a very long time.
Not sure if anyone is still looking for answers to this, but I have a very simple solution.
At Robinhood's login screen, enter your username/email and your password, press F12 on your keyboard to bring up the console panel and switch to the "Network" tab then wait for the page to load completely. (During this time you will see a list of items being loaded rapidly depending on the connection speed.)
At this time you can keep clearing the list by clicking on the button highlighted in the below image.
Click on button highlighted repeatedly until the list is empty
Now, log into your Robinhood account. At this point your console should display a list similar to the one shown below.
Look for the name "token/", most likely it will be the second one you get all the information you need. And this information will be under the Headers then Request Payload
I was able to find this with past knowledge and experience of web scraping for fun. And also, I needed to know this as well, since I recently started doing trades via Robinhood.
Hope this help you curious ones out there.
For my Robinhood account I am using Google Authenticator for my 2FA. What I have so far is that I send the original call that I was sending before to https://api.robinhood.com/oauth2/token/. This is giving me a response of:
{"mfa_required":true,"mfa_type":"app"}
I then repeat my oauth token request, but this time providing the value from Google Authenticator (so my GUI has to prompt me to fill it in) with this payload in the request to https://api.robinhood.com/oauth2/token/:
{"grant_type":"password","scope":"internal","client_id":"c82SH0WZOsabOXGP2sxqcj34FxkvfnWRZBKlBjFS","expires_in":86400,"device_token":"***","username":"***","password":"****","mfa_code":"***"}
and then I am getting an access token in reply
I hope am am posting this in the proper place.
I am trying to work through the tutorial make your first LinkedIn API call using OAuth 2.0.
http://developer.linkedin.com/documents/authentication
a. Generate Authorization Code by redirecting user to LinkedIn's authorization dialog
https://www.linkedin.com/uas/oauth2/authorization?response_type=code
&client_id=YOUR_API_KEY
&scope=SCOPE
&state=STATE
&redirect_uri=YOUR_REDIRECT_URI
Filling this out:
https://www.linkedin.com/uas/oauth2/authorization?response_type=code
&client_id=123456789
&scope=r_basicprofile%r_network%
&state=abcdefghi
&redirect_uri=http://www.socialinnovationlab.net
which gives a uri of
https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=123456789&scope=r_basicprofile%r_network%&state=abcdefghi&redirect_uri=http://www.socialinnovationlab.net
And this gives the linkedin auth form as it should.
b. Request Access Token by exchanging the authorization_code for it
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code
&code=AUTHORIZATION_CODE ****I think this is the above uri?******
&redirect_uri=YOUR_REDIRECT_URI
&client_id=YOUR_API_KEY
&client_secret=YOUR_SECRET_KEY
I have:
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code
&code=https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=123456789&scope=r_basicprofile%r_network%&state=abcdefghi&redirect_uri=http://www.socialinnovationlab.net
&redirect_uri=http://www.socialinnovationlab.net
&client_id=123456789
&client_secret=1212121212
Which givies a uri of:
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=123456789&scope=r_basicprofile%r_network%&state=abcdefghi&redirect_uri=http://www.socialinnovationlab.net&redirect_uri=http://www.socialinnovationlab.net&client_id=123456789&client_secret=1212121212
When I try to go to this address I get the error:
{"error":"invalid_request","error_description":"missing required parameters, includes an invalid parameter value, parameter more then once. : client_id"}
any idea where I went wrong?
Thank you
In step a. when you navigate to
https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=123456789&scope=r_basicprofile%r_network%&state=abcdefghi&redirect_uri=http://www.socialinnovationlab.net
you'll see LinkedIn auth form. Once you submit the form you'll be redirected to
http://www.socialinnovationlab.net?code=AUTHORIZATION_CODE&state=abcdefghi
Parameter code in the above URL will contain your authorization code. That is the authorization code you'll need to use in code parameter of the URL in step b.
I'm trying to use the Survey API.
When I try and use the form online to request an Authorization token I get a
error message.
Invalid or missing access token" error message.
The form to test the API calls also asks for a Client Secret code but yet it auto fills the box with the API Key.
Any help here would be nice.
I'm not sure if this is a bug on Survey Monkey's end either in the API or the form that tests the API.
You should have received a reply to this via email but I wanted to ensure this was answered here in case anyone else is having the same issue.
There was a bug on our API console preventing an access token being issued, this is now fixed.
The access token has to be copied into the "Authorization" parameter in the format "bearer ". e.g. if your access token is 'fdhjfu3cc8ss=', make sure the Authorization parameter has "bearer fdhjfu3cc8ss=" in it (with no quotes). Note that you need to use the Access Token returned, not the Authorization Code.