I'm using G-Suite google classroom API and I'm trying to add student to a course, I have enabled all administration permission to my account, I made sure I have all required scopes requested in the access token but still I'm getting PERMISSION_DENIED
POST /v1/courses/<courseId>/students HTTP/1.1
Host: classroom.googleapis.com
Content-length: 70
Content-type: application/json
Authorization: Bearer <accessToken>
{
"profile": {
"verifiedTeacher": true,
},
"userId": "studentId"
}
API Documentation
So My Question is why I'm still receiving this error? how to find the root cause of the problem?
Related
In Refresh token is not returned from Dropbox API when using grant_type=refresh_token
The poster asks why he's not getting a new refresh token when using the new dropbox v2 api.
The answer is that it's not needed. Refresh tokens don't expire from dropbox unless revoked.
Is that still the case? I'm reading in https://developers.dropbox.com/oauth-guide
That "When using refresh tokens, your call to the /oauth2/token endpoint with the grant_type of authorization_code will return a new short-lived access token and a new refresh token, which should be securely stored."
But I'm still not seeing a refresh token when I use one to get an access token.
Request:
POST https://api.dropbox.com/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: api.dropbox.com
Content-Length: 363
Expect: 100-continue
Connection: Keep-Alive
refresh_token=<TOKEN>&grant_type=refresh_token&client_id=<ID>&client_secret=<Secret>&scope=account_info.write+account_info.read+files.metadata.write+files.metadata.read+files.content.write+files.content.read+sharing.write+sharing.read+file_requests.write+file_requests.read+contacts.write
Response
HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/javascript
Date: Thu, 29 Apr 2021 13:30:50 GMT
Pragma: no-cache
Server: envoy
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Server-Response-Time: 35
Vary: Accept-Encoding
X-Dropbox-Response-Origin: far_remote
X-Dropbox-Request-Id: 744233e362ac4b20a00e7a862ae90a16
Content-Length: 395
{"token_type": "bearer", "access_token": "token", "expires_in": 14400, "scope": "account_info.read contacts.write file_requests.read file_requests.write files.content.read files.content.write files.metadata.read files.metadata.write sharing.read sharing.write"}
I'm using the .net api to exchange my refresh token for an access token. But don't see how I'd get the new refresh token back even if it was on the wire. Which it does not appear to be. The refresh tokens themselves don't seem to be expiring when I use them to get access tokens. Will that change in the future?
_DropBoxClient = new DropboxClient(string.Empty, dbap.RefreshToken, sApiKey, sApiSecret, config);
var newScopes = new string[]
{
"account_info.write",
"account_info.read",
"files.metadata.write",
"files.metadata.read",
"files.content.write",
"files.content.read",
"sharing.write",
"sharing.read",
"file_requests.write",
"file_requests.read",
"contacts.write"
};
bool success = Task.Run<bool>(async () => await _DropBoxClient.RefreshAccessToken(newScopes)).Result;
The Dropbox API /oauth2/token endpoint does not return a new refresh token during the refresh process, nor are there plans to make it do so. The official documentation for the Dropbox /oauth2/token endpoint can be found here.
The Dropbox OAuth Guide is referring to when you call /oauth2/token for grant_type=authorization_code, i.e., when first exchanging the authorization code for a short-lived token and (optional) refresh token. (Apologies the "new" there is misleading. We'll fix that up.)
When you call /oauth2/token for grant_type=refresh_token, i.e., when using a refresh token to get a new short-lived access token, it will not return another refresh token.
So we have been using the Flowdock Push API for quite some time now. We have been using it to push messages from our Continous Integration server (Electric commander) and it has been working pretty great. It's integrated into a powershell script today.
Now i have been notified that the PUSH API is deprecated and will be removed "some day" along with a refference to the REST API's message feature.
Following the documentation i have been able to add messages from my personal API token directly to the chat. However when i try to add a message to the inbox, with the flow API token, i keep getting 404's
I am using fiddler's compose feature to fiddle (ha!) with the examples from the dox (i have anonymized it a bit):
POST https://api.flowdock.com/MYORGANIZATION/MYFLOW/mesages
User-Agent: Fiddler
Host: api.flowdock.com
Content-Length: 593
Content-Type: application/json
Accept: application/json
{
"flow_token": "MYFLOWS API TOKEN",
"event": "activity",
"author": {
"name": "anttipitkanen",
"avatar": "https://avatars.githubusercontent.com/u/946511?v=2"
},
"title": "Opened pull request",
"thread_id": "WT5yWsIpdvUPxP07lfgQDmLoGQQ",
"external_thread_id": "github:component:pr:42",
"thread": {
"title": "Fix bug in thread API",
"body": "Body with <b>HTML<b> formatting",
"external_url": "https://github.com/flowdock/component/pull/42",
"status": {
"color": "green",
"value": "open"
}
}
}
Raw response is:
HTTP/1.1 404 Not Found
Date: Thu, 08 Oct 2015 10:02:34 GMT
Status: 404 Not Found
Content-Type: application/json
X-Request-Id: ab39438c-07b7-48bf-bde8-c3b29478094d
X-Runtime: 0.007442
Strict-Transport-Security: max-age=31557600
X-Server-Id: 3c4883af38147558374983c6d90b2bb9badb86d4
Vary: Accept-Encoding
Transfer-Encoding: chunked
20
{"message":"Resource not found"}
0
Is the flow_token the API token for my flow? Or is it the dev token i have to sign up for?
This is not meant to work as an application, i just wan't to push the status of builds and deploys to the other developers.
https://www.flowdock.com/api/message-types#/activity
The correct endpoint is https://api.flowdock.com/flows/ORG/FLOW/messages.
The flow_token is a bit confusingly named since it is not the flow API token, instead it is a source's flow_token. In order to get a flow_token to a source, you will need to create an application. Then create a source for it to a certain flow. Easiest way to do this is using the "Tools for testing" section in the application.
Lastly you probably want to use only the "external_thread_id".
My azure hosted web API uses the O365 Calendar and Mail REST APIs for creating events and mails on behalf of the users. All necessary permissions have been enabled for the corresponding Azure AD application. My question - Accessing the mail API using the Bearer OAuth token as part of the header succeeds but when I use the same token for the events API, it fails with a 403.
The Documentation I have been following for my implementation is the official msdn one and the update - https://social.msdn.microsoft.com/Forums/exchange/en-US/6fc135ae-f8f9-4b4d-b50b-f00a2bd79a30/office-365-rest-api-mail-calendar-contacts-update?forum=exchangesvrdevelopment
Fiddler trace (Raw view of request) -
POST https://outlook.office365.com/ews/OData/Me/Events HTTP/1.1
Accept: application/json
client-request-id: 00000000-0000-0000-0000-000000000000
Authorization: Bearer <OAuth token>
Content-Type: application/json; charset=utf-8
Host: outlook.office365.com
Content-Length: 287
Expect: 100-continue
{"Attendees":[{"EmailAddress":{"Address":"sample#sample.com","Name":null},"Type":"Required"}],"Body":{"Content":"Hello World","ContentType":"HTML"},"End":"2014-10-22T19:00:00Z","Location":{"DisplayName":"Conf Room M"},"Start":"2014-10-22T18:00:00Z","Subject":"Testing"}
Text view of response -
{"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."}}
Fiddler trace of the Mail API request that works fine -
POST https://outlook.office365.com/ews/OData/Me/sendmail HTTP/1.1
Accept: application/json
client-request-id: 00000000-0000-0000-0000-000000000000
Authorization: Bearer <OAuth Token>
Content-Type: application/json; charset=utf-8
Host: outlook.office365.com
Content-Length: 171
Expect: 100-continue
Connection: Keep-Alive
{"Message":{"Body":{"Content":"Test","ContentType":"HTML"},"Subject":"test","ToRecipients":[{"EmailAddress":{"Address":"sample#sample.com","Name":null}}]}}
Considering that you are getting a 403 (Forbidden) error for one API, I'd suggest you review the resources enabled for the application. Can you make sure you have Write permissions for the Calendar API? I know you mentioned that you've done this before, I'm just checking in case of the small chance you missed those Write perms.
Sorry for having kept this question hanging.
The issue was with the ClientSecret (either had stale permissions on it or was wrong in the first place). Generating a new one via the management portal fixed this issue.
I'm trying to follow the datastore API tutorial and this simple request (sent via Fiddler):
POST https://api.dropbox.com/1/datastores/get_or_create_datastore HTTP/1.1
User-Agent: Fiddler
Host: api.dropbox.com
Content-Length: 12
Authorization: Bearer [snipped]
dsid=default
always results in this error response:
HTTP/1.1 400 Bad Request
{"error": {"dsid": "Missing value"}}
The access token was created from the developer app console, and my test app has full dropbox permissions. Running the list_datastores API call succeeds and reports that I do have one datastore with a dsid of default.
I think you'll need a header of Content-Type: application/x-www-form-url-encoded, since you're sending form-encoded parameters.
i'm using the Explorer to just test out the API and get a feel for the data returned. On the top right corner of each API there is an "authorize using" switch. This asks me to auth with my google account. This all happens correctly and without error. When i try to use the "data.ga.get" method i get this error:
Request
GET https://www.googleapis.com/analytics/v3/data/ga?ids=ga%3A24351574&start-date=2011-01-01&end-date=2012-02-01&metrics=ga%3Apageviews&pp=1&key={YOUR_API_KEY}
Request
GET https://www.googleapis.com/analytics/v3/data/ga?ids=ga%3A24351574&start-date=2011-01-01&end-date=2012-02-01&metrics=ga%3Apageviews&pp=1&key={YOUR_API_KEY}
Authorization: OAuth ya29.AHES6ZSCqka0X1AVtMrW7iXn7VreLk71vfWB9MrnXCejBYY
X-JavaScript-User-Agent: Google APIs Explorer
Response
403 Forbidden
cache-control: private, max-age=0
content-type: application/json; charset=UTF-8
date: Tue, 28 Feb 2012 01:23:18 GMT
expires: Tue, 28 Feb 2012 01:23:18 GMT
server: GSE
{
"error": {
"errors": [
{
"message": "Forbidden"
}
],
"code": 403,
"message": "Forbidden"
}
}
The strange thing is the auth works just fine for other API like calendar.
I'm not sure what i'm missing that would case this issue
A 401 Unauthorized and a 403 Forbidden are two different errors. But, make sure the Analytics service is turned on for your project in the API console: https://code.google.com/apis/console/.