How to use REST to download Outlook attachments from a node server? - outlook-addin

Right now I use the ewsURL to fetch the attachments through a SOAP request. My Outlook Addin gets the ewsURL with a token and send it to the server and the server uses that to get the attachments. The problem is, this does not work for the mobile app. In mobile, I can't get the ewsURL. According to the docs, I have to use the REST API but it's not clear how to use it on the server side. Any help?

On the add-in side, there are a couple of differences when using Outlook REST APIs from an Outlook add-in:
Modify the getCallbackTokenAsync API call to include the isRest parameter.
Use the convertToRestId API on the itemId before sending it to the back-end.
On the server-side, here are some steps on getting started with Outlook REST APIs. The code you use to call the API will be different depending on the server-side language, and there are language-specific steps under the getting started section.
The main difference will be instead of registering the application and implementing OAuth2, you will be able to skip to the step where you use the Mail API (Node.js) and use the REST access token returned by the add-in API.
For calling the attachment API, see the docs for listing attachments on an item and getting attachments.
To test the token returned by the getCallbackTokenAsync API, try making a request like this one:
GET https://outlook.office365.com/api/v2.0/me/messages/<item id>
Authorization: Bearer <REST token>

Related

Getting "PARTNER_AUTHENTICATION_FAILED" error

While configuring API in Unqork(No-Code platform) getting error "PARTNER_AUTHENTICATION_FAILED" while try to fetch Signed Document.
I have used this API Endpoint - {{baseUrl}}/v2.1/accounts/{{accountId}}/envelopes/{{envelopeId}}/documents/0
And also getting file in UTF-8 format. But when trying to convert it into PDF than getting blank document.
Unqork
From google searching, it looks like this page may be of help: https://academy.unqork.com/advanced-api-authentication
In general, you need to get unqork to use OAuth with a DocuSign oauth service provider (account-d.docusign.com) to obtain an access token. Then use that access token in unqork's API calls to DocuSign.
Contact unqork's customer service group for more help.
General information on the problem
PARTNER_AUTHENTICATION_FAILED more information error message
Are you using legacy authentication or OAuth authentication? Only OAuth is supported for new integrations.
You must obtain an access token to make API calls. You can obtain an access token via OAuth.
See the docs. Or a video.
If you want more help, ask a new question and provide more information on exactly what you have tried and what is or is not working.

How to use the eBay Browse API just to search for products via one server

I try to migrate from eBay Finding API to Browse API. My technical setting is quiet easy:
A Server searches the Browse API to find products by a keyword. Thats it.
Does anybody know if I need to implement OAuth, a redirection page for eBay-Users to log in etc.? I don't need all those features..
Thanks!
You can use the browse API with the client credential flow that mints the Application access token.
Application tokens are general-use tokens that give access to interfaces that return application data. For example, many GET requests require only an Application token for authorization.
See Documentation
The client credential flow does not require a User to Login via eBay and the redirect etc. However, you can only use the "GET" methods like getItem, getItemByLegacyId or search for example.
If you using NodeJs or Browser you can checkout the "Get Item" example here. (The library will get the Application access token automatically and return the result.)

JMeter: Record n play, also gives API access

I have recorded a login flow of an application and found some URIs like below:
/api/oauth2/initiate GET
/oauth2/authorize GET
/api/v1/oauth2/authorize GET
/api/v1/oauth2/authenticate POST
{"username":"${Username}","password":"${Password}","client_id":"${client_Id}","response_type":"code","redirect_uri":"${scheme}://${host}/api/oauth2/callback","server_id":"${server_Id}"}
When I am hitting above in sequence via JMeter I am getting 200 response. Just like JMeter I tried recording in Postman and it worked same, but instead of JSON it gave response in XML format.
It doesn't generate a access_token, it works via session cookies.
My question is - Do I really have API access or it is just browser record n play? If Yes, Does this mean I can get access to any API, if I am a registered user of that application? For ex: Facebook, YouTube or any startup website.
JMeter works on the protocol level. This means that whatever request you are generating. Say a simple browser request or an API call, you can do that easily.
Now the thing is replicating requests. You don't need to record the requests necessarily using the browser. You need to analyze the few things that are required. Say Postman is generating a request. You specify the things you want to send and you use the API Token there. The same things can be specified there as well. It all depends on how you are understanding the concept of request generation.
You simply need to replicate the samplers and the parameters. And the request headers in postman can be replicated here in the same way.
For each HTTP Request Sampler make sure you add a corresponding child HTTP Header Manager config element.
Headers basically tell the server that what client we are using and in what form data is being sent and then server responds accordingly with the information.
What you're recorded is OAuth2 flow and you won't be able to replay it without correlating the dynamic values.
You can have access to Google API or Facebook Graph API given you have proper access_token but I don't think you should be testing them directly, you should focus on solely your application.

Is it legal to send custom request using cookie?

Is it legal to send custom requests using my own cookie? For example if I login to a website that provides e-mails and I found that I can send a request like: somewebpage.com?email_id=1&cookie_token=123 then can I send a custom request using eg app written in c++ to get all my emails (by changing email_id)?

Exact online REST API: POST call not working

I am trying to make a post call in Exact Online REST API. I'm trying to create a SalesInvoiceLine. I can perfectly do a GET call via my browser. I am logged in in Exact Online so I don't need authentication since this should be passed via a cookie. I tried POST via a browser. The browser prompts me to login, when I do nothing happens. I've also tried this in Postman:
I am 100% certain these initials are correct, I can login with them in Exact Online. What am I doing wrong?
If this is not the way, how can I post data to Exact Online? There are not that many concrete examples to find online.
You can't log on to the Exact Online REST API with Basic authentication, the mode you are using now.
The web service uses OAuth as authentication mechanism, meaning you have to acquire a token first. The steps to do so are outlined in the official documentation.
It will need some work on your end to register an app, get the flow up and running. Depending on your business needs, you might be helped with one of the apps for Exact Online by the company I work for.
You need to retrieve the CurrentDivision through GET Request https://{Base Uri}/api/v1/current/Me only from OAuth then you need to assign
CurrentDivision to whatever may be the API call .../api/v1/{CurrentDivision}/../....
Without authorization by Auth 2.0, neither is impossible.
To authorize the ExactOnline API calls you have to do the following:
Register the app in the developer portal. Bear in mind that you have to do a separate registration for French, UK or Dutch version of ExactOnline (this is indeed a pain).
In case you want your application to be used by other accounts than yours, you have to submit the app for validation, this usually takes 2-3 weeks.
EO uses standard OAuth 2.0 schema (very similar to what Google is using with their services). You have to use endpoint GET /api/oauth2/auth for building an authorization link and endpoint POST /api/oauth2/token for obtaining both access and refresh tokens.
Please bear in mind that many Auth 2.0 services are proving long-lasting refresh token. This is not the case of EO. The refresh token is invalidated every time when the access token is requested (endpoint POST /api/oauth2/token). With access token new refresh token is supplied, so make sure you update you refresh token as well.
The access token is placed in HTTP header as "Authorization: Bearer {{ACCESS_TOKEN}}"
In case you want to automate the EO API calls and do not want to code anything on your own, you can try one of the pre-build Exact Online API connectors, created by the company I work for.