I am trying to get data using API provided by LinkedIn. I have got the API key, API secret, and the access key as well. After going through the documentation I got to know that now they perform authentication with OAuth 2.0. I am trying to access the following API :
https://api.linkedin.com/v2/me?oauth2_access_token= my access token
The response returns the follwing:
{"serviceErrorCode":100,"message":"Not enough permissions to access: GET /me","status":403}
I have also sought permission for the API.
Why is this happening?
Note: The "Default Application Permissions" of my app is set to "r_basicprofile".
Please wait for about 2 hours after registration to get the permissions. Sometimes it take time to register for access.
if i am correct, for the V2 you need a linkedin partnership : https://developer.linkedin.com/partner-programs
if you do not need the partnership program. use the v1 api.
https://api.linkedin.com/v1/people/~
this will work with your current permissions.
Related
I am attempting to implement the eBay API and I have taken the steps to create an account, get access token. I submitted the call to obtain an oauth2 access token.
When studying the finding API documentation, it does not mention anything about OAuth2, only that when making calls you should pass your application ID. Does this mean that I do not need to pass an access token or retrieve one when performing calls to the finding API?
As far as I know you need :
api_endpoint
dev_id
app_id
cert_id
runame
auth_token
api_version
I am using these credentials detail and it works for me.
I have created an app and some REST API on Google Appengine and deployed it to
www.my-appspot-id.appspot.com
I'm using Google Datastore to store my data and have created API's to access that data.
However, i can access my API directly also using
www.my-appspot-id.appspot.com/_ah/api/explorer
which means anyone can access them and can manipulate the data which i don't want.
How to restrict access so that nobody but some particular registered set of users can only use it?
I stumbled upon this tutorial recently, might be of some help.
I think you need to authenticate your endpoints and authorize only some client id.
OAuth 2 authentication : https://developers.google.com/appengine/docs/python/endpoints/getstarted/backend/auth
Allowed client ids and audience : https://developers.google.com/appengine/docs/python/endpoints/create_api#allowed_client_ids_and_audiences
To answer your question : you can't.
Google Cloud Endpoints is based on the explorer api: everybody will be able to navigate into your API, and see the differents methods available.
BUT if you add an authentication to your methods, the visitor will not be able to execute them.
I have managed to get an access token from the twitter api. Now I want to use that token for my further data fetching things, so please help me here to get the details of my twitter account.
For example, lets say I wanted to get the user's data, so when I tested this in apigee console, I got my result.
But how to get the same result, using same api, by hitting on a browser using the access token
something like this
Please help
It's a little more complex than the URL you suggested, but you can use Twitter's OAuth tool to generate the OAuth signature you need to make requests to its Home Timeline API call.
You can find the OAuth tool here:
https://dev.twitter.com/docs/api/1.1/get/statuses/home_timeline#oauth-tool
it's not like that when making twitter api calls you need to send consumer key, consumer secret, your_access_token and your_access_token_secret together
Eg: oauth_consumer_key="KEY",oauth_signature_method="HMAC-SHA1",oauth_timestamp="TIMESTAMP",oauth_nonce="NONCE",oauth_version="1.0",oauth_token="YOUR_TOKEN",oauth_signature="SIGN"
Source: https://twittercommunity.com/t/getting-the-user-details-using-access-token/6325/3
I am trying to gain access to my BigQuery enabled Google API project using the .net Google APIs.
Using a console application, I am trying to authenicate first by supplying my simple API key in the URI, then just trying to get the list of projects.
The error I am receiving when I call Fetch() on the project list is: Login Required [401]
var bigqueryService = new BigqueryService{ Key = "MY-API_KEY" };
var projectList = bigqueryService.Projects.List().Fetch();
I am purposefully not using OAuth2 as we don't need any user data.
The API key simply identifies your app to the API console for quota purposes and other housekeeping. It's not authoritative for accessing BigQuery, as we do consider the BigQuery data as "user data."
If you're just trying to get an OAuth 2 access token for playing around quickly, you can use the OAuth 2 playground:
https://code.google.com/oauthplayground/
This token will be valid for one hour and can be copied/pasted as the access_token query parameter
Here's the scope for BigQuery to use in the playground:
https://www.googleapis.com/auth/bigquery
In the end, you'll either want to use the native client (out of band) flow:
https://developers.google.com/accounts/docs/OAuth2InstalledApp
Or the server-to-server (service accounts) flow:
https://developers.google.com/accounts/docs/OAuth2ServiceAccount
I don't have quick samples handy for those in .NET, but post another question on SO if you can't find them-- I'm sure someone will chip in!
You won't be able to use a simple API key - all authorization to the BigQuery API must happen via user interaction, or alternatively through a service account.
I'm trying to get access to the Google's todo feed with this url:
https://www.google.com/calendar/tdl?secid=<SECID>&tdl={%22action_list%22%3A[{%22action_type%22%3A%22get_all%22%2C%22action_id%22%3A%221%22%2C%22list_id%22%3A%2215052708471047222911%3A0%3A0%22%2C%22get_deleted%22%3Afalse}]%2C%22client_version%22%3A-1}
If I open this in my browser with a correct secid, it shows me right what I want.
Now, the question is: how do I get secid programmatically (specifically, in a java program)? I have access to the authToken (from CalendarService), but I have no clue how to use it to authorize my access to the URL above.
I tried to use the url http://google.com/accounts/ServiceLogin, but I didn't find any examples.
Any help, please?
From what I read secid is a session ID obtained from browser's cookies. Whereas your case uses Java which implies a server app. If that is the case, you want to drop the idea of using secid entirely.
Instead, you want to check out Google's OAuth2 documentation. If you are using Java, most likely you would be interested in the web-server OAuth flow. Pay special attention to the sequence diagrams.
The key steps include:
1) Obtain an authorization code from Google OAuth with the user's consent. For that, you redirect the user to Google with the appropriate scope. Check the list of calendar scopes for your case. Once the user consents, Google redirects back to you with an authorization code.
2) Call Google OAuth with the authorization code and your app's credentials to exchange for an access token.
3) Call Google's Calendar API using the access token.
And if you use Google's Java client as suggested by #ChaosPredictor, chances are some of the steps are already wrapped into the Java client (and your code will be much simpler).