Currently I'm trying to access data from my shopify store through local host and I'm getting the CORS error. I realize this question has been asked but I couldn't find an answer. Also I realize that this is a bad practice since credentials are exposed. I have a local computer that for a reason (with out taking the time to explain it) needs to be able to GET data from my shopify store. This HAS to be done in javascript so I am using XMLHttpRequest like so:
var url = "https://apikey:secretkey#mystore.myshopify.com/admin/orders.json?limit=25&page=2";
this is based on this answer on SO: shopify how to get product data using php in my localhost
In the above I'm passing my apikey and secret key from an app I've setup and approved on my account. One thing I didn't do is whitelist my ip which I'm not sure if that's what would allow me to get the data. This returns a CORS error.
I've also tried this:
var url = "https://username:password#mystore.myshopify.com/admin/orders.json?limit=25&page=2";
Here I pass my username and password and I get the CORS error also.
What is a challenge is that if I'm logged into the account or not logged in when I go to my browser window I can go to this url: "https://username:password#mystore.myshopify.com/admin/orders.json?limit=25&page=2"; and the json data appears in my browser window.
Again this has to be done in javascript and it has to be done from a local computer.
The way I went about this is forget the XMLHttpRequest. To access the shopify api via my local host I used the node library provided here: https://www.npmjs.com/package/shopify-api-node
I'm marking this as the answer just in case someone in the future is attempting to do this.
Related
I want to know which user has signed up on my Cognito hosted UI.
I configured everything accordingly to the AWS documentation.
When opened, the UI works just fine.
As soon as it comes to the redirect to my website it appends a UUID code like this:
https://example.com/signup?code=140ac1a7-aaaa-bbbb-cccc-180bcb7c55f0
But it seems that the given code has nothing in common with the user that was just created.
Where am I missing something?
Additional info: I'm working on a java backend, so I cannot use the JS SDK
I tried to change the response_type to token instead of code but then the hosted UI redirects me to:
https://example.com/signup?#error_description=unauthorized_client&error=invalid_request
The UUID is the access code. With it u can get the access token which can provide you with the user information.
The documentation can be found here:
https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
And the request looks like this:
POST https://your-pool.auth.your-region.amazoncognito.com/oauth2/token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&
client_id=your-code&
code=the-access-code&
redirect_uri=your-redirect
I use Nextcloud as a normal user to store and share files.
I decided to use it as a backend for a web application I am developing so that I can store the files in Nextcloud while the frontend is done by me.
I spent some hours on the API docs
https://docs.nextcloud.com/server/latest/developer_manual/client_apis/WebDAV/index.html
and, with some disappointment, unless I have not made a mistake, I realized that the only API that can be used from outside Nextcloud is the WebDav API.
This is a minimalistic API that allows doing basic things such as uploading a file by passing the full path like with this GET statement (authenticated by basic auth passing username and password in the headers:
GET https://nextcloud.example.com/remote.php/dav/files/username/FolderOne/SubFolderTwo/HelloWorld.txt
This will download the file located in /FolderOne/SubFolderTwo/HelloWorld.txt
with a PUT request, it is possible to overwrite the file by passing the file content in the raw body request
This is very effective but minimalistic.
I was expecting to have a full REST API to access more properties and perform complex operations.
Could you please tell me if I missed some important information?
There is the OCS API but it works only from inside Nextcloud.
Thanks.
A full REST API is avaiable - https://docs.nextcloud.com/server/22/developer_manual/client_apis/OCS/ocs-api-overview.html
Create a Share - https://docs.nextcloud.com/server/latest/developer_manual/client_apis/OCS/ocs-share-api.html
The OwnCloud documentation also offers more examples
https://doc.owncloud.com/server/10.8/developer_manual/core/apis/ocs-share-api.html
You can register an App id and use that to login or passthru a username and password in the authentication header.
I just installed Directus, but I have to create the HTML interface, and I can't extract the data via the API. How can I use the static API? That is, with some kind of static token (the front will do it with PHP).
I have the Directus suite (APP + API https://github.com/directus/directus) installed and the HTML will be hosted on the same server.
Directus has built-in static tokens that can be assigned to any Directus User, and inherits that user's permissions. You can set this static token in directus_users.token (plaintext), and then use it to authenticate to the API. This is less secure than the other auth methods, but that depends on how you use it.
https://docs.directus.io/api/reference.html#tokens
The other option would be to set the data you need to "public". Obviously that only works if that data is public (READ)... but that is the case for many websites.
Thanks RANGER, I have the following installation:
URL:
https://cms.domain.com/public/ (APP + API Directus)
I have reviewed the column of the table you comment, and there is indeed a token already established:
BGJFwQ1KlHnH91V2oIwMbOsG
$contents = file_get_contents('https://cms.domain.com/public/_/collections/categories?access_token=BGJFwQ1KlHnH91V2oIwMbOsG');
var_dump($contents);
But it does not work, I have read the documentation more than 10 times and I have been with the subject for days, I wanted to solve it myself, but I cannot find the error using file_get_contents () or curl in PHP to call the API.
The Directus ADMIN is in:
https://cms.domain.com/public/admin/#/
I have taken the token from the ADMIN user, and therefore I understand that you have all the permissions to use the API. In the example, I wanted to list the "categories" (collection), which have 3 records.
Solved: curl https://cms.domain.com/public/name-of-project/collections?access_token=BGJFwQ1KlHnH91V2oIwMb34343G
Solved: I should use the **project name instead of "_" (default project).**
I am sorry that it is such a basic mistake, but I have come across several people with this problem.
I'm working through the steps in the Aggregation REST Quick Start Guide (https://developer.yodlee.com/Indy_FinApp/Aggregation_REST_Quick_Start_Guide).
I'm able to successfully request a CoBrand Session Token using our private zone URL:
consolidatedsdk.yodlee.com/yodsoap/srest/private-XXX/v1.0/authenticate/coblogin
I'm also able to successfully register new users with:
consolidatedsdk.yodlee.com/yodsoap/srest/private-XXX/v1.0/jsonsdk/UserRegistration/register3
However, I'm not able to login users. I get a 404 error for the following URL:
consolidatedsdk.yodlee.com/yodsoap/srest/private-XXX/v1.0/authenticate/login
(Obviously I've obfuscated our actual Private Zone URL for security purposes)
Ryan,
Try not to copy-paste Rest URL and endpoint from site, but type it by yourself.
I had the same error (415 system_error), but after typing it manually everything worked.
It should be because of any of the below two reasons -
You are accessing the API from an IP which is not whitelisted with Yodlee.
The URL may contain spaces which is why the URL is not recognized by Yodlee.
Please make sure both of the above point is considered while making a request as login API is working properly in the environment which your Private zone is configured.
I have an app that already successfully uses google oauth, but now I am trying to setup a staging deployment. It is a rails app with devise and omniauth, but I think there might be a problem with how I configured Google.
In the google api admin panel (https://code.google.com/apis/console) I can see the existing app. I created another one with a different callback url (because it is staging). Using Postman (a fancy way to edit the url parameters) I can send a get request to google with the current production client_id and redirect_url and it works fine. When I copy and paste in the new clients (staging's) client_id and redirect_url I always get the error Error: invalid_client.
I'm sure where to start with trying to the figure out the problem, but I've tried a lot of different steps, renaming the urls, changing the client secret, or recreating the client in the admin panel. Any ideas? This error is rather cryptic.
We had a temporary issue with a small set of client ids. The issue should be resolved. If you are still having problems please follow up.