Microservice subscript to subtenant REST Endpoint not working - cumulocity

I deployed my microservice over master tenant and subscript it onlty to subtenant.
If I call:
GET https://subtenant.cumulocity.com/service/mymicroservice/health i get Status Code 200 and UP
However if I call:
GET https://subtenant.cumulocity.com/service/mymicroservice/myendpoint/data
I get Status Code 500 and
{
"timestamp": 1534235792950,
"status": 500,
"error": "Internal Server Error",
"exception": "com.cumulocity.sdk.client.SDKException",
"message": "Http status code: 403\n{error=\"security/Forbidden\",message=\"Access is denied\",info=\"https://www.cumulocity.com/guides/reference-guide/#error_reporting\",details=\"null\"}",
"path": "/ mymicroservice /data"
}
When I subscribe to the master tenant, the microservice is working fine! It seems that the user of subtenant is not allowed to access the Cumulocity APIā€¦ I also checked the user and the role. The access rights are all granted. How can i access my microservice at subtenants?

I solved the problem by my self. I made a mistake; i forgot to add a role to the manifest to requiredRoles. It was also not working in master tenant.

Related

Production environment getting error 401 (Code: 701 - Wrong authentication credentials) when calling any amadeus api endpoint

Using the Postman collection for Amadeus for Developers I can successfully get access token and execute any api endpoint in the test environment (test.api.amadeus.com)
But after signing up successfully for Production Environment (without Flight Create Offer), I am able to get access token from Production (api.amadeus.com) BUT all api endpoint execution results in 401 error (Code: 701 - Wrong authentication credentials)
Below is the error in postman
{
"errors": [
{
"status": 401,
"code": 701,
"title": "Wrong authentication credentials.",
"source": {
"pointer": "uri"
}
}
]
}
i have made sure the bearer token is valid and my api calls are pointed to api.amadeus.com using the Prodction Key and Secret.
I have been in contact with Amadeus email helpline (self-service.apis#amadeus.com) for the last 3 weeks, and after each week they instructed me to reset my account password and wait 2 hours before making the call, which i did three times now and ended up with the same error.
I hope someone higher in the tech department will notice my question and will be able to shed some light as to why your system is not letting me call production environment.
will be eagerly waiting for some advise.....
Happened to me as well, try to generate an access token few more times and use it, for me is suddenly worked

How can I fix SharePoint Resr API access error?

I'm trying to get data with SharePoint REST API but stucking with "System.UnauthorizedAccessException" error.
How can I fix this?
What I did is...
I got access token.
POST https://login.microsoftonline.com/{{tenantName}}/oauth2/v2.0/token
I tried to get sharepoint list items with the access token I got.
GET https://{{xxx.sharepoint.com}}/sites/{{sitename}}/_api/web/lists/GetByTitle('CSV')/items
With the 2nd command, I got error message like below.
"odata.error": {
"code": "-2147024891, System.UnauthorizedAccessException",
"message": {
"lang": "en-US",
"value": "Access denied. You do not have permission to perform this action or access this resource."
}
Check whether the site you requested matches the scope set by app permission xml.It is possible that the scope does not match and the requested site fails to authenticate the request.

What's the correct way as an "end-user" to access "my" tickets via API v2 of Zendesk

When I try to authenticate against the Zendesk API as an end-user, and then list tickets, it always responds with 403 Forbidden:
e.g.
GET
https://mysite.zendesk.com/api/v2/requested.json
Basic Authorization
returns with a 403
{
"error": {
"title": "Forbidden",
"message": "You do not have access to this page. Please contact the account owner of this help desk for further help."
}
}
It appears that the "tickets" API (like above) is not for end-users. Instead they must use the "requests" API .
So use: https://mysite.zendesk.com/api/v2/requests.json instead...

Google Big-query api 403-Forbidden Exception

I am getting the following JSON exception while I am executing the query using the java application for Big-Query API. Following is the exception I am getting:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "accessDenied",
"message": "Access Denied: Job eco-span-847:job_LyHmZIvlY1_0J8JQ3pxThEBf19I: The user does not have permission to run a query in project eco-span-847"
}
],
"code": 403,
"message": "Access Denied: Job eco-span-847:job_LyHmZIvlY1_0J8JQ3pxThEBf19I: The user does not have permission to run a query in project eco-span-847"
}
}
Why is this occurring and how could I resolve this?
To insert a query job in a project the calling user must be at least a Reader on the project.
When using the BigQuery API, you need to construct the client with OAuth credentials for some user. For programmatic access, this is often a Service Account identity. When you create a new Service Account, that account is not automatically added a membership role to your project.
To update the users and service accounts that are members of your project, go to https://console.developers.google.com/ for your project, select "Permissions" in the navigation panel, and make sure the user or service account identity you are calling with is a "Reader" on the project.
Check email/service account is it added in google cloud's IAM&Admin.
Verify the role/permission to use certain api. access control
If above are not met, communicate with the Owner/Admin of the project to add them in.

GooglePlus userProfile API returns error when trying to access using access-token retrieved using Google Service Account

I was able to retrieve access-token using Google Service account but when I tried to use the same access-token to retrieve GooglePlus User Profile API I'm getting the error mentioned below:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "notFound",
"message": "Not Found"
}
],
"code": 404,
"message": "Not Found"
}
}
I used scope value as https://www.googleapis.com/auth/plus.me while retrieving access-token using Google service account and I was able to fetch access-token, but then if I try to use the same access-token to request User profile API- I.e
https://www.googleapis.com/plus/v1/people/me?prettyprint=true I get the error above.
Can anyone help me on this?
This is most likely because the account that has done the authentication does not have a Google+ account/profile. For testing, you may wish to replace the "me" with the profile ID in question to verify this. In production, of course, you should catch this error and indicate that they don't have a Google+ profile.
If you need to check for a Google login, even if they don't have a Google+ profile, you can use the https://www.googleapis.com/auth/userinfo.profile scope. See https://developers.google.com/accounts/docs/OAuth2Login for more details.