Hello I'm currently trying to set up the bot framework from Microsoft, so I can call this from my REST API.
I created the bot framework using the portal from Microsoft and integrated LUIS into it. This part is not the problem, but when I try to call the end API I get 401 unauthorized with the message "BotAuthenticator failed to authenticate incoming request!". I tried this in Postman and CURL and both give the same response.
I've been searching on the web and saw that you need to pass a bearer token in the header. For this I used the login services from Microsoft and successfully got a token from it.
Even with this token in the header I keep getting the same response. I also tried using the bot emulator from Microsoft with the same Microsoft ID and Password, but here it seems to work.
Am I forgetting something important or do I have to change some settings in order to make this work outside the bot emulator?
You usually talk to your bot through one of the available channels and not directly to the bot implementation. If you want to talk to your bot through a REST API, you would need to use the Direct Line API. Did you enable the Direct Line Channel? Please have a look at the samples here - https://learn.microsoft.com/en-us/azure/bot-service/rest-api/bot-framework-rest-direct-line-3-0-concepts
Related
I not hugely experienced with API's, but I was wondering the difference in Postman with using the 'Authorize using Browser' below Callback URL and not using it. (I'm trying to connect to Microsoft Dataverse using Web API) When I don't use it a pop up comes up fine and I can sign in and authentication goes great. But if I use the browser it won't work. Now, I don't have Azure Admin rights to set up callback URL's in my environment so I imagine that is part of the issue, I'm just wondering why it works one way and not the other. I was trying to replicate in python and am getting the same error as trying to use browser in postman. I would like to understand what backend process Postman is using in the non-browser version so I can replicate if possible. I followed Microsoft's example in the link below as well.
Postman Example
https://learn.microsoft.com/en-us/learn/modules/common-data-service-web-api/3-postman?ns-enrollment-type=learningpath&ns-enrollment-id=learn-dynamics.integrate-power-platform
I have recently learnt about API and started using them for learning purpose.
I have tried the twitter API,but there is something I don't understand
Process of sending tweets with an API
Get your API token (need to tell a lot of informations and wait some time before it's validated)
Make http post request with the token to 'https://api.twitter.com/1.1/statuses/update
Tweet posted successfully
Process of sending tweets with your browser:
Create an account (don't need that much information, it's instant)
Login, write a tweet
When you click on submit, a http post request is sent (to the same url that above) and there is a Bearer token in the request header
Tweet posted successfully
So that leads to my question, why should I contact twitter to have an API token, if I can have one just by creating an account ?
How do twitter back-end know that the request is coming from a browser (normal use) or if it's coming from a third part app ?
The direct answer to your question is that the only approved way (inside of the Terms of Service) of sending Tweets programmatically is to use the official API.
There are a variety of ways in which websites and web services can detect browser automation or usage, and that's not really a question for a programming community like Stack Overflow.
What exactly are you trying to do, and why would you choose not to use the supported official API?
I am trying to authenticate a user inside a desktop application using the web api. I am not using a browser, I am using straight up GET and PUSH calls to the endpoints of the Spotify servers. Immediately I ran into some problems. It appears that upon the initial GET command to "accounts.spotify.com", the returned response includes HTML with a javascript function that runs and is responsible for dynamically generating HTML that you see on the initial login page. If you look at the Javascript function, it is clear that this is what is going on, however, you can also see this code is obfuscated and not meant to be used by us, the developers! (Link to Javascript code here for reference: Javascript function)
So my question is, while I can probably reverse engineer the code to get this working, would this be against the Spotify developer TOS?
Thanks!
Spotify's authentication happens through oauth, and a big part of user authentication as per the oauth rfc is where the user delegates permissions to your app to carry out API calls that affect their account, or return information about them. That's the web page you're seeing - it must be presented to your users so that they can delegate permissions so that Spotify can give your app an access token. It doesn't necessarily need to happen in a browser - it can happen in a web view inside your desktop application - but it does need to be loaded over https, and your application must not alter or reverse engineer the Spotify permissions delegations page.
As you correctly guessed, reverse engineering any Spotify APIs is against terms of service.
For more information on authorization on the Spotify platform, I'd recommend having a look at this guide.
Hope that helps! Please ping me if you have any more questions.
Hugh
Spotify Developer Support
I want to use an external software Alteryx to access the api so I can crawl some JSON data. When I call https://www.yammer.com/api/v1/messages.json, it keeps on popping "HTTP/1.1 403 Forbbiden".
I guess there is something wrong with the authentication. Does anybody know how to embed the credentials in the URL? Or is there any other ways to authenticate so an external software can access?
I can do it perfectly with normal browser after logged in.
Thanks
Yammer's Rest API for retrieving data implements OAUTH 2.0. This is because any application trying to access the data is making the request as an "App" which will then have access to a user's specific data.
Yammer's OAUTH flow is decribed here: https://developer.yammer.com/docs/oauth-2
I do not yet know of an easy way to implement the authentication using anything other than development within a browser for this process.
You may be better off exporting the json messages to a file and then importing into your external software.
I'm using Java with Google Plus API. I'm using OAuth 2.0. When a user is authenticated, an access code is returned in a browser. Now, given that the code must accompany a call to the Google Plus API, I currently have to manually copy the code and use it in making calls to the Google Plus API. What I wish to do, however, is to programmatically retrieve this code; eliminate the manual copying.
Any assistance will be highly appreciated. Thanks in advance.
It sounds like you're writing a command line or some other non-web application that uses the Google+ API. This throws a little bit of a wrench into the token delivery via HTTP redirect. Without the redirect there's no way for the OAuth web pages to communicate with your code and hence you must copy and paste it.
There is one work around that seems to work pretty well. You can set up a local web server, such as an embedded Jetty, and complete the OAuth flow by redirecting the user back to their locally running web server.
You can see an example of this implemented in oacurl which is hosted here: http://code.google.com/p/oacurl/