Working with RAML headers, can anyone help me in learning it.I am unable to find online that what actually headers are in RAML, why they are used for.
I think RAML spec is better place to learn about RAML than the tutorials. https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md/#headers
headers:
Zencoder-Api-Key:
description: The API key needed to create a new job
Headers refer to HTTP headers. They can be used to define authorization token, e.g. Authorization or Zencoder-Api-Key. HTTP headers can be send with you API request.
Related
I'm trying to send a POST using Postman and CKAN API but I'm not sure what to include in the URL, headers and body. This is what I have tried. Can someone can help me out with the format? What to include in URL, headers and body?
In the image you can see that I send the URL without / as mention in another post but still it does not work.
I included the API key in the headers
You are trying to call the datastore_upsert action. The action URL should be
http://demo.ckan.org/api/action/datastore_upsert. In the headers tab, you should add Authorization key and the API key as a value e.g Authorization 2131238ac-32fs-4f19-8ac9-d4af5esadasd2. Then inside the body, you should add the datastore_upsert action required parameters.
I am trying to implement testing POST request for my APIs using KARATE, but getting 403 - expected csrf token not found.
However, I am able to perform POST Request using Jmeter - Login to the application, perform GET request and get the XSRF Token from GET request RESPONSE HEADERS and pass it in the POST request in Header Manager in Jmeter. That way, I am able to create a new resource using POST. I am not sure why this approach isn't working in Karate.
You must be missing some header. The fastest way you can solve this is by collaborating with someone on the server-side dev team.
Refer to this example in the Karate demos that uses CSRF:
I am trying to carry out a test as like it explained here:
JMeter Alter HTTP Headers During Test.
Quote from above :
I'm attempting to test an HTTP service with JMeter. The HTTP service requires authentication through a simple bearer token mechanism. I'm trying to proceed as follows:
POST authentication request Store token as a variable
Set Authorization HTTP header to stored variable
Request protected resource(s)
Evaluate performance
When the POST occurs, I am not able to capture the bearer token. Its a header.
I tried the solution provided by Dmitri on that issue Or as Bennet tried with RegEx Extractor and HTTPs Manager.
I think I am doing something silly not to able to extract the token. Any thoughts how to extract the token?
Most likely your Regular Expression Extractor configuration is not correct, by default it:
uses response body as a source therefore you need to switch it to look into response headers (red rectangle)
looks up in main sample only, if your header is set after redirect it won't be processed (amber rectangle)
Example configuration:
You can double check ${bearer} variable value using Debug Sampler and View Results Tree listener combination.
I am trying to use the Cloudcontrol REST API.
Has anybody used that API? I did not find out how to authenticate.
As an example, I tried https://api.devcctrl.com/app/APPMNAME/deployment/default/error/
I found : https://api.devcctrl.com/doc/#Token but I don't understand how exactly to use it.
An example would be great.
What I really want to do: I want to deploy an app using REST API. I cannot use the CLI tools due to missing python installation.
Thanks
Mike
First, in order to get the token, you need to send a HTTP POST request to api.cloudcontrol.com/token/using Basic Authentication using the email and password of your cloudControl account. You will get a JSON response like this:
{"token": "<TOKEN_KEY>"}'
You need this token key to authenticate for all other requests to the API. To do so, add an Authorization Header to your request with this content:
Authorization -> "cc_auth_token="<TOKEN_KEY>""
Furthermore, you might also need to set up some other headers for PUT or POST requests, like:
Content-Type -> "application/x-www-form-urlencoded"
Content-Length -> <length of your parametrized url values, e.g. bar=baz&foo=qux>
Accept-Encoding -> "compress, gzip"
You can find examples of this usage in the pycclib (Python) or gocclib (Go) libraries.
I have to migrate from Google OAuth 1.0 to OAuth 2.0.
I just have wrote a small request in Chrome Rest Client:
POST: https://accounts.google.com/o/oauth2/token
Headers: Authorization: OAuth realm="", oauth_signature="PU3W5uRL0eAyEi", oauth_nonce="1396865138306881000", oauth_signature_method="HMAC-SHA1", oauth_consumer_key="XXXXX.apps.googleusercontent.com", oauth_token="YYYYY", oauth_timestamp="1396865138", Content-Type: application/x-www-form-urlencoded
Payload: grant_type=urn:ietf:params:oauth:grant-type:migration:oauth1&client_id=ZZZZZ.apps.googleusercontent.com&client_secret=SSSSS
For that I receive an error message:
Status: 400 Bad Request
"{
error: "invalid_request"
error_description: "Invalid authorization header."
}"
The problem could be that I try to migrate from one Project in Google Developers Console to another.
Could that really be a problem?
The reason that I moved to another project is because I cannot create OAuth 2.0 Client ID in the original Project. I receive the following error message:
"You can not create OAuth 2.0 client ID because this project already contains an Oauth 1.0 client ID."
Please suggest.
Thank you,
E
As pointed out in a similar post, when constructing the base string to sign your migration requests, please make sure that the string uses a POST method and that it contains all relevant migration parameters as per the migration documentation.
As per OAuth1 spec, a valid base string for a migration request should look like:
POST&https://accounts.google.com/o/oauth2/token&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=urn:ietf:params:oauth:grant-type:migration:oauth1&oauth_consumer_key=YOUR_CONSUMER_KEY&oauth_nonce=NONCE&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1396414006&oauth_token=THE_TOKEN_TO_MIGRATE
Note that, for readability purpose, the above is the decoded version of the base string (check out the OAuth1 spec for more examples).
Hope that helps, Miguel.
When generating the base string you will need to ensure that each individual parameter is URL encoded before constructing the base string.
As per the oAuth documentation to sign OAuth 1.0 requests the base string is made up of 3 components
The HTTP request method
The base URL the request is being sent to
A normalized string of the parameters in the request
When constructing the base string you need to do the following
Ensure HTTP request method is POST
URL encode the base URL
Ensure the three POST body parameters [client_id, client_secret, grant_type] are included in the normalized request parameters
Ensure each parameter is individually URL encoded and then URL encode the complete normalized request parameters string. So in effect, some of the paramters are double URL encoded. This double URL encoding is mentioned in Using OAuth with the Google Data APIs#Signing Requests for the oauth_token
Only after doing all these steps did I get the migration request to work and I received a valid refresh_token
Below is a sample base string
POST&https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Ftoken&client_id%3Dxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com%26client_secret%3Dxxxxxxxxxxxx%26grant_type%3Durn%253Aietf%253Aparams%253Aoauth%253Agrant-type%253Amigration%253Aoauth1%26oauth_consumer_key%3Dxxxxxxxxx%26oauth_nonce%3D4106001%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1400779530%26oauth_token%3D1%252FkklP1YPy_AULt7j_tttttt_tterwerkj_dfj45dflk