Currently we're generating Swagger 2.0 documentation using Swashbuckle.AspNetCore. The authentication mechanism being used requires three headers:
X-API-KEY: The shared key
X-API-SIGN: Signature of the request composed of HMACSHA256 hashed value of Hashed secret, Timestamp, Method, Endpoint, and Body
X-API-TIMESTAMP: This is the same timestamp used in the signature
I don't think Swagger or Swashbuckle support this natively so I would likely need to set up some javascript to fill in hidden fields or something in the swagger docs.
I'm currently using an OperationFilter to prepend operation parameters to each request. This doesn't help me once the page loads though since the user will need to enter their API key and secret, which everything else is calculated based on. Clearly javascript will be required here.
Can anyone provide suggestions for how to handle this cleanly?
I wanted to put this as a comment but comments do not allow format so here you go:
The Swashbuckle.AspNetCore seems to be missing the InjectJavaScript feature:
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/search?l=C%23&q=InjectJavaScript
It is there on the older project:
https://github.com/domaindrivendev/Swashbuckle/search?l=C%23&q=InjectJavaScript
That is what I've used to inject some javascript, without that we are very limited.
Now looking at this from a different perspective:
It seems you want to embed the authentication process on the swagger ui...
Maybe on the backend you should bypass the authentication if the request comes from Swagger-Ui
Related
I'm using Swashbuckle.AspNetCore to generate swagger and include the Swagger UI with my Web API project.
In order to mask a password field's entry, I implemented an ISchemaFilter as described here. (Basically it just adds "format": "password" to the field's schema in the swagger.json.)
This works for field entry:
...but after I send the request, the password is displayed in plain-text:
How can I hide the password text in these fields?
Swagger UI does not mask passwords or API keys in the generated cURL commands. As one of the developers explains:
think of the cURL command as a way to repeat the exact network request that happened in Swagger UI, outside of the UI
So there's no way to fully mask the passwords, apart from forking Swagger UI and implementing this functionality yourself.
On a side note, never send passwords in the query string. Send them in the request body instead.
I am looking to test my Speakatoo API credentials for my Text to Speech setup in my CRM. I have referred the API documentation however, I am not getting the JSON response as expected.
Can someone guide me how can I first setup the test on postman and then implement for my PHP application.
I tried to include the raw request as below:
{
"username":"cyro***#gmail.com",
"password":"*********",
"tts_title":"testing_API",
"ssml_mode":"0",
"tts_engine":"neural",
"tts_format":"3gp",
"tts_text":"Text for synthesize",
"tts_resource_ids":"TRDu7S1e63c6f288f85180a9130c4e5e10f39dc7fsmJ1XYfxH",
"synthesize_type":"save"
}
I guess, you should take the raw JSON body and test with your credentials. Don't forget to pass header Authorization else it won't work.
You may also implement in your application and it should work. Additionally, you can always contact their support team.
I have automated the use of Docusign from an Access Database using https calls from VBA
Now I have to change from their legacy authentication to use OAuth 2.0
I need to create a JWT and then use this to exchange for a Docusign API Access Token
I can create and encode the Header & Payload but need to generate the Signature part by encoding the Header and Payload to Base64 (which I can do) but then need to use the Private Key (also have a Public Key) which I have from Docusign and use something like RSASHA256 (as per JWT.io) to generate the Signature to add to my JWT
Does anyone know how I can create this signature element from VBA please
Thank you
you could try some of this code (part of a repository I made): https://github.com/krijnsent/crypto_vba/blob/master/ModHash.bas
You do need .NET 3.5 or greater on your system, as it's used by the hashing algorithms (System.Security.Cryptography).
Can anyone guide how to integrate with Silverpop, using OAuth(tokens)?
I referred this link
connecting to web api using c#
and I was able to get access token. After this I don't know how to proceed.
Thanks.
Take a look at my github repo:
https://github.com/marcelluseasley/IBM-Marketing-Cloud-XML-API-Wrapper
It isn't finished, but I started working on an XML API wrapper for the Silverpop API. First of all, if you are trying to integrate with the API, you should be able to contact client support and get a copy of the API PDF.
In any case, you should have a client id, client secret, and refresh token. You will need these three things along with a header value of "refresh_token" for the "grant_type" header key.
So you will first sent a post to https://api(pod number).silverpop.com/oauth/token . This will return an access token in a json dictionary ("access_token").
Any subsequent calls made to the API endpoint (https://api(pod number).silverpop.com/XMLAPI will require that you pass this access token in the header section of your request:
"Authorization:" would be the header key and
"Bearer: (access token)" would be the header value
Looking at my code will make it clearer if you are using Python. Your best bet is to get a copy of the API documentation. You have to be a Silverpop client to get a copy though.
Good luck.
Check the follwing:
http://www.codeproject.com/Articles/758362/SilverPop-Integration
Follow the step by step guide.
Twitter API 1.0 doesn't need an access token. The following line returns a XML file:
https://api.twitter.com/1/statuses/user_timeline.xml?screen_name=neodev2010
Result: Valid XML
Cause API 1.0 is deprecated we need to switch to API 1.1:
https://api.twitter.com/1.1/statuses/user_timeline.xml?screen_name=neodev2010
Result: Error: Bad Authentication data
I just found examples for API 1.1 based on large PHP classes.
How is it possible to authentication via GET parameters?
Which parameters are missing to get a valid response?
access_token=123
access_secret=345
oauth_access_token=678
oauth_access_token_secret=910
consumer_key=234
You can't authenticate to Twitter via a simple GET request. You need to use their OAuth system which involves passing a few pieces of information back and forth.
I strongly advise you to find a script or a library where someone has already implemented OAuth and build your application on that. OAuth is not easy to implement, and there's no reason to write new OAuth implementations when there are so many available for free.
REST API 1.1 only support 'json' format of output.
SO use following endpoint along with your authentication data
https://api.twitter.com/1.1/statuses/user_timeline.json?screen_name=neodev2010