How to use Google sheets REST API directly to create a sheet - google-oauth

I have a PHP application which, unfortunately, already uses the 1.1.4 version of the Google Client API, and I am unable to change that, which makes the 2.X version of the Google PHP Sheets API unavailable to me.
However, I'm hoping to be able to use the Google Sheets REST API directly, making my own curl calls (using Guzzle if that's at all interesting).
I'm brand new to the Google API and I've been all over their documentation, but I haven't been able to figure out how to do some basic things.
For the purposes of this question I want to simply create a new Google spreadsheet via the API, from a tool like POSTman.
I get that I first have to obtain an OAuth2 token via https://www.googleapis.com/auth/spreadsheets. The problem is that I can't quite figure out what to pass this call. I'm assuming it requires a GET since POST returns an error saying that method is unavailable.
Once I get that token, how do I use it when I POST to https://sheets.googleapis.com/v4/spreadsheets
Can someone provide a very basic example of the calls I might make directly to simply create a very basic default spreadsheet?
Or am I thinking about this all wrong? All help is appreciated.

If you already have an OAuth2 access token, you can pass it in the "Authorization" header:
curl -L -d '{}' \
-H "Authorization: Bearer <INSERT ACCESS TOKEN HERE>" \
-H 'Content-Type: application/json' \
https://sheets.googleapis.com/v4/spreadsheets
I just verified that curl command creates a new sheet.
Unfortunately as you already indicated, that's probably the simple part, and Getting an OAuth2 access token is more challenging.
Here's a (relatively painful, unfortunately) approach I use sometimes:
You should first create your own project in the API Console or Cloud Platform console, and configure it for your own OAuth2 client id and client secret.
Next, for just playing around, from the Google OAuth2 Developer Playground at https://developers.google.com/oauthplayground/, set your Client Id and Client Secret under the "OAuth 2.0 configuration" (it's the Settings icon - the little gear in the top right). The places to enter those will be hidden until you check "Use your own OAuth credentials". You can then get an access token, with the scopes https://www.googleapis.com/auth/spreadsheets and https://www.googleapis.com/auth/drive, by following the steps on the left.
For more playing around, you could then construct the POST right in step 3, or use the access token from Step 2 in the curl command above.
Best of luck - it's tricky stuff to get the auth parts right. There are lots of moving parts, and I'm just illustrating the high points here.
Tragedy about the library issue -- the PHP Quick Start appears to deal with the auth relatively cleanly.
Tim

Here's the official spreadsheets.create reference. Here's a list of Sheets API Samples. I would suggest that you leave the current version you're using and play with the PHP Quickstarts just so you can have a grasp of how it works.

This is going to be less than satisfying, but after fighting with it a while I looked to see if I could go against the premise of my question: That I couldn't upgrade to the latest Google Sheets PHP API.
As it turns out there was a way. That made all of this a lot easier.
Google's documentation is frustratingly incomplete, but I managed to get it all working anyway. Both of you gave me key pointers. Thanks for your help.

Related

How to pass user credentials to gravitee in body request and not as query param

Im trying to authenticate an user in Gravitee AM using OAuth, is the step to get the access token... but i notice that the credentials are passed as query param and not in the body request (as may to be for me... i think), is configuration needed to change this or is an best practice (if Yes, can help me showing the source of the declarative).
the definiton of how to authenticate:
curl -X POST \
'http://GRAVITEEIO-AM-GATEWAY-HOST/:securityDomainPath/oauth/token?grant_type=password&client_id=:clientId&client_secret=:clientSecret&username=:username&password=:password&scope=read' \
source:
Regards!
You're absolutely right. Support for public oauth client will be provided in GRavitee.io 3.x (april 2020).
Already available as part of branch, we're currently reviewing it: see https://github.com/gravitee-io/graviteeio-access-management/pull/707.
Regards,

Exact online REST API: POST call not working

I am trying to make a post call in Exact Online REST API. I'm trying to create a SalesInvoiceLine. I can perfectly do a GET call via my browser. I am logged in in Exact Online so I don't need authentication since this should be passed via a cookie. I tried POST via a browser. The browser prompts me to login, when I do nothing happens. I've also tried this in Postman:
I am 100% certain these initials are correct, I can login with them in Exact Online. What am I doing wrong?
If this is not the way, how can I post data to Exact Online? There are not that many concrete examples to find online.
You can't log on to the Exact Online REST API with Basic authentication, the mode you are using now.
The web service uses OAuth as authentication mechanism, meaning you have to acquire a token first. The steps to do so are outlined in the official documentation.
It will need some work on your end to register an app, get the flow up and running. Depending on your business needs, you might be helped with one of the apps for Exact Online by the company I work for.
You need to retrieve the CurrentDivision through GET Request https://{Base Uri}/api/v1/current/Me only from OAuth then you need to assign
CurrentDivision to whatever may be the API call .../api/v1/{CurrentDivision}/../....
Without authorization by Auth 2.0, neither is impossible.
To authorize the ExactOnline API calls you have to do the following:
Register the app in the developer portal. Bear in mind that you have to do a separate registration for French, UK or Dutch version of ExactOnline (this is indeed a pain).
In case you want your application to be used by other accounts than yours, you have to submit the app for validation, this usually takes 2-3 weeks.
EO uses standard OAuth 2.0 schema (very similar to what Google is using with their services). You have to use endpoint GET /api/oauth2/auth for building an authorization link and endpoint POST /api/oauth2/token for obtaining both access and refresh tokens.
Please bear in mind that many Auth 2.0 services are proving long-lasting refresh token. This is not the case of EO. The refresh token is invalidated every time when the access token is requested (endpoint POST /api/oauth2/token). With access token new refresh token is supplied, so make sure you update you refresh token as well.
The access token is placed in HTTP header as "Authorization: Bearer {{ACCESS_TOKEN}}"
In case you want to automate the EO API calls and do not want to code anything on your own, you can try one of the pre-build Exact Online API connectors, created by the company I work for.

can I get 'thumb_pdf' using Slack's files.upload method?

while testing Slack API's files.upload
I found that I can not get a PDF with thumbnail attached.
I want is following(I got this using Slack official client):
but this is what I got using files.upload API.
so I compared the result of channels.history
you can find 'thumb_pdf', 'thumb_pdf_w', 'thumb_pdf_h' on the left (uploaded using official client). does anyone know how can this be done with slack's API?
I don't know whether this is useful for you. So please think of this as one of several answers.
In my environment, I also confirmed the same situation with you. When PDF is uploaded using files.upload API, the thumbnail is not attached. On the other hand, when PDF is uploaded using the official client (I uploaded it using my browser.), the thumbnail is attached. In the case of images, I can see the thumbnail for both patterns.
Analysis :
I have assumed that when the PDF is uploaded using the official client, the special parameters and endpoints may be used. The files are uploaded by multipart/form-data. So I analysed the request when the PDF file is uploaded. I used the chrome developer tools. As a result, it was found that the special endpoint and access token are used for this situation.
https://upload.slack.com/api/files.uploadAsync is used as the endpoint.
At files.upload, https://slack.com/api/files.upload is used.
xoxp-############-############-############-########## is used as the access token. (# is used instead of numbers.) This is the difference from the legacy token and access token retrieved by OAuth2.
The legacy token and access token retrieved by OAuth2 are xoxp-############-############-############-################################.
These are used for not only PDF files, but also other files.
Experiment :
As an experiment, I tried the request using the endpoint and access token retrieved by analysing the request. I used curl for this. The curl command is as follows.
curl \
-F file=#sample.pdf" \
-F channels=### channel ID ### \
-F token=xoxp-############-############-############-########## \
-F filename=sample.pdf \
-F title="Upload test" \
"https://upload.slack.com/api/files.uploadAsync"
Results :
When the curl command mentioned above is used, {"ok":true,"ticket":"#####","file":"### file ID ###"} is returned. And the PDF with the thumbnail could be seen at the timeline. If the legacy token and access token retrieved by OAuth2 are used for this endpoint, {"ok":false,"error":"not_allowed_token_type"} is returned. From this, it is found that xoxp-############-############-############-########## is the special token.
Note :
This method may be not general. Also I don't know whether this is suitable for this situation.
The expiration time of access token is not clear.
If this information is not useful for you, I'm sorry.

Authenticating to Magento Rest API via Curl and token-based authentication fails

As all I want to do is connect to my own site, I should be able to ignore oAuth and do token-baseed authentication as per:
http://devdocs.magento.com/guides/v2.0/get-started/authentication/gs-authentication-token.html
My curl request looks exactly like:
curl -X POST "https://magento.host/index.php/rest/V1/integration/admin/token" \
-H "Content-Type:application/json" \
-d '{"username":"test#example.com", "password":"123123q"}'
The response I get is a HTML page from my own site that basically says 'page not found' I'm obviously going to the correct domain, but it seems something else in the URL is incorrect. Any ideas?
Am I using the wrong URL?
In version 1.9 you need to create a Guest endpoint. Then you don't need to use oAuth. You can see how to use it here: http://devdocs.magento.com/guides/m1x/api/rest/introduction.html
An authentication system that uses REST so that you do not need to actually track or manage the users in your system. This is done by using the HTTP methods POST, GET, PUT, DELETE. We take these 4 methods and think of them in terms of database interaction as CREATE, READ, UPDATE, DELETE.
There is no direct way to use REST token based authentication on the Magento 1.x version. You need to write this functionality to you for your own. I have write this functionality by using REST API and you can also follow this article for more details.
https://www.ipragmatech.com/magento-token-base-rest-api-for-authentication-and-authorization

curl LinkedIn API

I obtained the oauth token and oauth token secret for the LinkedIn API via Python. I'd like to make some REST calls via curl now and I tried the following ;
curl -v "http://api.linkedin.com/v1/people/~" -d "oauth_token=xxxxxxxxxx" -d "oauth_token_secret=xxxxxxxxxxxxx"
I've used the LinkedIn API in Python but wanted to use in curl. Am I missing something here ?
Any suggestions in this regard will be highly appreciated.
Thank you for your help.
You need to sign the requests using OAuth - usually the best way to do this is to use a library (like you mentioned, the python library works well). You can scoop the HTTP traffic to see what additional headers are being sent. The developer portal at http://developer.linkedin.com has an overview of the OAuth stuff, but it'd be pretty tough to get a working implementation for Curl because each signature you generate will be different (based on timestamp).