while testing Slack API's files.upload
I found that I can not get a PDF with thumbnail attached.
I want is following(I got this using Slack official client):
but this is what I got using files.upload API.
so I compared the result of channels.history
you can find 'thumb_pdf', 'thumb_pdf_w', 'thumb_pdf_h' on the left (uploaded using official client). does anyone know how can this be done with slack's API?
I don't know whether this is useful for you. So please think of this as one of several answers.
In my environment, I also confirmed the same situation with you. When PDF is uploaded using files.upload API, the thumbnail is not attached. On the other hand, when PDF is uploaded using the official client (I uploaded it using my browser.), the thumbnail is attached. In the case of images, I can see the thumbnail for both patterns.
Analysis :
I have assumed that when the PDF is uploaded using the official client, the special parameters and endpoints may be used. The files are uploaded by multipart/form-data. So I analysed the request when the PDF file is uploaded. I used the chrome developer tools. As a result, it was found that the special endpoint and access token are used for this situation.
https://upload.slack.com/api/files.uploadAsync is used as the endpoint.
At files.upload, https://slack.com/api/files.upload is used.
xoxp-############-############-############-########## is used as the access token. (# is used instead of numbers.) This is the difference from the legacy token and access token retrieved by OAuth2.
The legacy token and access token retrieved by OAuth2 are xoxp-############-############-############-################################.
These are used for not only PDF files, but also other files.
Experiment :
As an experiment, I tried the request using the endpoint and access token retrieved by analysing the request. I used curl for this. The curl command is as follows.
curl \
-F file=#sample.pdf" \
-F channels=### channel ID ### \
-F token=xoxp-############-############-############-########## \
-F filename=sample.pdf \
-F title="Upload test" \
"https://upload.slack.com/api/files.uploadAsync"
Results :
When the curl command mentioned above is used, {"ok":true,"ticket":"#####","file":"### file ID ###"} is returned. And the PDF with the thumbnail could be seen at the timeline. If the legacy token and access token retrieved by OAuth2 are used for this endpoint, {"ok":false,"error":"not_allowed_token_type"} is returned. From this, it is found that xoxp-############-############-############-########## is the special token.
Note :
This method may be not general. Also I don't know whether this is suitable for this situation.
The expiration time of access token is not clear.
If this information is not useful for you, I'm sorry.
Related
What I want
I have a python backend application, using a service account, running in docker.
I have a cloud build trigger that is connected to a bitbucket repository. This trigger uses a webhook. For revision I use tags.
I want to trigger this webhook with my backend application. I want to provide a specific tag (using a placeholder variable).
I want the backend to give me a list of all available tags (like I get on the console.google.com frontend, see screenshot)
What I tried
I tried this API endpoint using a Bearer token (which works fine), but it doesn't provide me with a tag list: Source Repo API
curl https://sourcerepo.googleapis.com/v1/projects/<project>/repos/<repo>' --header "Authorization: Bearer $(gcloud auth print-access-token)" --header 'Accept: application/json'
Because it is possible to retrieve all tags in the cloud console, I used the developer tools to find the endpoint that provides me with all available tags:
https://console.cloud.google.com/m/source/repos/get?project=<project>&repo=<repo>
My issue here is that it takes cookies to authenticate, if I use the Bearer token it does not work.
Is it possible to authenticate my service account automatically against console.google.com to use this endpoint? Or is there another way to get a list of tags?
From what you have explained I understand that your concerns are:
1. If there is a way to get the list of tags from your repository that you are able to see in the GCP console using the endpoint that you have found.
The information that the console displays regarding tags do not come from any REST or gRPC API (the APIs provided by Google), but rather it comes directly from the git API. The console frontend runs a command similar to git tag in order to get the tags from your repository. The tags are not stored within the GCP system, the console only queries the git repo for the tags.
2. Can I authenticate with a service account on the console?
No. The APIs used by the web frontends (i.e. APIs starting with https://console.cloud.google.com) will only allow cookie authentication, which only user accounts can obtain. There is usually a way to translate a frontend API (https://console.cloud.google.com) to a GCP API (https://*.googleapis.com), where you can use regular authentication to retrieve the information. However,in this case, the tag information is not in a GCP API (but rather inside the git repo), so there is no translation available.
3. If there is another way to list the possible tags present in the repository?
I tried to reproduce your situation to find a way to be able to get the list of the tags present in one repository, in this case a Bitbucket repository, and I found that you will be able to get this data using the $ git tag command. In this documentation you will be able to find all the commands related to Repository tags.
Knowing this, after linking the Bitbucket Repository to my code, I was able to get the list of tags after using the $ git tag command.
My server is a closed-network and i want to make a whitelist only for bigquery client and gsutil.
I have tried adding following url
https://cloud.google.com/bigquery
https://console.cloud.google.com/
But it turns out bigquery needs a little more url for authenticating purposes and many more. For example like the urls below
https://accounts.google.com/o/oauth2/auth
https://www.googleapis.com/oauth2/v1/certs
Does anyone know all the url that is used for bigquery-client and gsutil. Not only for authenticating but also for creating jobs and fetching data from storage
Per the official documentation you can see that the URL https://www.googleapis.com/auth/bigquery is the one used for BigQuery to authenticate:
#This is a Python example
appflow = flow.InstalledAppFlow.from_client_secrets_file(
"client_secrets.json", scopes=["https://www.googleapis.com/auth/bigquery"]
)
But, then you need to whitelist the URL for the API authorization of your project, for example:
curl -H "Authorization: Bearer $ACCESS_TOKEN" \
"https://www.googleapis.com/bigquery/v2/projects/$GOOGLE_CLOUD_PROJECT/datasets"
I recommend you to whitelist all of GCS/Google APIs or if you want to be more detailed deploy a firewall and see the traffic you are getting from GCS/BigQuery
I have a PHP application which, unfortunately, already uses the 1.1.4 version of the Google Client API, and I am unable to change that, which makes the 2.X version of the Google PHP Sheets API unavailable to me.
However, I'm hoping to be able to use the Google Sheets REST API directly, making my own curl calls (using Guzzle if that's at all interesting).
I'm brand new to the Google API and I've been all over their documentation, but I haven't been able to figure out how to do some basic things.
For the purposes of this question I want to simply create a new Google spreadsheet via the API, from a tool like POSTman.
I get that I first have to obtain an OAuth2 token via https://www.googleapis.com/auth/spreadsheets. The problem is that I can't quite figure out what to pass this call. I'm assuming it requires a GET since POST returns an error saying that method is unavailable.
Once I get that token, how do I use it when I POST to https://sheets.googleapis.com/v4/spreadsheets
Can someone provide a very basic example of the calls I might make directly to simply create a very basic default spreadsheet?
Or am I thinking about this all wrong? All help is appreciated.
If you already have an OAuth2 access token, you can pass it in the "Authorization" header:
curl -L -d '{}' \
-H "Authorization: Bearer <INSERT ACCESS TOKEN HERE>" \
-H 'Content-Type: application/json' \
https://sheets.googleapis.com/v4/spreadsheets
I just verified that curl command creates a new sheet.
Unfortunately as you already indicated, that's probably the simple part, and Getting an OAuth2 access token is more challenging.
Here's a (relatively painful, unfortunately) approach I use sometimes:
You should first create your own project in the API Console or Cloud Platform console, and configure it for your own OAuth2 client id and client secret.
Next, for just playing around, from the Google OAuth2 Developer Playground at https://developers.google.com/oauthplayground/, set your Client Id and Client Secret under the "OAuth 2.0 configuration" (it's the Settings icon - the little gear in the top right). The places to enter those will be hidden until you check "Use your own OAuth credentials". You can then get an access token, with the scopes https://www.googleapis.com/auth/spreadsheets and https://www.googleapis.com/auth/drive, by following the steps on the left.
For more playing around, you could then construct the POST right in step 3, or use the access token from Step 2 in the curl command above.
Best of luck - it's tricky stuff to get the auth parts right. There are lots of moving parts, and I'm just illustrating the high points here.
Tragedy about the library issue -- the PHP Quick Start appears to deal with the auth relatively cleanly.
Tim
Here's the official spreadsheets.create reference. Here's a list of Sheets API Samples. I would suggest that you leave the current version you're using and play with the PHP Quickstarts just so you can have a grasp of how it works.
This is going to be less than satisfying, but after fighting with it a while I looked to see if I could go against the premise of my question: That I couldn't upgrade to the latest Google Sheets PHP API.
As it turns out there was a way. That made all of this a lot easier.
Google's documentation is frustratingly incomplete, but I managed to get it all working anyway. Both of you gave me key pointers. Thanks for your help.
I am trying to connect to Google Cloud from an embedded device so I have no access to OAuth authentication. The documents show that I can use simple API key for connecting. I have created a simple API key but I am having problems using it.
I can test the API functions successfully on https://developers.google.com/apis-explorer/?hl=en_US#p/pubsub/v1/ but on this developer's site I don't enter my API key (maybe one is generated automatically in the background).
When I try the same command using curl I get a 401 error:
"Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", "status": "UNAUTHENTICATED"
But I am copying the GET or POST command directly from the online API tester and adding my key at the end:
curl -X POST -d '{"policy":{"bindings":[{"role":"roles/editor","members":["serviceAccount:charge...."]}]}}' https://pubsub.googleapis.com/v1/projects/pl..../subscriptions/arriveHomeSub:setIamPolicy?key=AIz....
What am I missing?
With the limited information you have provided, it is tough to identify the root cause but these are some of the possible ones:
You have not used quotes for the URL argument to curl. This could lead to some characters which are part of the URL to be interpreted by your shell in a different manner. Characters like & are usual culprits although they don't seem to be part of the URL you pasted.
curl -X POST -d '{"policy":{"bindings":[{"role":"roles/editor","members":["serviceAccount:charge...."]}]}}' 'https://pubsub.googleapis.com/v1/projects/pl..../subscriptions/arriveHomeSub:setIamPolicy?key=AIz'
You have not described how you're generating your API key and hence I feel that could be one of the possible issues.
You can go over the steps for using Google OAuth 2.0 from Google, it covers a lot about client secrets, access tokens and refresh tokens.
As long as you have your client ID and secret, you can call Google OAuth APIs to generate an access token.
You pass in the current access token as the key argument to your REST API.
Access tokens have very limited lifetime and might need refreshing periodically. If your application needs to periodically refresh access tokens, consider storing the refresh token in your application in a secure manner.
I obtained the oauth token and oauth token secret for the LinkedIn API via Python. I'd like to make some REST calls via curl now and I tried the following ;
curl -v "http://api.linkedin.com/v1/people/~" -d "oauth_token=xxxxxxxxxx" -d "oauth_token_secret=xxxxxxxxxxxxx"
I've used the LinkedIn API in Python but wanted to use in curl. Am I missing something here ?
Any suggestions in this regard will be highly appreciated.
Thank you for your help.
You need to sign the requests using OAuth - usually the best way to do this is to use a library (like you mentioned, the python library works well). You can scoop the HTTP traffic to see what additional headers are being sent. The developer portal at http://developer.linkedin.com has an overview of the OAuth stuff, but it'd be pretty tough to get a working implementation for Curl because each signature you generate will be different (based on timestamp).