I am trying to call the web service from mule which requires the access token for authorization. We have to generate the token from token URL and then we need to pass that token in Authorization to get the result from the web service.
I have written the Java Program to generate the access token, and it is working fine. But when i am trying to access the API with the generated Token it is giving the below error:
Error sending HTTP request.
Related
We are encountering a 401 error when making basic authenticated API calls to the X2CRM endpoints (index.php/api2/Contacts). Unauthenticated API calls to other X2CRM VoIP endpoints are successful without issue, and basic authentication works on a test page in the same directory using the same PHP-FPM pool. API calls previously working successfully.
The problem is that API calls to index.php/api2/Contacts or similar endpoints in the X2CRM system are returning a 401 error with "missing user credentials." Basic authentication is working correctly on a test page in the same directory and using the same PHP-FPM pool, and unauthenticated API calls to other X2CRM voip endpoints index.php/api/voip/data/(phone number) are successful without issue. The credentials for the API calls are confirmed to be present in the database
We tried making basic authenticated API calls to the X2CRM endpoints (index.php/api2/Contacts, etc.) using Postman and cURL. We expected the API calls to be successful and return the expected data. However, we encountered a 401 error and the response stated "Missing user credentials". We confirmed that the credentials being used are valid and present in the database. We also tested a basic authentication on a test page in the same directory and it was successful, allowing entry into the directory. We need help resolving the issue with the basic authenticated API calls.
The response that you have shared
Missing user credentials
means that the credentials that you are trying to send are not being sent with the request.
If those credentials were being sent correctly, then, the error would have been:
Invalid user credentials
or, something else in the response.
Furthermore, the index.php/api is different from index.php/api2 so you will need to verify it in the api2 controller. You can send a request to the following Endpoint to verify if your credentials work with the builtin APIs:
https://<YOUR_CRM_DOMAIN>/index.php/api2/appInfo.json
Moreover, the documentation clearly indicates that 401 error is related to Authorization, so you will need to fix that first.
I'm auditing an API whose client is a mobile application using the OAuth2 workflow but I'm missing something. I have a first endpoint of the /token.oauth2 API which allows me with credentials to get an access token needed to call other endpoints of the API. So far OK but on top of that I have an "x-api-key" which is transmitted along with the access token and if both the API key and the access token are not present, the server sends me a HTTP 401 response.
I can't find any mention of a connection flow using both an "x-api-key" and an access token in the OAuth2 standard. When do you think?
I have a Web API written using asp.net core. This API will be used to communicate with several other services registered in AAD, which all could be made using different technologies like an MVC application written in asp.net core or a single page application written in Vue.JS. The latter is causing me issues as the SPA won't be run by an application web server and rather something like nginx or apache and therefor won't be able to use a client secret.
I have added API permissions for my API to my apps.
How would I achieve this? I'm currently sending an access token using the Authorization: Bearer access_token header from the client app to the API, but since the client app and the API aren't the same app in the AAD, it's causing issues.
Here's the flow I'm trying to achieve:
All of the requested apps require you to login to the AAD and when requesting data from the API, they'll send the JWT token, which then should validate the token before returning the requested resource back to the client application.
It seems you misunderstand something . You can register your each client as independent application in Azure AD , and assign access permission for your web api .
The latter is causing me issues as the SPA won't be run by an application web server and rather something like nginx or apache and therefor won't be able to use a client secret.
SPA application use Implicit grant flow , so that it doesn't need the client secret when acquiring token .SPA could be independent app , you should provide client id when making authentication with AAD. After getting access token , you could create http request with Authorization: Bearer access_tokenheader for accessing your web api .
Each client(web/spa/native) will acquire access token for accessing web api . On web api side , you just need to validate the token .Validate the claims(issuer,audience) and signature .
I am working on Web Api call to authenticate using Auth0. I am able to get token
but when I am making calls to Web Api to get it is giving UnAuthorize 401 even I am sending the Authorize. Below is my code in Web Api project:
Call to Auth0 to authticate and get token
I am writing a ASP .NET WEB API Application which can be accessed by other devices and applications to interact with my Application hosted in IIS. How can I give OpenAuth Authentication for the WEB API Application. Am using MVC 4 in VS 2010 and hence my framework is 4.0. Please give me some suggestions.
You can authenticate a web API using Individual Accounts. Protected recource will contains the Www-Authenticate header with value "Bearer", indicating that the client must authenticate using a bearer token.
A bearer token is a particular type of access token. An access token is a credential string that authorizes a client to access a protected resource. (See RFC 6749.) A bearer token is an access token that can be used by any client. In other words, a client can use the token without proving that the token was issued to that particular client. (See RFC 6750.) For this reason, bearer tokens must be used with SSL. If you transmit a bearer token as plaintext, anyone can intercept it and get access to the protected resource.
All info about that can be found HERE