A website I'm accessing requires an API key ID and secret key as the username and password for (I'm assuming) basic authorization.
I'm using the HTTP.get function from the HTTP module but I can't find how to include my key ID and secret key.
Example
HTTP.get("https://api.mybitx.com/api/1/balance")
and this returns "HTTP.StatusError: received a '401 - Unauthorized' status in response"
The website has an API guide but the only help they give is an example using cURL $ curl -u keyid:keysecret https://api.mybitx.com/api/1/balance
I would appreciate any help
Links:
https://github.com/JuliaWeb/HTTP.jl
The API requires the key and secret code to be in the form:
temp = Basic " + base64encode("your_api_key_here").
You then create a dictionary like so:
usr = Dict("Authorization" => temp)
and finally
JSON.parse(String(HTTP.get("https://api.mybitx.com/api/1/balance"; headers = usr)))
The JSON.parse(String()) might need to change as I ran the code on quite an old Julia version last time this worked
Related
For an example:
Here is a question on using the curl to query an order from ShippingEasy restful API:
Created string for API signature per their direction ([https://shippingeasy.readme.io/docs/authentication-signing-requests]) as below: GET&/api/orders&api_key=xxx&api_timestamp=1601121474,&order_number=123456
Use the above string and the api secret key(private key) to obtained a signature(sss) using HMAC SHA265.
Then executed curl command as below, per their direction (https://shippingeasy.readme.io/docs/creating-a-signature)
curl "https://app.shippingeasy.com/api/orders?api_key=xxx&api_signature=sss&api_timestamp=1601121474,&order_number=123456
However, curl is returning {"errors":[{"message":"Access denied.","status":401}]}
The PST time zone to calculate the unix epoch time. ShippingEasy is located in Texas (central time zone).
I have already verify the HMAC SHA265 method that generates the signature, using the https://www.liavaag.org/English/SHA-Generator/HMAC/ site.
Thank you in advance for helping.
Having problem getting security token generated from my server to work properly. I modified the basicLive.js of the demo in AgoraWebSDK-NG to work with my server. I'm using the Golang api provided by Agora to generate the token. Some information:
AppID: ---
App Certificate: ---
channel name: liveshow10
uid: 51495 (I assume Agora does not care about this as long as it is uint32)
token expiration seconds: 3600
generated token: 006cb08a5a2ddc049f79f29d9b52e5909b0IABKKxbI64sFWnkyEICQrL+0DeTsrN9ckKMkDj/oir36aV+tq536WyGcIgCHHmUFHNv6XgQAAQCsl/leAgCsl/leAwCsl/leBACsl/le
But I'm getting bunch of error in the console. I think it boils down to an authorization error the token generated somehow is invalid. Below is the browser console and thanks for any help:
For anyone following along, the issue was related to UID. In the above code the token is generate specifically for UID 51495 but in the Agora Demo, the JoinChannel method passes null as the UID value which tells the SDK to generate its own UID for that user.
When attempting to join a channel with a different UID than the one used to generate the token, you will receive an error.
If you want to generate a token that can be used by any user, you need to set the UID to 0 in the token generation, and then you can use any UID join the channel with this token.
Update: The UID 0 detail can be found in the Token Server API reference within the UID parameter description docs.agora.io/en/video/token_server#api-reference
I have some troubles with getting Access token with grant type authorization code using Robot framework with Oauth2.
We use also a username/password authentication and after give the following parameters we get back our access token:
Grant Type, Callback URL, Auth URL, Access Token URL, Client ID, Client Secret, Scope, State.
I tried with RequestsLibrary and ExtendedRequestsLibrary as well, but no success so far.
Actually I do not know how to add parameters: callback url, auth url, access token url and state.
First try - using RequestsLibrary
Get admin token
&{HEADER_TOKEN}= Create Dictionary Content-Type=${CONTENT_TYPE}
&{DATA_TOKEN}= Create Dictionary token_name=backend_token grant_type=${GRANT_TYPE} redirect_uri =${CALLBACK_URL} auth_url=${AUTH_URL} access_token_url=${ACCESS_TOKEN_URL} client_id=${CLIENT_ID} client_secret=${CLIENT_SECRET} scope=${SCOPE} state=${STATE} username=${USERNAME} ${PASSWORD}
${BACKEND_RESPONSE}= RequestsLibrary.Post Request ${BACKEND_SESSION} /oauth/token data=${DATA_TOKEN} headers=${HEADER_TOKEN}
Log to console ${BACKEND_RESPONSE}
Should Be Equal As Strings ${BACKEND_RESPONSE.status_code} 200
Second try - using ExtendedRequestsLibrary
Get brand new admin token
${SESSION_RESPONSE}= Create Password Oauth2 Session client ${TOKEN_URL} ${CLIENT_ID} ${CLIENT_SECRET} ${USERNAME} ${PASSWORD} base_url=${BASE_URL}
&{HEADER_TOKEN}= Create Dictionary Content-Type=${CONTENT_TYPE}
&{DATA_TOKEN}= Create Dictionary token_name=client grant_type=${GRANT_TYPE} callback_url=${CALLBACK_URL} auth_url=${AUTH_URL} access_token_url=${ACCESS_TOKEN_URL} client_id=${CLIENT_ID} client_secret=${CLIENT_SECRET} scope=${SCOPE} state=${STATE}
${BACKEND_RESPONSE}= ExtendedRequestsLibrary.Post Request client /oauth/token data=${DATA_TOKEN} headers=${HEADER_TOKEN}
Log to console ${BACKEND_RESPONSE}
Should Be Equal As Strings ${BACKEND_RESPONSE.status_code} 200
Log to console ${BACKEND_RESPONSE.status_code}
If you have any idea just let me know.
thx!
using RequestsLibrary try with this approach it should work:-
Create Session baseUri https://xxxxxx.xx.xxx/xxx/xx verify=True
&{params}= Create Dictionary client_id=${client_id} client_secret=${client_secret} grant_type=${grant_type}
&{headers}= Create Dictionary Content-Type=application/json
${resp}= Post Request baseUri /oauth/token none none ${params} ${headers}
Log to Console ${resp.json()['access_token']}
Status Should Be 200 ${resp}
you are passing data=${DATA_TOKEN} as a body in your post request. You need to send it as query params. First parameter will be alias 2nd is uri 3rd is data 4th is Json and 5th is query params so in
Post Request baseUri /oauth/token none none ${params} ${headers}
you will find 3rd and 4th parameter as none. Hope this works
So, I'm using the following Ruby scripts to make bulk changes to user permissions: https://github.com/RallyTools/Rally-User-Management
My issue is that I need to put this code on a server where other people might be able to access it, and I want to change the my_vars.rb file to hold my credentials in the form of an API key instead of my username and password.
Is this possible? Because it doesn't seem as simple as removing the username and password lines, and replacing those lines with one for an API key
The rally_api gem's documentation shows example of creating a connection with ApiKey in the Usage section. The user management utility is based on this gem.
#Using api keys? -- currently rally1 only
Go to https://rally1.rallydev.com/login
You can generate an api key on this site and use it *instead* of username and password
config = {:base_url => "https://rally1.rallydev.com/slm"}
config[:api_key] = "_your_api_key_from_https://rally1.rallydev.com/login"
config[:workspace] = "Workspace Name"
config[:project] = "Project Name"
config[:headers] = headers #from RallyAPI::CustomHttpHeader.new()
The commit history shows that rally_api started to support ApiKey authentication in version 1.0
I'm new to Oauth and I stack on getting oauth_access_token to work with Xero. Web Service authentication doesn't work for me.
Xero returns the following error message "oauth_problem=signature_invalid&oauth_problem_advice=Failed to validate signature".
The generated signature is incorrect, but what is right way to generate it?
Here is APEX code which generates Endpoint. What is wrong?
Http h = new Http();
String consumer_key='XXX';
Long tmp=(System.now().getTime()/1000);
Blob isItCorrect = Crypto.generateMac('HMacSHA1', Blob.valueOf('https://api.xero.com/api.xro/2.0'), Blob.valueOf(consumer_key));
String signature= EncodingUtil.urlEncode(EncodingUtil.base64Encode(isItCorrect), 'UTF-8');
// Try to get access token
HttpRequest req = new HttpRequest();
req.setEndpoint('https://api.xero.com/oauth/RequestToken?oauth_consumer_key='+consumer_key+
'&oauth_signature_method=RSA-SHA1'+
'&oauth_signature='+signature+
'&oauth_timestamp='+tmp+ '&oauth_nonce='+tmp+'&oauth_version=1.0&scope=https%3A%2F%2Fapi.xero.com%2Fapi.xro%2F2.0');
req.setMethod('GET');
// Send the request, and return a response
HttpResponse res = h.send(req);
System.debug('~~~ '+res.getBody());
It generates following Endpoint:
Endpoint=https://api.xero.com/oauth/RequestToken?oauth_consumer_key=ICSP7Y5K2TG7RIIC6Y7R7KLC1AHWYC&oauth_signature_method=RSA-SHA1&oauth_signature=gWP02y2EIatw4xilTvd5Iq3e0%2Fw%3D&oauth_timestamp=1372123781&oauth_nonce=1372123781&oauth_version=1.0&scope=https%3A%2F%2Fapi.xero.com%2Fapi.xro%2F2.0
Just as an aside: I've never worked with salesforce so I'm not sure if there's a better
way to leverage existing oauth work on the platform, it's very rare
now to have to write all the oauth signature stuff yourself and it's
easy to make a mistake but here goes]
I think your signature base string is incorrect.
As far as I can tell you're just performing HMAC-SHA1 over https://api.xero.com/api.xro/2.0
if you read the OAuth Spec here: http://oauth.net/core/1.0/#anchor14 you need to construct the following base string (based on the request above)
GET&https%3A%2F%2Fapi.xero.com%2Foauth%2Frequesttoken&oauth_consumer_key%3DCONSUMER_KEY%26oauth_nonce (etc etc, just append all your query parameters apart from oauth_consumer as url encoded key=value pairs, in alphabetical order)
and then you need to create the hash with the key CONSUMER_KEY&CONSUMER_SECRET (both CONSUMER_KEY and CONSUMER_SECRET should be parameter encoded as per the OAuth Spec)
That should give you a valid signature..
Edit: I found this library which might be of help: https://code.google.com/p/sfdc-oauth-playground/