We are trying to update details information for serveral Venues in behalf of our clients/users by using Foursquare API.
It works pretty well for most of the clients, and we are using their own personal oauth credentials most of the time.
BTW, we have a lot of problems with some clients/accounts, because we are getting this error when trying to update the venues:
{
"meta": {
"code": 403,
"errorType": "not_authorized",
"errorDetail": "User not authorized to edit venue",
"requestId": "59bba14e351e3d0e31fcf9f1"
},
"notifications": [
{
"type": "notificationTray",
"item": {
"unreadCount": 0
}
}
],
"response": {}
We’ve checked the API limits and everything it’s correct. We’ve also checked the account Oauth token several times and it’s correct. Even we are using the 'venues/managed’ endpoint to ensure that the given Oauth credential can manage the given Venue and everything looks fine.
Any idea about what's happening?
Related
When I try to access Admin SDK API I get this error:
XHRGEThttps://admin.googleapis.com/admin/directory/v1/users?customer=some_custumer
[HTTP/3 403 Forbidden 220ms]
Even passing a API_KEY (&key=my_api_key), the same happens.
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"errors": [
{
"message": "Insufficient Permission",
"domain": "global",
"reason": "insufficientPermissions"
}
],
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT",
"domain": "googleapis.com",
"metadata": {
"method": "ccc.hosted.frontend.directory.v1.DirectoryUsers.List",
"service": "admin.googleapis.com"
}
}
]
}
}
Header:
www-authenticate
Bearer realm="https://accounts.google.com/", error="insufficient_scope", scope="https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/directory.user https://www.googleapis.com/auth/admin.directory.user.readonly https://www.googleapis.com/auth/apps.directory.user.readonly https://www.googleapis.com/auth/directory.user.readonly https://www.googleapis.com/auth/cloud-platform"
I've configured my app on Google Console. Configured the authentication and scopes like this scopes. I've also configured domain-wide-delegation in Admin Console. I'm expecting to list all Workspace users through this API, but I got this error.
The OAuth works fine.
I am not sure what you are using but here you have my assumptions:
If you are using OAuth, you will need to use a user with enough
privileges to list your users (a super admin account for example)
If you are using a service account, besides allowing wide domain
delegation you need to implement impersonation in your code, that
way you will specify which account the service account will
impersonate to make the API call. So, it is very important to
impersonate an account with enough permissions
If you have any questions please let me know
I’ve been creating a web app with a login and a registration function and so far everything has been going great. I managed to connect the app to the api/auth/local api endpoint and send some nice post requests.
Now, I’ve been trying to send requests to the http://localhost:1337/api/auth/local/register endpoint and without any success. I’ve been doing this according to:
https://docs.strapi.io/developer-docs/latest/plugins/users-permissions.html#registration
I keep getting a 400 error:
{
"data": null,
"error": {
"status": 400,
"name": "ApplicationError",
"message": "An error occurred during account creation",
"details": {
}
}
}
If I try to send a request with an email that’s already registered in strapi, the response will give me the correct error:
{
"data": null,
"error": {
"status": 400,
"name": "ApplicationError",
"message": "Email is already taken",
"details": {
}
}
}
In the public and authenticated user roles, I’ve allowed every single one of them, for now.
Enable confirmation emails are set to false.
Email confirmation
Public user permission
For the headers, I’m using Content-type : application/json
the raw json body I'm posting:
{
"email": "manager1#strapi.io",
"password": "testtest1",
"username": "manager1"
}
This is my first project with strapi and so far it went pretty well. I’m not sure if I’m missing out on something or if I’m doing something else wrong.
Any help is appreciated!
I figured it out, it wasn’t as complicated as I expected.
In the user I had different fields, like firstName, lastName etc. All of these fields were required.
I made the fields not required, and now it works.
I'm trying to use your AMADEUS API but i have trouble to display hotels offers on production environment ..
Note that everything is ok on sandbox.
On https://api.amadeus.com endpoint I do :
/v1/security/oauth2/token to get an access token
then add the access token as bearer authentication
Then launch the request /v2/shopping/hotel-offers/?cityCode=NCE
((( Same as the sandbox )))
Here the response :
"errors": [
{
"status": 401,
"code": 701,
"title": "Wrong authentication credentials.",
"source": {
"pointer": "uri"
}
}
]
So I test the token on /v1/security/oauth2/token/{{XXXXXXXX}}
The token is not expired and approuved.
Anyone to help?
Thank you so much (sorry for english mistakes)
Akim
I have an angular 6 application which makes requests to various oauth2 providers. I’ve managed to successfully request access tokens from these providers using the implicit grant type (will be working on authorization code soon). Now I’m trying to find a list of API endpoints that I can test the access tokens with. For example, requesting user profile information from Google.
So far, I’ve been able to get access tokens from the following providers:
Google (https://accounts.google.com)
Anilist (http://anilist.co)
OneDrive (https://login.live.com)
DropBox (https://www.dropbox.com)
Does anyone know any publicly accessible API endpoints for any of the above (or any other oauth2 provider) that I can test with?
Thanks
Here is how you can answer your question for Google.
You first connect to the Google API explorer web application: https://developers.google.com/apis-explorer/#p/
This web page helps you browse the many Google APIs. So, search for an API named API Discovery Service. It will answer an API that provides information about other Google APIs, such as what APIs are available, the resource, and method details for each API.
Therefore, to get a list of every APIs, you can call the list entry point of this API Discovery Service here: https://www.googleapis.com/discovery/v1/apis?preferred=true
Here is the beginning of the result:
{
"kind": "discovery#directoryList",
"discoveryVersion": "v1",
"items": [
{
"kind": "discovery#directoryItem",
"id": "abusiveexperiencereport:v1",
"name": "abusiveexperiencereport",
"version": "v1",
"title": "Abusive Experience Report API",
"description": "Views Abusive Experience Report data, and gets a list of sites that have a significant number of abusive experiences.",
"discoveryRestUrl": "https://abusiveexperiencereport.googleapis.com/$discovery/rest?version=v1",
"icons": {
"x16": "https://www.gstatic.com/images/branding/product/1x/googleg_16dp.png",
"x32": "https://www.gstatic.com/images/branding/product/1x/googleg_32dp.png"
},
"documentationLink": "https://developers.google.com/abusive-experience-report/",
"preferred": true
},
[...]
On each of those APIs listed by the previous call, the discoveryRestUrl field gives you an URL on which you can get informations like the entrypoint of the corresponding API.
For instance, you can find that the GMail API is described here: https://www.googleapis.com/discovery/v1/apis/gmail/v1/rest
In the output, extract the OAuth2 part from the auth entry to get the scopes:
"auth": {
"oauth2": {
"scopes": {
"https://mail.google.com/": {
"description": "Read, compose, send, and permanently delete all your email from Gmail"
},
"https://www.googleapis.com/auth/gmail.compose": {
"description": "Manage drafts and send emails"
},
"https://www.googleapis.com/auth/gmail.insert": {
"description": "Insert mail into your mailbox"
},
"https://www.googleapis.com/auth/gmail.labels": {
"description": "Manage mailbox labels"
},
"https://www.googleapis.com/auth/gmail.metadata": {
"description": "View your email message metadata such as labels and headers, but not the email body"
},
"https://www.googleapis.com/auth/gmail.modify": {
"description": "View and modify but not delete your email"
},
"https://www.googleapis.com/auth/gmail.readonly": {
"description": "View your email messages and settings"
},
"https://www.googleapis.com/auth/gmail.send": {
"description": "Send email on your behalf"
},
"https://www.googleapis.com/auth/gmail.settings.basic": {
"description": "Manage your basic mail settings"
},
"https://www.googleapis.com/auth/gmail.settings.sharing": {
"description": "Manage your sensitive mail settings, including who can manage your mail"
}
}
}
},
In the description, you will also find the endpoint for the GMail API : https://www.googleapis.com/gmail/v1/users/
Finally, you can access this API by means of OAuth2.
NOTE: every scopes associated with one or several APIs are listed here: https://developers.google.com/identity/protocols/googlescopes
I have an Google Chrome extension that is using Tumblr API for making new posts in my blog.
And it was working fine until lately. At some point Tumblr API stopped accepting my requests.
This is what I am getting when requesting Tumblr API https://api.tumblr.com/v2/blog/chestozo.tumblr.com/post:
{
"meta": {
"status": 401,
"msg": "Unauthorized"
},
"response": [],
"errors": [
{
"title": "Unauthorized",
"code": 1016,
"detail": "Unable to authorize"
}
]
}
After searching the web for Tumblr API error codes I could not find anything about this error code.
Any idea what does it mean?
After some more investigation it turns out that this is due to Authorization header format that was used in my extension which was like this:
Authorization: OAuth oauth_nonce="gTle8" oauth_timestamp="1526133184"
oauth_signature_method="HMAC-SHA1" oauth_consumer_key="vGKikr...lQt4Ozi"
oauth_token="NPIRR5h...p0wQz" oauth_signature="kEf7C...2No99Q%3D"
There were no commas after different OAuth parameters. And it was working for some years :) until at some point probably Tumblr stopped supporting this old format.
All I had to do was to add commas after each parameters and all is good now:
Authorization: OAuth oauth_nonce="FBioO", oauth_timestamp="1526133278",
oauth_signature_method="HMAC-SHA1", oauth_consumer_key="vGKikr2u...t4Ozi",
oauth_token="eRPGCCe...DWaw4cr", oauth_signature="m0FmC...hU%3D"