I'm attempting to access the online API of http://api.football-data.org/index using Excel VBA to eventually populate an excel sheet with a click of a button. Currently I have:
Sub apiTest()
Dim oRequest As Object
Set oRequest = CreateObject("WinHttp.WinHttpRequest.5.1")
oRequest.Open "GET", "http://api.football-data.org/v1/competitions/354/fixtures/?matchday=22", False
oRequest.SetRequestHeader "X-Auth-Token", "replace this with my api token"
oRequest.Send
MsgBox oRequest.ResponseText
End Sub
According to the site, all I need to do is to add the X-Auth-Token field to the header and it should work. However, when I try to run this the response body says "The resource you are looking for is restricted". Am I using WinHTTPRequest improperly?
I have checked its documentation. The error (403 Restricted Resource) is to do with the followings:
the resource is only available to authenticated clients
the resource is only available to donating clients
the resource is not available in the API version you are using
Also, X-Response-Control seems to be included as request header (See the doc).
Related
I am trying to update my Google Calendar from a desktop version of Outlook. When I add an event to my outlook calendar, the following VBA code is executed:
Set httpCall = CreateObject("MSXML2.ServerXMLHTTP")
Dim sURL As String
sURL = "https://www.googleapis.com/calendar/v3/calendars/<my google gmail account>/events?sendNotifications=false&fields=etag%2ChtmlLink%2Cid&pp=1&access_token=<my OAuth 2.0 client id>"
httpCall.Open "POST", sURL, False
httpCall.setRequestHeader "Content-Type", "application/json;charset=UTF-8"
httpCall.Send Json
Dim sReturn As String
sReturn = httpCall.responseText
The value of sReturn at the end of executing the code is this:
I have an OAuth 2.0 client id and client secret but obviously, I dont have something set up correctly.
Any assistance is greatly appreciated.
Thank you.
The error message says you need to pass an access token or other valid authentication credentials to get the job done. The code is not authorized.
You may find the Google APIs and Google Oauth2 VBA authentication pages helpful.
In order to write to a users calendar you need their permission. Once you have their permission you should have an access token. This access token must be sent as an authorization header along with your request.
hReq.setRequestHeader "Authorization", "Bearer cHBzX2NyZWdJIYXAhjhjdjsfhjdshakjfdhakfhjk5c0AjMTZAY3JlZ"
I am trying to update my google cleandar
i recommend using calendar.patch instead of calendar update.
Dont for get you need to authorize the user with the following scope
Insert Event
While you have stated that you are trying to update your google calendar, from your code and the erro message it actually looks like you are trying to create a new event using events.isnert
If you are using this method remember it requires that you authorize the user with one of these scopes
I'm working on setting up a flow that will make an API request against a protected API. Since it requires authentication, I'm using HTTP with Azure AD. I'm able to sign in correctly, and I appear to be getting an authorization code:
I'd like to exchange this code for an access token so I am invoking this HTTP request:
It's complaining about the Headers not being a valid json. I'm also not sure what to include in the Body to exchange the authorization code for an access token.
Since I don't know much about this connector, so I'm sorry that I can't explain to you why your API calls still require logging in(which you asked in previous post). But if just for the questions and screenshot you provided above, I can provide some suggestions for your reference.
In you power-automate, you can add a "Initialize variable" action to initialize a variable named "header" and set the value shown as below screenshot:
Then you can use "Parse JSON" action to parse this variable(convert it to json format)
Now you can use the "Body" from the "Parse JSON" as the value of the "Headers" box in your "Invoke an HTTP request". It will solve the issue of headers not being a valid json.
For the value of "Body of the request", you can put the value as I provided in the previous post:
grant_type=password&client_id=xxxxx&scope=xxxxx&username=xxxxx&password=xxxxxclient_secret=xxxxx
Hope it would be helpful to your problem~
I am trying to read a Google Sheet by calling the Sheets API from a Zoho CRM Deluge function. I have created a project in the Google Developer Console and input the Key into the 'invokeurl' parameters. When I try to execute the call, I get the error:
"The API Key and the authentication credential are from different projects."
I tried creating an OAuth client ID, but the Google Sheets API only accepts Access Tokens. I admit, I don't know how to programmatically get an access token without giving consent with a pop up (not an option here).
I tried creating an access token using the Google OAuth Playground, but got the same "different projects" error.
I read on a Zoho support article that adding the headers:
{"X-HTTP-Method-Override":"PATCH","Content-Type":"application/json"}
help call Google APIs. When I did that, I get a different error:
"The requested URL /v4/spreadsheets/[spreadsheet ID]/values/[range]?key=[my key] was not found on this server. That’s all we know.
I have no other ideas. Any help would be greatly appreciated.
For reference, here is the relevant portion of the Zoho function:
params =
{
"key":myKey
};
sheet = invokeurl
[
url :"https://sheets.googleapis.com/v4/spreadsheets/" + id + "/values/" + range
type :GET
parameters:params
connection:"to_google_sheets"
headers: {"X-HTTP-Method-Override":"PATCH","Content-Type":"application/json"}
];
Turns out that since I had made a "connection" to the Google Sheets API in the Zoho CRM, I didn't need to pass the Key.
Removing that line made it work just fine.
I see this Access to Outlook RestAPI from an Outlook web Add-in question but nothing about attachment there.
I success to make outlook rest API request from my add-in follow https://dev.office.com/docs/add-ins/outlook/use-rest-api?product=outlook this tutorial . For example I success to get some message details), but I have 2 problems:
I can't add attachment with outlook rest API call to message.
I try to make call with the itemId like here:
https://outlook.office.com/api/v2.0/me/messages/" + itemId +"/attachments
The error I get is:
{"error":{"code":"ErrorAccessDenied","message":"The api you are trying to access does not support item scoped OAuth."}}
I try to change permissions(ReadWriteMailbox/ReadWriteItem) on manifest but nothing help..
Sometimes the call of Office.context.mailbox.getCallbackTokenAsync({ isRest: true }, function().... function work and return access token and sometimes return error , I don't know also what the reason.
The error I get sometimes is:
OSF.DDA.AsyncResult
error:OSF.DDA.Error
status:"failed"
Hope you could help me , thanks all!!
On #1, the error indicates that the token you have is scoped to just the current item. The REST API cannot use this kind of token for modifying attachments, so you get that error. The correct way that this should work is that you specify ReadWriteMailbox in your add-in manifest, and then the token you get back should be a mailbox-scoped token. However, there is currently a bug with desktop Outlook's handling of getCallbackTokenAsync that causes it to incorrectly still return an item-scoped token. That bug has been fixed but the update hasn't been publicly pushed yet.
If you want to check this, copy the token you get back and head over to https://jwt.io/. Paste it in the "Encoded" box and check the payload. If you see "ver": "Exchange.Callback.V1" it's the item-scoped token. If you see "ver": "Exchange.Callback.V2" it's the mailbox-scoped one.
On #2, I have no idea. It would be helpful if you could get a Fiddler trace on your Outlook client machine that catches the add-in making the token request.
I'm trying to read data from a google spreadsheet by retrieving a cell based feed via the sheets API.
The spreadsheet is private, so I'm using oauth 2.0 to authorize my requests.
Retrieving basic infos about my drive account via https://spreadsheets.google.com/feeds/spreadsheets works fine, but when I try to access the data from on of my spreadsheets directly via
XMLHttp GET Request to https://spreadsheets.google.com/feeds/cells
I'm getting an "No 'Access-Control-Allow-Origin' header is present on the requested resource" error.
I've set the correct Authorization Token via
xhr.setRequestHeader('Authorization', 'Bearer ' + token);
and tried to "activate" CORS via
xhr.setRequestHeader('Access-Control-Allow-Credentials', 'true');
To no avail.
Any tipps on how to access this resource ?
Thanks !
Fixed this very same issue just today. And I did not need to enable/activate CORS as I've read that some firewalls will strip out the headers for security. http://promincproductions.com/blog/server-proxy-for-cross-site-scripting-cors/
In a global part of your js code, add in a function ...
window.googleDocCallback = function () { return true; };
Then, to the URL in your AJAX (GET assumed?) request, if you have no URI params, append ?callback=googleDocCallback
and if you do have other params,
append &callback=googleDocCallback
For more info, please see: https://jvaneyck.wordpress.com/2014/01/07/cross-domain-requests-in-javascript/
Google Sheets API has a known bug that doesn't support CORS for POST requests. Can you confirm that you are in fact making a GET request and not a POST/PUT/DELETE?
You need to send a GET request. Make sure that there are no headers sent (not even content-type headers).