What is the system behavior of receiving a request to A restful API with a expired api_key in Moqui? Does the system send back the SC_UNAUTHORIZED error or something else?
The response is status with 500 internal server error.
Related
Expected HTTP 401 (Unauthorized), but got HTTP 405 from shop-redact. Your app's HTTPS webhook endpoints must validate the HMAC digest of each request, and return an
HTTP 401 (Unauthorized)
response when rejecting a request that has an invalid digest.
Screenshot
I have used osiset/laravel-shopify package
I have solved this error. Even though one app has been approved, the other app has the same solution in front of it, I still get this error from Shopify in the other app.
First I tried this solution in which the app was rejected. But I applied the same solution in the first app, which was approved
Route::get('/shop-redact',[AbcController::class,'shopRedact'])->middleware('auth.webhook')->name('shop.redact');
And then I tried to create a job for all GDPR webhook but the app was rejected
https://github.com/osiset/laravel-shopify/wiki/GDPR
What is the other solution to this?
Shopify webhooks make POST request to your endpoint so set post request
Route::post('/shop-redact',[AbcController::class,'shopRedact'])->middleware('auth.webhook')->name('shop.redact');
dry_run can be set so that pushes aren't sent, but that tokens can be validated by FCM.
If the response to a dry_run is 200 and there are no errors, does that guarantee that if dry_run was not set that there is a an app installation on a device that FCM could target with that message.
The only scenario I can think of is if there is a delay:
dry run enabled in request
user uninstalls the app (or some other event which invalidates the token)
FCM returns 200/no error
FCM receives data relayed from the device that the app was uninstalled and token is invalid
Are there other scenarios?
You can validate the FCM token by calling the
(GET) https://iid.googleapis.com/iid/info/YOUR_APP_TOKEN_HERE
[Header] => 'Authorization: key=YOUR_KEY'
Simple and easy.
If token is valid then it will return 200 status code with some more details in JSON format or if it's invalid then status code will be 400 with error detail in JSON format.
Implement this code server side. get token from database (if you are saving token in database) and passin the above URL and it will send you token status whether if it expired or not.
I've registered as a developer with eBay and created an app.
I generated an Oauth (not Auth'n'Auth)
Using Postman to generate a simple request (image) and recieving an error for token invalidity
Error: Invalid access token. Check the value of the Authorization HTTP request header.
What am I doing wrong here?
If your token is for "sandbox" environment, make sure you use sandbox API endpoints for your requests as well.
Instead of https://api.ebay.com/buy/browse/v1/...,
try https://api.sandbox.ebay.com/buy/browse/v1/....
One of the issues which might have happened is:
The access token might have expired
Use the refresh token to refresh the access token when it expires — you know when to do this when your call to the API returns a status code of 401 and the above body you saw in Postman.
I am working in an API . I want to throw detailed error messages to the user. Now i am in a situation to decide what kind of error code should be sent or how to explain user if any error occurs in the application internally. For example if database connection fails , what kind of http status code i want to send to the user ?
Can anyone help ?
An HTTP status code generally refers to the status of the HTTP request itself, not the status of the application handling the request. Therefore, most server-side errors are covered by 500 Internal Server Error. Any additional info about the error should be described in the response body. For APIs, the response body will often be JSON or XML, so you can use those formats for your errors. Something like this:
HTTP/1.1 500 Internal Server Error
[headers]
{"status":"error", "message":"The request failed due to database connectivity."}
There are, however, two cases I can think of when you might want another status code. If the user has requested an API method that is not implemented, you might want a 501 Not Implemented, and when there is a temporary service outage, you can use 503 Service Unavailable.
More info about server-side status codes here.
Reference:http://developer.android.com/google/gcm/demo.html
Server 401 when trying to send a message to my android device.
HTTP Status 500 - HTTP Status Code: 401
type Exception report
message HTTP Status Code: 401
description The server encountered an internal error (HTTP Status Code: 401) that prevented it from fulfilling this request.
exception
com.google.android.gcm.server.InvalidRequestException: HTTP Status Code: 401
com.google.android.gcm.server.Sender.sendNoRetry(Sender.java:177)
com.google.android.gcm.server.Sender.send(Sender.java:121)
com.google.android.gcm.demo.server.SendAllMessagesServlet.doPost(SendAllMessagesServ let.java:83)
javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
note The full stack trace of the root cause is available in the Apache Tomcat/7.0.29 logs.
Could anybody tell me how to solve?Thank you!
You should take a look at the GCM docs where it explains the GCM response: http://developer.android.com/google/gcm/gcm.html#response and troubleshooting the 401 error code: http://developer.android.com/google/gcm/gcm.html#auth_error
Description from the docs:
Authentication Error
The sender account that you're trying to use to
send a message couldn't be authenticated. Possible causes are:
Authorization header missing or with invalid syntax.
Invalid project number sent as key.
Key valid but with GCM service disabled.
Request originated from a server not whitelisted in the Server Key IPs.
So I would check to make sure that you are setting you authorization header properly and that you Google Project number is properly setup with GCM and accepting your servers IP.