Good morning, guys. I'm still new to Loopback, and have a feeling that I'm missing something, but not sure where and what to find, so advice would be helpful.
I have an app. I'm using local authentication with standard ACL.
I have few methods that open only for $owner, and few that open for $authenticated. I'm using few POST requests within the app to retrieve data, and every time I get 401 error. If use GET request, all I have to do is to include an access token id into the url like that url?access_token=jjkdfsjjkj334.
I have a feeling that there is a some sort similar of trick for POST requests.
Any help would be appreciated.
For the post request pass the access_token as the "Authorization" header in the respective post call.
request({url: url, json: true, headers: {'Authorization': 'access-token-value'}}, function (err, res, responseJson) {
console.log(responseJson);
});
You also specify other headers also, like Accept-type etc.
If you had a model called Test with the following ACL:
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW",
"property": "create"
}
You should be able to make the following POST request:
curl -X POST --header "Content-Type: application/json" --header "Accept: application/json" -d "{}" "http://localhost:3000/api/Tests?access_token=cor7DDfUKoFSI6DzgCezQzoKFOuSmpLYzSF85xA8QXePkbFAGDKjjp7QwaVlP11B"
I always like to use the component explorer to test out what works and what doesn't. My guess is that something isn't set up properly in your ACL.
Related
I have been trying to share my GCP image with other accounts using API... on the UI I can do it in permissions and by adding members...
I used the following URL with the post request:
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/images/IMAGE_NAME:getIamPolicy
with headers 'Content-Type': 'application/json; charset=utf-8'
and with data:
{"version": "0",
"bindings":
[
{
"members": ["user:mymailid#gmail.com"],
"role":"roles/compute.imageUser"
}
]
}
}
bypassing the authorization bearer key,
after hitting it in postman or with curl or in python request, getting a response: 404 Not Found
I also enabled the API permissions using CLI using gcloud services enable pubsub.googleapis.com
what do I need to pass extra to make this work?
hoping I will get help from someone ... Thanks in advance
#Ganesh
To set IAM Policy, you need to use different url.
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/images/IMAGE_NAME/setIamPolicy
json({
"version": "0",
"bindings": [
{
"members": ["user:mymailid#gmail.com"],
"role": "roles/compute.imageUser"
}
]
})
Note:
replace projectId
replace imagename
reference:
google-docs, collection, Dothttp
Generating the request to list the vpc details with IAM token which is kept in authorization header - The request has been generated from React App -
https://urls.cloud.ibm.com/v1/vpcs?version=2019-08-06&generation=1
Configuration
config = {
headers: {
"Authorization": "Bearer lmtmlmlm",
"Access-Control-Allow-Origin": "*"
}
}
The request was failed during the pre-flight request, it seems that the browser request headers are asking the server for permissions to make the actual request.
Can you suggest to overcome the problem.
The instructions here worked well for me: https://cloud.ibm.com/docs/vpc-on-classic?topic=vpc-on-classic-creating-a-vpc-using-the-rest-apis
I noticed you used the url: https://urls.cloud.ibm.com while these docs suggested https://us-south.iaas.cloud.ibm.com
rias_endpoint="https://us-south.iaas.cloud.ibm.com"
iam_token='Bearer zzzrandomstuff...eyJraWQiOiIyMDE5MDUxMyIsImFsZyI6IlJTMjU2In'
version="2019-05-31"
curl -X GET "$rias_endpoint/v1/vpcs?version=$version&generation=1" -H "Authorization: $iam_token"
I'm trying to access the Taxee.io API using the request npm module. The documentation is slightly poor and the difference between the Mashape info and the website's info is confusing.
https://taxee.io/
The docs have one example of a request here.
curl 'https://taxee.io/api/v2/calculate/2017' -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJBUElfS0VZX01BTkFHRVIiLCJodHRwOi8vdGF4ZWUuaW8vdXNlcl9pZCI6IjU4NDQ4MTA4Mzg2NjhhMTU4ZDU0ZmIzNSIsImh0dHA6Ly90YXhlZS5pby9zY29wZXMiOlsiYXBpIl0sImlhdCI6MTQ5OTA1MzU0NX0.pOwC5JEC7trLaaZVgHHGu_rvN0-EGa3RMm8BgJ-M9gk' -H 'Content-Type: application/x-www-form-urlencoded' --data 'state=NC&filing_status=married&pay_periods=26&pay_rate=116500&exemptions=2'
I however want to use the request npm module and am struggling to bridge the gap in how it will work in my express app.
const request = require('request');
request.post('https://taxee.io/api/v2/calculate/2017', {
'auth': {
'Bearer': 'mykey'
}
});
This is what I have thus far. Any help is appreciated.
Keep in mind that properties are case sensitive in JavaScript. You must pass the bearer token under the key bearer and not Bearer.
To replicate the Content-type and pass data, use the form support of the library.
E.g. like this:
{
auth: {
bearer: '<token>',
},
form: {
state: 'NC',
// ...
},
}
I'm new in rest api and i'm trying to use the api rest to associate file to object:
curl -X POST \
-H "X-Parse-Application-Id: qS0KL*9lFLE**S3VMk" \
-H "X-Parse-REST-API-Key: nh3***MhcKJIfIt1Gm" \
-H "Content-Type: application/json" \
-d '{
"name": "Andrew",
"picture": {
"name": "...profile.png",
"__type": "File"
}
}' \
https://api.parse.com/1/classes/PlayerProfile
Can anyone explain me how to set the ajax call?And what is "name":"andrew"?Is this a column named andrew in my player profile?
This is my implementation of api,but the server responded me bad request 400:
$.ajax({
type: 'POST',
headers: {'X-Parse-Application-Id':'qS0KLMx5h9lFLG**yhM9EEPiTS3VMk','X-Parse-REST-API-
Key':'nh3G8D**hcKJIfIt1Gm','Content-Type': 'application/json'},
url: "https://api.parse.com/1/users",
data: {
"username": "francesco",
"picture": {
"name": "b3b47ce2-62dc-4861-a0ad-79cfffe9b07a-foto ste.jpg",
"__type": "File"
}
},
contentType: "application/json",
success: function(data) {
console.log(data );
},
error: function(data) {
console.log("ko" );
}
});
May the api -d is wrong in my implementation.What's means -d in curl?
The example in the guide shows how you can create a new PlayerProfile object and associate it with a File in a single request. Since you want to update an existing User (and not create a new one), you'll need to use the Update REST API request format. Use PUT instead of POST, then specify which user you're referring to by appending the object id to the endpoint URL: https://api.parse.com/1/users/{objectId}.
I'm trying to create a webhook here:
curl --header "X-Shopify-Access-Token: <token>" -d '{"webhook": {"topic": "orders/create", "address": "http://www.google.com/", "format": "json"}}' https://test-store-402.myshopify.com/admin/webhooks.json
Here's the JSON pretty-printed for readability:
{
"webhook": {
"topic": "orders/create",
"address": "http://www.google.com/",
"format": "json"
}
}
It's returning this error:
{"errors":{"topic":["can't be blank","Invalid topic specified. Topics allowed: orders/create, orders/updated, orders/paid, orders/cancelled, orders/fulfilled, orders/partially_fulfilled, app/uninstalled, customer_groups/create, customer_groups/update, customer_groups/delete, products/create, products/update, products/delete, collections/create, collections/update, collections/delete, carts/create, carts/update"],"address":["can't be blank"]}}
I've confirmed:
The spelling of the topic is correct
The JSON request payload is wrapped in "webhook" (singular) correctly, as per the docs
I've copied and pasted the JSON into jsonlint.com to sanity check that the JSON is valid
Confused...didn't see any other questions on SO related to this specifically, I must be doing something terribly obvious wrong - or else everyone would be hitting this issue.
UPDATE: I got it to work over command-line by passing in the Content-type: application/json header. But now I'm having problems over curl_exec in PHP. I have the following CURLOPT's set:
CURLOPT_RETURNTRANSFER: true
CURLOPT_SSL_VERIFYPEER: false
CURLOPT_FOLLOWLOCATION: true
CURLOPT_MAXREDIRS: 10
CURLOPT_CUSTOMREQUEST: 'POST'
CURLOPT_HTTPHEADER: array {
0 => string 'X-Shopify-Access-Token: <token>'
1 => string 'Content-type: application-json' (length=30)
Note that I can do GET's just fine over curl - only POSTs returning this confusing response.
Got it to work in curl_exec. Here's what I'm using:
CURLOPT_RETURNTRANSFER: true
CURLOPT_SSL_VERIFYPEER: false
CURLOPT_FOLLOWLOCATION: true
CURLOPT_MAXREDIRS: 10
CURLOPT_CUSTOMREQUEST: 'POST'
CURLOPT_HTTPHEADER: array {
0 => string 'X-Shopify-Access-Token: <token>'
1 => string 'Content-type: application-json' (length=30)
CURLOPT_POSTDATA: '{"webhook":{"topic":"orders/updated","address":"http://www.google.com","format":"json"}}'
I think the problem may have been that I left out the CURLOPT_POSTDATA in my Update above.