I'm having an issues with the new API policy of Instagram
I already got my app approved and got basic permissions
IG API Permissions
When using the app on sandbox mode I can get API response only for my own user, however when I move to Live Mode and try using the API all I receive is error 400 code
For example
https://api.instagram.com/v1/users/search?access_token=MY-TOKEN&count=6&q=world
Response
{
meta: {
error_type: "OAuthPermissionsException",
code: 400,
error_message: "This client has not been approved to access this resource."
}
}
Even using the same API with my own username still getting the same error
I was trying to search on it but all I can find is the same error happens to unauthorized users
Any idea ?
I have fixed the This client has not been approved to access this resource Issue by Authorizing the Instagram public_content scope by visiting the following URL and clicking Authorize.
https://api.instagram.com/oauth/authorize/?client_id=[YOUR_CLIENT_ID]&redirect_uri=[YOUR_REDIRECT_URI]&scope=public_content&response_type=token
I found the reason, I can't use that endpoint because I have only permission for basic. for more information https://www.instagram.com/developer/endpoints/users/
Related
I tried to use below mixpanel API for fetching event data.
Link
But I am facing a below 403 forbidden error.
{
"request": "/api/2.0/events",
"error": "You do not have the required scope(s) for this request"
}
It seems to be like some permission is missing for accessing the API. But I can't able to find out where to set this scope
Please help me how to get rid of this error
We've found success with the schema if you generate a Service Account from the Organization/Project Settings and use those credentials when authorizing the request.
To do this, go to your Organization Settings, click "+ Service Account" and use the credentials that are generated in the request you submit.
My Registered Application uses the REST API to synchronize files with "OneDrive for Business". It worked for a year, but recently, my customer reported an error when syncing with "OneDrive for Business". It responds with an error when my app lists or uploads files to it.
For example, listing files in "OneDrive for Business":
https://mydomain-my.sharepoint.com/_api/v2.0/me/drive/items/root/children?select=id,name,size,deleted,folder,file,parentReference,lastModifiedDateTime
"OneDrive for Business" returns the following error:
{
"error": {
"innerError": {
"code":"invalidAudienceUri"
},
"code": "unauthenticated",
"message": "Invalid audience Uri 'https://api.office.com/discovery/'."
}
}
My application has logged correctly into "OneDrive for Business" by OAuth2 and added the authentication header correctly.
Could someone tell me what the cause of the error, how to avoid the problem?
From the hint of Brad, I have resolved the problem, but may not a beautiful way.
Here is the program steps to resolve the problem: (Sorry I have omitted the links, because I can not put too many links)
Show the OAuth2 consent dialogbox, let the user allow the application to access the OneDrive for Business, obtain the Authentication Token (AuthToken).
Use the AuthToken to get the AccessToken and RefreshToken of discovery API. Here is the help of discovery API.
Use the above AccessToken to access discovery API to get the resource URI of your account. The result is like "htts://yourdomain-my.sharepoint.com/";
Show the OAuth2 consent dialogbox AGAIN, let the user allow the application to access the OneDrive for Business, obtain the Authentication Token (AuthToken2).
Use the AuthToken2 to get the AccessToken2 and RefreshToken2 of "htts://yourdomain-my.sharepoint.com/".
Access your "OneDrive for Business" resource by AccessToken2 and RefreshToken2.
Old OneDrive for Business API need not Step4 and Step5, just use AccessToken and RefreshToken to access the resources, but new APIs need Step4 and Step5.
Hello Microsoft/Azure/Skype experts,
I'm tasked with accessing presence data from Skype For Business Online accounts from my macOS app (native).
I'm unfortunately stuck and i always get a 403 error when i access the autodiscover request and never get the link to the applications resource
I have been following this documentation
https://learn.microsoft.com/en-us/skype-sdk/ucwa/authenticationusingazuread
STEP 1
We have registered the app in the Azure Management Portal using our Office 365 account credentials.
We have used custome redirect URL (http://localhost)
Allow Implicit Flow is set to true in manifest
We pre-configure the permissions needed for Skype for business
online
STEP 2
Issuing a GET as specified in the documentation to initiate sign in and authorization check.
GET https://login.microsoftonline.com/common/oauth2/authorize?response_type=token&client_id=c#####-4d41-485e-871f-0a22aa79e52b&redirect_uri=http://localhost
This returns a 200 OK.
STEP 3
We got the Auto discover URL as described in the documentation.
This is what i get - i use the domain marked in RED.
STEP 4
As per the documentation, they ask me to do this
Requesting an access token using implicit grant flow
So i issue a GET as described
https://login.microsoftonline.com/oauth2/authorize?
response_type=id_token &client_id=######-4d41-485e-871f-0a22aa79e52b
&redirect_uri=http://localhost
&state=8f0f4eff-360f-4c50-acf0-99cf8174a58b
&resource=https://webdirin1.online.lync.com
Now this shows the sign in page, i sign in and then it throws an error
AADSTS90014%3a+The+required+field+%27nonce%27+is+missing.
I researched and could not fix this error.
So after lots of research and looking at this Microsoft documentation LINK (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#requesting-individual-user-consent) , apparently there is another way of getting the bearer token.
STEP 4 - SECOND TRY
I then Request individual user consent by sending the SCOPE parameter for Skype for Business.
I then issue a GET request to
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=#######-4d41-485e-871f-0a22aa79e52b&response_type=code&redirect_uri=http://localhost&response_mode=query&scope=https://api.skypeforbusiness.com/User.ReadWrite&state=12345
This returns an access code which i use in next step to get the TOKEN
STEP 5 - Get the bearer TOKEN
Issue a POST to following URL
https://login.microsoftonline.com/common/oauth2/v2.0/token With the
following data in POST body
"grant_type": "authorization_code", "client_id":
"######-4d41-485e-871f-0a22aa79e52b", "scope":
"https://api.skypeforbusiness.com/User.ReadWrite", "code":
"OAQABAAIAAACEfexX.........", "redirect_uri": "https://localhost"
This returns the bearer token in the following response JSON
{
"access_token" = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1........w4b-- gnWG_iOGtQ";
"expires_in" = 3599;
"ext_expires_in" = 3599;
scope = "https://api.skypeforbusiness.com/User.ReadWrite";
"token_type" = Bearer;
}
STEP 6
Yay! Got the bearer token at laaast!
Now back to the main documentation
https://learn.microsoft.com/en-us/skype-sdk/ucwa/authenticationusingazuread
And where we do this - 'Resending an autodiscovery request with the bearer token'
We execute a GET request to
https://webdirin1.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user
Now this, as per the documentation should return this JSON
{
"_links":{
"self":
{"href":"https://webdirX.online.lync.com/Autodiscover/AutodiscoverService.svc/root/user"},
"applications":
{"href":"https://webpoolXY.infra.lync.com/ucwa/oauth/v1/applications"}
}
}
BUT i GET A 403: PERMISSIONS denied error
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page
using the credentials that you supplied.</h3>
</fieldset></div>
So thus i have never got the applications url and I have checked the manifest, registration and i have no idea, why i get this error.
Any inputs would be appreciated.
For step 4, you need to specify nonce=somestring in the URL. Typically this should be a securely random value that is only used once. It can contain any value.
Also, you are only requesting an id token. Set response_type=id_token+token.
My application has just been accepted by Instagram and is now in Live status. However, when I try to use the GET/users/self/follows API I still get the following error:
{"meta":
{"code": 400,
"error_type": "OAuthPermissionsException",
"error_message": "This client has not been approved to access this resource."
}
}
After a new check of the API docs, I realized that Instagram gives just the basic permission to the new applications (https://www.instagram.com/developer/authorization/). Am I right? So, there is no way to use the other API Endpoints? If yes, whats the point in keeping the docs about not available APIs?
I am making a call to https://api.box.com/oauth2/token to get a token for a user.
I get a 400 with the following error:
Cannot obtain token based on the enterprise configuration for your app
I don't see this error message defined anywhere. Any ideas what I'm doing wrong?
The issue here was that I was requesting a token for a non app user and my application was configured to allow access to app users only.