https://anypoint.mulesoft.com/apiplatform/anypoint-platform/#/portals/organizations/68ef9520-24e9-4cf2-b2f5-620025690913/apis/8617/versions/40329/pages/35412
/applications/{domain}/logs Traits: environment_based
Retrieve log messages for the application, ordered newest to oldest.
I am trying to access this api but am unable to relate what client id does it ask. Also I am unable to relate to oauth authentication this needs.
I am new to mule.
i am sharing the steps by step instructions to access the details of apps from api.
Step 1 : Get the access token from the Api
https://anypoint.mulesoft.com/accounts/login?username=YOUR_USERNAME&password=YOUR_PASSWORD
NOTE : Use POST method and add Header Content-Type=application/json
You will get response in JSON format like below
{
"access_token": "44126898-7ed8-4453-8d28-skajnbf",
"token_type": "bearer",
"redirectUrl": "/home/"
}
Step 2: Get your organization id
https://anypoint.mulesoft.com/accounts/api/me
NOTE : Use GET method and add below Headers
Content-Type = application/json
Authorization = Bearer ACCESS_TOKE_YOU_GOT_ABOVE
Example : Authorization = Bearer 44126898-7ed8-4453-8d28-skajnbf
In the response you will have a section where you will get you organization related details like below
"organization": {
"name": "Sample",
"id": "c1e68d1e-797d-47a5-b",
"createdAt": "2016-11-29T09:45:27.903Z",
"updatedAt": "2016-11-29T09:45:27.932Z",
"ownerId": "68df9a5",
"clientId": "7200350999564690",
"domain": "******",
"idprovider_id": "mulesoft",
"isFederated": false,
"parentOrganizationIds": [],
"subOrganizationIds": [],
"tenantOrganizationIds": [],
"isMaster": true,
"subscription": {
"type": "Trial",
"expiration": "2016-12-29T09:45:27.906Z"
},
Step 3: Get the environment Details
https://anypoint.mulesoft.com/accounts/api/organizations/YOUR_ORGANIZATION_ID_FROM_ABOVE/environments
NOTE : Use GET method and add below Headers
Content-Type = application/json
Authorization = Bearer ACCESS_TOKE_YOU_GOT_ABOVE
Example : https://anypoint.mulesoft.com/accounts/api/organizations/c1e68d1e-797d-47a5-b/environments
You will get all available environments in the response in JSON format as below
{
"data": [
{
"id": "042c933d-82ec-453c-99b2-asmbd",
"name": "Production",
"organizationId": "c1e68d1e-797d-47a5-b726-77asd",
"isProduction": true
}
],
"total": 1
}
Step 4: Now specify the domain name and fetch the logs
https://anypoint.mulesoft.com/cloudhub/api/v2/applications/YOUR_CLOUDHUB_APP_NAME/logs
Example : https://anypoint.mulesoft.com/cloudhub/api/v2/applications/first-test-api-application/logs
NOTE : Use GET method and add below Headers
Content-Type = application/json
Authorization = Bearer ACCESS_TOKE_YOU_GOT_ABOVE
X-ANYPNT-ENV-ID = ENVIRONMENT_ID_YOU_GOT_ABOVE
Example : X-ANYPNT-ENV-ID = 042c933d-82ec-453c-99b2-asmbd
You will get the logs in JSON format as below
{
"data": [
{
"loggerName": "Platform",
"threadName": "system",
"timestamp": 1480503796819,
"message": "Deploying application to 1 workers.",
"priority": "SYSTEM",
"instanceId": "583eb1f1c4b27"
},
{
"loggerName": "Platform",
"threadName": "system",
"timestamp": 1480503797404,
"message": "Provisioning CloudHub worker...",
"priority": "SYSTEM",
"instanceId": "583eb1f1e4b27"
}
],
"total": 2
}
NOTE : FOR ENHANCED LOGGING YOU SHOULD SELECT APPROPRIATE DEPLOYMENT AND INSTANCE IDs TO GET LOGS IN SIMILAR MANNER
Hope this Helps for Beginners
To see the clientID. Log into your CloudHub account. Click on the "gear" icon in the upper right corner. Click on the name of your organisation. you should now see your "clientID" and the "ClientSecret" ID.
Before you use the CloudHub APIs or the Anypoint platform APIs you have to create an account on the Anypoint Platform - Check the architecture of the Anypoint API platform #
https://docs.mulesoft.com/anypoint-platform-for-apis/anypoint-platform-for-apis-system-architecture
Once your are done with the registration with the Anypoint API platform you need to set up users, roles & privileges as an admin -
https://docs.mulesoft.com/anypoint-platform-administration/managing-accounts-roles-and-permissions
As admin you need to control access to APIs by creating & supplying client Id and client Secret - https://docs.mulesoft.com/anypoint-platform-administration/manage-your-organization-and-business-groups
I guess that's the client you referring to. It needs to be present in the request for all the APIs.
As far as OAuth is concerned, it is not completely functional on Cloudhub API. You will have to raise a ticket for support. Check this out -
https://docs.mulesoft.com/mule-user-guide/v/3.7/mule-secure-token-service
If you are new to Mule, run through the Mule Intro videos and try out the Anypoint Studio to get feel of Mulesoft Applications.
Hope this helps.
Related
So I know there's several SDK packages for many languages available for nHost, however I need to create my own interface to the system since the language I'll be using isn't typical.
I basically just need to know how to interact with authentication endpoints, send a users un/pw and recieve a JWT token. I've been successfully able to do this with aws Cognito, but I'd like to explore this instead.
I'm also not sure if I'm using the right base url, here's my thought so far:
https://kbvlufgpikkxbfkzkbeg.nhost.run/auth/login
So I would POST to there with some json in the body with the un/pw stuff, and the response should be the jwt token right?
I get a "resource does not exist" response from the above, however, so obviously I'm not forming the url correctly in the first place.
Thanks for the help!
Nhost supports multiple sign-on methods.
For example, using the email+password method, you would send:
POST https://xxxxxxxxxxxxx.nhost.run/v1/auth/signin/email-password
{"email":"foo#example.com","password":"bar"}
and the response:
{
"session": {
"accessToken": "somejwt....",
"accessTokenExpiresIn": 900,
"refreshToken": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"user": {
"id": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"createdAt": "2022-09-17T19:13:15.440221+00:00",
"displayName": "foo#example.com",
"avatarUrl": "",
"locale": "en",
"email": "foo#example.com",
"isAnonymous": false,
"defaultRole": "user",
"metadata": {},
"emailVerified": true,
"phoneNumber": null,
"phoneNumberVerified": false,
"activeMfaType": null,
"roles": [
"user",
"me"
]
}
},
"mfa": null
}
The JWT is short-term, when it expires, the refresh token is used to get a new one.
The Nhost JavaScript SDK handles it automatically for you, that's a big benefit to the platform (in addition to being integrated with Hasura). If you are trying to port it to another unsupported language, you'd have to reimplement it. Probably by reading the library and/or running one of their sample client application and reverse-engineering the HTTP over the wire.
I have a project owner permission on bigquery. And I able to create/delete/insert records into bigqquery table from UI.
However, when I am trying from Python, I am getting following error.
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"errors": [
{
"message": "Login Required.",
"domain": "global",
"reason": "required",
"location": "Authorization",
"locationType": "header"
}
],
"status": "UNAUTHENTICATED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "CREDENTIALS_MISSING",
"domain": "googleapis.com",
"metadata": {
"method": "google.cloud.bigquery.v2.JobService.ListJobs",
"service": "bigquery.googleapis.com"
}
}
]
}
}
Following is my code
def insert_data():
client = bigquery.Client()
job_config = bigquery.LoadJobConfig(
write_disposition=bigquery.WriteDisposition.WRITE_TRUNCATE,
source_format=bigquery.SourceFormat.CSV,
skip_leading_rows=1,
)
uri = " gs://xxx/csv_files/csv_test.csv"
table_id="xxx.Gaurang.csv_data"
load_job = client.load_table_from_uri(
uri, table_id, job_config=job_config
) # Make an API request.
load_job.result() # Waits for the job to complete.
You must authenticate when you use Google's libraries; Cloud Console and gcloud authentication does not extend transparently to code using the libraries.
Google's documentation is comprehensive and an example is here:
https://cloud.google.com/bigquery/docs/reference/libraries
Generally code run as a Service Account; the Service Account provides an identity and -- with Google Cloud services -- IAM provides roles/permissions based access, see BigQuery: access control with IAM.
Google provides a mechanism called Application Default Credentials that facilitates running code as a Service Account.
Goal:
I have a simple web application where I submit my Blood Pressure and Heart Rate measurements.
Now I'd like to submit these measurements to my Google Fit Account.
I tried Googles tutorial: https://developers.google.com/fit/scenarios/write-bp-data
OAuth2 Setup
I created new credentials in one of my existing Cloud Console Projects. And then requested a new authorization code using the following scopes (The project is in Testing State and my account is registered as tester):
https://www.googleapis.com/auth/fitness.blood_pressure.write
https://www.googleapis.com/auth/fitness.heart_rate.write
Requesting the token returns the following response:
{
"access_token": "ya29.XXXXXXXXXXXXXXXX",
"expires_in": 3599,
"refresh_token": "1//XXXXXXXXXXXXXXXX",
"scope": "https://www.googleapis.com/auth/fitness.heart_rate.write https://www.googleapis.com/auth/fitness.blood_pressure.write",
"token_type": "Bearer"
}
As you can see, both write scopes are granted.
Additionally, if I check the permissions in my Google Account, both scopes are set.
Create dataSource
Now I create two dataSources (one for com.google.heart_rate.bpm and one for com.google.blood_pressure).
creating the Heart Rate dataSource works as expected, but creating a dataSource for Blood Pressure returns a 403 PERMISSION_DENIED Error:
Request (POST https://www.googleapis.com/fitness/v1/users/me/dataSources)
{
"dataStreamName": "BPA-BloodPressure",
"type": "raw",
"application": {
"detailsUrl": "https://aaa.bbb.ccc",
"name": "Blood Pressure App",
"version": "1"
},
"dataType": {
"name": "com.google.blood_pressure"
}
}
Response
{
"error": {
"code": 403,
"message": "Scope not included to modify data of type com.google.blood_pressure. Possible scopes: https://www.googleapis.com/auth/fitness.blood_pressure.write",
"errors": [
{
"message": "Scope not included to modify data of type com.google.blood_pressure. Possible scopes: https://www.googleapis.com/auth/fitness.blood_pressure.write",
"domain": "global",
"reason": "forbidden"
}
],
"status": "PERMISSION_DENIED"
}
}
The Google Fit REST API tells me that the Scope fitness.blood_pressure.write is missing, but as you can see the Scope is given for the used access token.
Notes
I am working with Postman to test all requests. Later a Java/Groovy or PHP backend will used.
I also tried with read and write scopes for both data types.
I can see my app with both write scopes in Google Fit under "Connected apps".
Change dataType name to "fitness.blood_pressure" instead of "com.google.blood_pressure"
The body will be like this.
{
"dataStreamName": "BPA-BloodPressure",
"type": "raw",
"application": {
"detailsUrl": "https://aaa.bbb.ccc",
"name": "Blood Pressure App",
"version": "1"
},
"dataType": {
"name": "fitness.blood_pressure"
}
}
I'm triyng to use keycloak AdminAPI (https://www.keycloak.org/docs-api/3.0/rest-api/index.html#_users_resource) to create user and assign client roles. I'm receiving correct token, and user is created but assigning roles return 404
I'm using Postman to connect with API:
/auth/realms/{realmName}/protocol/openid-connect/token
Content-Type application/x-www-form-urlencoded <-with parameters ofc
/auth/admin/realms/{realmName}/users
Content-Type application/json
Authorization Bearer {TOKEN}
Body:
{
"username": "name",
"enabled": true,
"emailVerified": false,
"firstName": "first",
"lastName": "last",
"credentials": [
{
"type": "password",
"value": "newPas1*",
"temporary": false
}
]
}
Above works for me, but the next one don't
/auth/admin/realms/{realmName}/users/xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx/role-mappings/clients/realm-management
Content-Type application/json
Authorization Bearer {TOKEN}
Body:
{
"roles": [
{
"id": "0830ff39-43ea-48bb-af8f-696bc420c1ce",
"name": "create-client",
"description": "${role_create-client}",
"composite": false,
"clientRole": true,
"containerId": "344e7c81-e7a2-4a43-b013-57d7ed198eee"
}
]
}
where 'xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx' is userID returned during creation and create-client role exists
I need a way to add client role via Http request. I saw there are some keycloack implementation for java but I'm using .NET CORE so there will be the target implementation but I need to have working request first as you may gues
You have to pass client UUID to the role-mappings REST method, not the ID that you specify when creating a client in admin UI. Use GET /admin/realms/{realm}/clients?clientId=realm-management REST method to find out the client UUID.
UPDATE
In Keycloak 6.0.1 to add a role it is required to pass role name and id.
Example:
POST /auth/admin/realms/{realm}/users/{user}/role-mappings/clients/{client}
[
{
"id": "0830ff39-43ea-48bb-af8f-696bc420c1ce",
"name": "create-client"
}
]
trying to connect to endpoint with all needed headers defined:
https://us-api.mimecast.com/api/login/login.
Error message receieved : 0018 Client update required
Did anyone encounter/solve this issue?
{
"meta": {
"status": 401
},
"data": [],
"fail": [
{
"key": {
"username": "datadash#itprosusa.com",
"tokenType": "key",
"verifyOnly": false
},
"errors": [
{
"code": "err_xdk_client_update_required",
"message": "0018 Client update required",
"retryable": false
}
]
}
]
}
I came across the same error message when trying to get Access key and Secret Key. You can actually get these in the Mimecast portal UI by going to: Administration | Services | APIĀ Applications, then Add API Application fill in the details and wait 30 minutes. After 30 minutes click on your newly created API application and select Create Keys, fill in the required information and it will provide you with your Access key and Secret key used for API calls.
If this doesn't answer your question or help you I would suggest getting in contact with Mimecast Support, they are usually pretty good!