I want to use an external software Alteryx to access the api so I can crawl some JSON data. When I call https://www.yammer.com/api/v1/messages.json, it keeps on popping "HTTP/1.1 403 Forbbiden".
I guess there is something wrong with the authentication. Does anybody know how to embed the credentials in the URL? Or is there any other ways to authenticate so an external software can access?
I can do it perfectly with normal browser after logged in.
Thanks
Yammer's Rest API for retrieving data implements OAUTH 2.0. This is because any application trying to access the data is making the request as an "App" which will then have access to a user's specific data.
Yammer's OAUTH flow is decribed here: https://developer.yammer.com/docs/oauth-2
I do not yet know of an easy way to implement the authentication using anything other than development within a browser for this process.
You may be better off exporting the json messages to a file and then importing into your external software.
Related
I am in control of three twitter accounts: One is my main account, the other two are supposed to automatically post content via a bot. I created the bot logic and added it to Twitter's development tools and I can easily use it to post to my main account.
Now I need to add the access tokens for my two secondary accounts. My question is - what's the easiest way to do this.
As far as I can see, Twitter only enables one way to do this: 3-legged OAuth flow. It is not too complex, but it seems to me to require setting up a mock website with callback url, which seems like too much considering I only need to generate two api tokens. Am I missing something?
There are some alternative ways to generate access token and access token secret for OAuth 1.0A via command line tools which allow you to use the “PIN-based” OAuth flow.
One example would be Twitter’s own twurl tool for API testing, which requires you to also have Ruby installed. This will let you authenticate a user account (it still pops open a window onto twitter.com to have you do the authentication) and stores them into the ~/.twurlrc file in your home directory. There is also tw-oob-oauth-cli which is a standalone app for doing the same thing.
You're not missing something. The reason this is required is to force users have a browser they trust open and see that they are on https://twitter.com/, so they can trust that it's a safe place to put in their password.
Currently, I am using the Token Authentication Flow to connect MS Graph OneDrive API to my application. (Link to documentation) It works, yet I have to use Postman to get a new authentication token after 30min-2h (I'm not sure about the exact timeframe). I need to be able to access the OneDrive API for a longer period of time (multiple months) without having to authenticate again and again.
In the documentation, the also speak about the Code Flow (Link to Documentation). Yet I don't receive a refresh token nor do I know how to set it up for longterm access.
I wrote an application in python that uploads files from OneDrive to another application.
Any help is appreciated!
Perhaps not a direct answer but it could help you arrive to solution via another route. In my case, I was following the process presented here, which really then lets user choose if they would like be remembered on the device. Then token gets stored and the method attempts silent authentication before requiring interactive login. So basically you get to use Graph API seamlessly.
Obviously, the authentication still needs to happen but perhaps you could reuse the token for direct requests?
I am trying to authenticate a user inside a desktop application using the web api. I am not using a browser, I am using straight up GET and PUSH calls to the endpoints of the Spotify servers. Immediately I ran into some problems. It appears that upon the initial GET command to "accounts.spotify.com", the returned response includes HTML with a javascript function that runs and is responsible for dynamically generating HTML that you see on the initial login page. If you look at the Javascript function, it is clear that this is what is going on, however, you can also see this code is obfuscated and not meant to be used by us, the developers! (Link to Javascript code here for reference: Javascript function)
So my question is, while I can probably reverse engineer the code to get this working, would this be against the Spotify developer TOS?
Thanks!
Spotify's authentication happens through oauth, and a big part of user authentication as per the oauth rfc is where the user delegates permissions to your app to carry out API calls that affect their account, or return information about them. That's the web page you're seeing - it must be presented to your users so that they can delegate permissions so that Spotify can give your app an access token. It doesn't necessarily need to happen in a browser - it can happen in a web view inside your desktop application - but it does need to be loaded over https, and your application must not alter or reverse engineer the Spotify permissions delegations page.
As you correctly guessed, reverse engineering any Spotify APIs is against terms of service.
For more information on authorization on the Spotify platform, I'd recommend having a look at this guide.
Hope that helps! Please ping me if you have any more questions.
Hugh
Spotify Developer Support
I am trying to make a webpage that can display information about documents on my google drive. For example I would like to display the titles of all my google documents on a webpage. I don't want the user to have to be logged into a google account, and I don't want to have to authorize anything (or the user to authorize anything). I just want the user to be able to see what I display - in a read only format - when they navigate to the page. The user will have no chance to edit or upload or delete anything, they can just view the info I display.
Is there a way to get files from google drive (via the API or any other way) possibly without using oauth 2.0? I've looked through the api docs and even coded up the sample apps, but all of them have a step that says, "Go to this URL, click Allow, enter the code" then you get access. These steps shouldn't be necessary. I just want to download the file and be able to manipulate it (either in memory or as a stream) then display something about it.
Also, I may misunderstand how OAuth 2.0 works so if that seems like the case, any helpful information would be much appreciated. Thank you.
You don't need to authenticate your visitors into Google, but need to authenticate yourself, so your web app can retrieve data from your personal Drive.
Get an access token and refresh token for yourself, store them and autenticate your requests. If you're using one of our client libraries, most of them refresh the access tokens once they are expired. See Using OAuth 2.0 for Web Server Applications for more details and OAuth 2.0 Playground helps you to understand how to get these tokens.
I'm using Java with Google Plus API. I'm using OAuth 2.0. When a user is authenticated, an access code is returned in a browser. Now, given that the code must accompany a call to the Google Plus API, I currently have to manually copy the code and use it in making calls to the Google Plus API. What I wish to do, however, is to programmatically retrieve this code; eliminate the manual copying.
Any assistance will be highly appreciated. Thanks in advance.
It sounds like you're writing a command line or some other non-web application that uses the Google+ API. This throws a little bit of a wrench into the token delivery via HTTP redirect. Without the redirect there's no way for the OAuth web pages to communicate with your code and hence you must copy and paste it.
There is one work around that seems to work pretty well. You can set up a local web server, such as an embedded Jetty, and complete the OAuth flow by redirecting the user back to their locally running web server.
You can see an example of this implemented in oacurl which is hosted here: http://code.google.com/p/oacurl/