I am a registered PRO seller on Amazon UK (and all EU marketplaces on the same account)
I have my seller account ID, Developer Id, Developer Auth token and private key.
In MWS scratchpad, I can put a request and get a successful response for the status APIs as I don't believe they use any authetication, but any other request (e.g. listReports) just returns an access denied error message. I know the credentials are correct as if I edit them, get get authentication error messages. I have opened a case with support but after three days of waiting I have not even has acknowlegement of the issue let alone a solution.
Does anyone know what I am doing wrong, or where I go in my admin panel to give my own developer account the correct permissions.
NOTE: This is not 3rd party development, I only want to build out solutions for my own business.
TIA
Aaron
amazon scratchpad url is different country to country. most probably you are trying on different scratchpad country's url.
I'm working through the steps in the Aggregation REST Quick Start Guide (https://developer.yodlee.com/Indy_FinApp/Aggregation_REST_Quick_Start_Guide).
I'm able to successfully request a CoBrand Session Token using our private zone URL:
consolidatedsdk.yodlee.com/yodsoap/srest/private-XXX/v1.0/authenticate/coblogin
I'm also able to successfully register new users with:
consolidatedsdk.yodlee.com/yodsoap/srest/private-XXX/v1.0/jsonsdk/UserRegistration/register3
However, I'm not able to login users. I get a 404 error for the following URL:
consolidatedsdk.yodlee.com/yodsoap/srest/private-XXX/v1.0/authenticate/login
(Obviously I've obfuscated our actual Private Zone URL for security purposes)
Ryan,
Try not to copy-paste Rest URL and endpoint from site, but type it by yourself.
I had the same error (415 system_error), but after typing it manually everything worked.
It should be because of any of the below two reasons -
You are accessing the API from an IP which is not whitelisted with Yodlee.
The URL may contain spaces which is why the URL is not recognized by Yodlee.
Please make sure both of the above point is considered while making a request as login API is working properly in the environment which your Private zone is configured.
I know this question has been asked a thousand times before and I came across some topics here when doing some Google research about this.
My problem is: I get an Error 10002 - "Security header invalid". I checked the credentials and they are right. I use the live credentials for the live mode and am connecting to the right server and endpoint.
I am using a Paypal class written in PHP. When using it in Sandbox mode it works fine. If I am using it in live mode it shows the checkout as we know it: on the left the item and the total sum and on the right the login screen.
Now I log in with my Paypal account credentials and the API asks me to confirm the purchase. I do so. When it is at the point where it would execute the transaction and redirects to the "Purchase successful" page it suddenly says the above mentioned error.
So I did some testing on my machine with the sandbox account. Assuming that I would use invalid API credentials I would not ever see the checkout (on the left summary on the right login form). But I do. First if I confirm the transaction the API is not okay with the credentials anymore.
How can the credentials first be valid and later on they are invalid? This doesn't make any sense to me. When testing in Sandbox mode everything works fine.
I am using this library:
http://www.php-suit.com/paypal
Help would be highly appreciated as I can't find any explaination for that behaviour anymore. Again: I checked the credentials and they are right.
Best regards,
extrawagant
I'd recommend to double check again the API credentials or the endpoint used.
The error "Error 10002 - Security header invalid" is returned for these common reasons:
Providing the username/password to your actual PayPal account, instead of your API username and API password. We generate your API username and password when you generate your API certificate/signature.
Using the same API information for Sandbox and Live. You need to generate separate API information for your Sandbox and Live accounts.
You have not updated the endpoint to point to PayPal's live API servers.
Trailing or leading white space on any of the characters.
E.g. if you are using the Live Environment endpoint, make sure you are using the credentials created in the Live account. Double check for white spaces when you are pasting into your integration. If you are using the variable "SUBJECT" double check the value inserted.
I had been accessing Google Big Query with a service account successfully for several days. I had several tests that would connect and perform single functions successfully.
Now, without changing any code, or anything through the API console, I consistently get an "invalid_grant" from all of my API calls.
I have come now-where near breaching the courtesy request limits, and I have billing enabled.
Is there something that I could have done to get my access revoked?
I have tried creating another service account with, with another private key etc, with no success.
I have put my new credentials into the sample code given here: Authenticating Google API with a service account with Java API without success.
Any ideas?
Thanks.
If you had service account authorization working successfully with BigQuery in the past, and it suddenly stopped working (and it's consistently not working), I would guess that the issue has something to do with the clock on your server.
I would check this first - if the clock seems to be off, use something like NTPdate (http://doc.ntp.org/3-5.93e/ntpdate.html) to make sure that it is synced with an NTP server.
I am using salesforce rest api to access the salesforce account from my rails app.I created a remote access app and got the key N the id. I was able to authenticate the user and get the auth_token, instance url and all that. But, when I send request at "instance_url/services/data/v20.0" along with the access token , I get this error:
[{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]
I have a developer salesforce account and have API enabled true for every profile, except for the "Authenticated website" profile(which is not accessible).
Please, can anybody help me with this?
I'm authenticating the user with following request
HTTParty.post "login.salesforce.com/services/oauth2/token";, :body=>{"grant_type"=>"authorization_code","code"=>"abc}","client_secret"=>"abc", "client_id"=>"abc","format"=>"json","redirect_uri"=>"localhost:3000/salesforce/callback";}
which is returning signature, id, instance_url, issued_at, access_token and refresh_token
HTTParty.get "ap1.salesforce.com/services/data/v20.0";, :headers=>{"Authentication"=>"OAuth access_token", "Content-Type"=>"application/json"}
which responds with
[{"errorCode"=>"INVALID_SESSION_ID", "message"=>"Session expired or invalid"}]
How are you passing the sessionId to the /services/data/v20.0 request?, if your access_token is abc123 then you need a http header of Authorization: OAuth abc123 in the request.
API session in salesforce expires regardless if there are activities or not.
to set the duration of each session go to Setup > Administration Setup > Security Controls > Session Settings>
the max is 8hours.
cheers!
Additionally to the other possible problems identified by the other answers, the Lock sessions to the IP address from which they originated setting in Salesforce is a possible contributing factor to otherwise valid code. From the following Salesforce KB article:
Description
When "Lock sessions to the IP address from which they originated" is enabled, if an OAuth2 access token is used to perform a Salesforce REST API call, INVALID_SESSION_ID might be returned even if the token is obtained in the same Apex transaction.
Resolution
"Lock sessions to the IP address from which they originated" is strict, and internal IP addresses are not automatically whitelisted in this case. Since the login callout and subsequent REST API callouts might be performed via different internal IP addresses, INVALID_SESSION_ID might be returned when using the access token if the mentioned preference is enabled.
To solve this you may use the continuous IP enforcement feature (introduced in Summer '15):
Turn "Lock sessions to the IP address from which they originated" OFF,
Turn "Enforce login IP ranges on every request" ON,
Select the connected app's IP relaxation policy "Enforce IP restriction", and
Add Salesforce's internal IP range 10.0.0.0 to 10.255.255.255 to the list of profiles needing to use Salesforce's REST API.
or simply relax the IP restrictions:
Turn "Lock sessions to the IP address from which they originated" OFF, and
Select the connected app's IP relaxation policy "Relax IP restrictions"
If you are using Oauth you need to use Refresh Token flow, on this error to get a new renewed token. Here are more details : http://wiki.developerforce.com/index.php/Digging_Deeper_into_OAuth_2.0_on_Force.com
Please search for "refresh token" in the WIKI page link above.
Issues I ran into:
Make sure to include the scope "web" in the authorize request, e.g.
https://login.salesforce.com/services/oauth2/authorize?response_type=code&clientId=xxx&redirect_uri=http://www.example.com&scope=id+api+refresh_token+web
Use the instanceUrl that is returned in the authorize response. In my case this was https://eu2.salesforce.com and I always tried to use https://na1.salesforce.com which didn't work
Faced the same issue and in my case < > characters in the password were causing the problem.
I am adding this answer because any of other answers above helped me. My problem was actually that I was using access_token as I received it in the JSON response during login.salesforce.com/services/oauth2/token requests.
You have to remove ID from access_token, as it is described in SalesForce documentation: "Substitute the ID for the token value"