API Authorization token error - api

I'm trying to use the Survey API.
When I try and use the form online to request an Authorization token I get a
error message.
Invalid or missing access token" error message.
The form to test the API calls also asks for a Client Secret code but yet it auto fills the box with the API Key.
Any help here would be nice.
I'm not sure if this is a bug on Survey Monkey's end either in the API or the form that tests the API.

You should have received a reply to this via email but I wanted to ensure this was answered here in case anyone else is having the same issue.
There was a bug on our API console preventing an access token being issued, this is now fixed.
The access token has to be copied into the "Authorization" parameter in the format "bearer ". e.g. if your access token is 'fdhjfu3cc8ss=', make sure the Authorization parameter has "bearer fdhjfu3cc8ss=" in it (with no quotes). Note that you need to use the Access Token returned, not the Authorization Code.

Related

Why does google-slides rest API ignore my api-key?

I'm trying to use the slides rest APIs to retrieve a presentation. I've tried to read my own simple presentation as well as the one in the samples. Right now I'm just trying to enter the following request.
https://slides.googleapis.com/v1/presentations/1EAYk18WDjIG-zp_0vLm3CsfQh_i8eXc67Jo2O9C6Vuc?fields=slides.objectId&key=*********
It doesn't matter if I pass my API key in or not, I consistently get the following issue
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
I've done similar calls with the sheets API with no issues.
Any help explaining why my key is being ignored is greatly appreciated.
Thanks!
I will presume that your authentication access token has not expired. If it has, then you will need to refresh it using your refresh token.
If you do not have a refresh token, then you will have to go through the whole process of getting a new access token, and refresh token through OAuth2 authentication chain process.
Once all that is done, then you can make your slide download request.
I believe that your access token has expired, that is why you are getting the error message.
There are two main ways to authorize requests in Slides API : using API Keys or oAuth 2.0. Note that if you use an API Key the presentation must be public as explained in the documentation. If the presentation is not made public then you will not be able to use the API Key and instead you will need to use an oAuth 2.0 token.
Depending on your case scenario consider if you want to make your presentation public (in which case you can use API Keys) or not (in which case you will need to use oAuth 2.0).

best practices for refreshing access tokens automatically

I'm building a react native app which uses the spotify web api. I'm using the authorization code flow to authorize a user. First I get a authorization code which can be used to obtain an access token and a refresh token. Everything works!
The problem is: an access token is only valid for a limited amount of time. That's where the refresh token comes in. I understand this concept, but I'm breaking my head about how to implement this.
Let's say a users opens the app, requests an access token and uses this for some time. Then, the user closes the app. After 15 minutes, the users opens the app again. The access token has now expired, so I need to request a new access token.
I've come op with several "solutions". Can someone point me to the correct solution?
Solution 1:
Every time the user opens the app, I request a new access token and use this. Problem: when the user uses the app longer than the valid time of the access token, I won't work anymore.
Solution 2:
I use the access token that's stored in the secure storage on every request. When a request comes back with 'access token invalid' (I don't know the exact error code but you guys know what I mean), I request a new access token with the stored refresh token, and then I send the previous command again (with the new access token). But my question here is: can I use some kind of "wrapper function" which checks the response of the request, and if the response is "access token invalid", it automatically requests a new access token and runs the previous request again.
I think certainly correct solution is solution 2,and i think its clear enough.
and for using solution 2 you need somthing like wrapper function,yes its intelligently.
so you should use interceptor:
what is interceptor ?
You can intercept requests or responses before they are handled by then or catch.
in link below there is a good example of implementing refresh token in axios interceptor:
https://gist.github.com/Godofbrowser/bf118322301af3fc334437c683887c5f
I agree that Solution 2 is the best, each time you do a request you can check to see if the Access Token has expired, and if it has then you can request a new Access Token using the Refresh Token as you mentioned and then make your request, in my own project I do this in a FormatRequestHeadersAsync method which calls a CheckAndRenewTokenAsync method where I perform the following check, here shown in C#:
if(AccessToken?.Refresh != null && (AccessToken.Expiration < DateTime.UtcNow))
{
AccessToken = await GetRefreshTokenAsync(
AccessToken.Refresh,
AccessToken.TokenType,
cancellationToken);
}
You can store the Access Token and the Refresh Token and then use something similar to this before you make each request to the API this will refresh your token and then you can store the new Access Token and the existing Refresh Token.

Getting "Enter a valid json" when entering Headers for HTTP with Azure AD in Microsoft Flow/Power Automate

I'm working on setting up a flow that will make an API request against a protected API. Since it requires authentication, I'm using HTTP with Azure AD. I'm able to sign in correctly, and I appear to be getting an authorization code:
I'd like to exchange this code for an access token so I am invoking this HTTP request:
It's complaining about the Headers not being a valid json. I'm also not sure what to include in the Body to exchange the authorization code for an access token.
Since I don't know much about this connector, so I'm sorry that I can't explain to you why your API calls still require logging in(which you asked in previous post). But if just for the questions and screenshot you provided above, I can provide some suggestions for your reference.
In you power-automate, you can add a "Initialize variable" action to initialize a variable named "header" and set the value shown as below screenshot:
Then you can use "Parse JSON" action to parse this variable(convert it to json format)
Now you can use the "Body" from the "Parse JSON" as the value of the "Headers" box in your "Invoke an HTTP request". It will solve the issue of headers not being a valid json.
For the value of "Body of the request", you can put the value as I provided in the previous post:
grant_type=password&client_id=xxxxx&scope=xxxxx&username=xxxxx&password=xxxxxclient_secret=xxxxx
Hope it would be helpful to your problem~

Bad Request returned when calling Yammer Oauth api for Impersonation

I'm working on building a powershell script to update user's profiles in Yammer. I need to be able to update users' subscriptions (followers) in their yammer profile and in order to do that, I need to get an auth token for that user (impersonation). According to Yammer's api documentation (https://developer.yammer.com/docs/impersonation), I need to be a verified admin (I am). I've registered my app with Yammer, I have a bearer token for my app which I'm passing in the auth header, and I'm passing in the consumer key and user_id for whom I want to impersonate in the api request query string. The api is responding with a 400 - Bad Request. The error message states that the request cannot be fulfilled due to bad syntax. I'm testing this using Postman. I am sending a GET request to the API as shown below. Obviously, I have actual values for the userId and consumerKey values. Does anything appear incorrect with this query and/or does anyone have any experience with this api that could possibly share some insight?
https://www.yammer.com/api/v1/oauth/tokens.json?user_id=userId&consumer_key=consumerKey

Authentication on Instagram to get the access_token using the API

I'm using the Instagram API and want to get the access_token in order to throw api requests over my own account. When I try to follow the first step and get the authorization code programmatically using RestTemplate I can't get it work.
String AUTHORIZE_URL = "https://api.instagram.com/oauth/authorize/?client_id=<CLIENT_ID>&redirect_uri=<REDIRECT_URI>&response_type=code";
String url = String.format(AUTHORIZE_URL, clientId, redirectUri);
String o = restTemplate.getForObject(url, String.class);
The response is the html code of the login page because Instagram requires the user to be logged in to check if the app is authorized (of course it is, since the app an the user belongs to my own account).
How can I authenticate before throwing that request so they return the code to my redirectUri and not complain about login?
Note: I tried simulating the request to their login form but it returned a 403 Forbidden.
NOTE: I already got a valid access_token, manually generated, and it works perfectly but I want to implement also a process to re-generate a new access_token automatically since they may invalidate it at any time in the future.
Even though our access tokens do not specify an expiration time, your app should handle the case that either the user revokes access, or Instagram expires the token after some period of time. If the token is no longer valid, API responses will contain an “error_type=OAuthAccessTokenError”. In this case you will need to re-authenticate the user to obtain a new valid token.
In other words: do not assume your access_token is valid forever.
Instagram is upgrading their APIs and the flows. Earlier we needed access token to bypass forced login screen. Since yesterday, they have removed that.
Now if you call this code, it will check if you are already logged in or not. If so, it will call the AUTHORIZE_URL of yours and will send a response code. The format will be either:
On success validation - http://your-redirect-uri?code=CODE
On error - http://your-redirect-uri?error=access_denied&error_reason=user_denied&error_description=The+user+denied+your+request
Now what I'm doing is I'm directly calling the above URL of yours every time. Now if the user is logged in, a response code will be sent to you, else user will be asked to login and validate your app and then the code will be sent. Technically, you are eliminating the possibility of the error case! So no need of overhead of storing access token in your database or verifying its validity.
Just try and check now what happens.
PS: If you want to check API behavior, simply type the URL on the browser and check what it returns! It helped me a lot while coding and debugging! :)