Hello I am working on a site that accept PayPal API Credentials for every restaurant owner so that amount could be transferred to their account directly.
The problem that I am facing, some times restaurant owners add wrong API credentials so when any order is placed the error "Security Header is not valid" appears means their API credentials is wrong.
The solution I want is that the API Credentials could be verified when they are added by restaurant owner, so that order could be placed by end user.
Is there any way to Verify/Validate PayPal API Credentials(User Name, Password, Signature), Please help.
Thanks in advance!
PayPal Don't have any External API to validate the API Credentials alone.
instead. You can Use the Express Checkout SETEXPRESSCHEKOUT API to call with very Minimal data and the API credentials, which will validate the API credentials and will generate a Token. If you get a Token it means the API credentials is correct. This will not do any money Movement with this API Call. PP have this API available in both NVP and SOAP format.
Related
I am trying to linking one of the client account to our manager account using Google Ads API.
I followed this link:
https://developers.google.com/google-ads/api/docs/account-management/linking-manager-accounts
I am able to send the invitation to the client but not able to accept the invitation on the behalf of client.
The reason is not able to get manager_link_id. I see the code and that has the following query.
SELECT customer_client_link.manager_link_id FROM " +
"customer_client_link WHERE customer_client_link.resource_name = " +
$"'{customerClientLinkResourceName}'"
The error I get :
User doesn't have permission to access customer. Note: If you're accessing a client customer, the manager's customer id must be set in the 'login-customer-id' header. See https://developers.google.com/google-ads/api/docs/concepts/call-structure#cid
I am using the manager client Oauth. I am not sure we can take it out using that or not.
Please help me how can I solve this issue.
Also is there a way I can get Oauth token for client from my manager account using Ads API.
I used postman to send call the API and it give me below error:
Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
I am developing an iPhone application to demonstrate the MFA using sms factor with MFA APIs for POC. I am using the authorisation flow for getting my access token (where I get a authorisation code and redeem it for an access token)earlier to MFA implementation. From the documentation, I found out that I need an MFA_token to work with MFA APIs. I added few changes with my existing authorisation process.
I am getting an MFA Token by doing the following steps:
Added scope enroll read:authenticators to authorisation endpoint( i.e. “https://<my_domain>/authorize”)
Added an audience:
https://<my_domain>/mfa to the authorisation endpoint
Then I make a post request to token endpoint with authorization code to get the mfa_token.
The only changes I can observe is now the access token(which I presume to be the mfa_token) is in jwt format with expire time 600 sec. By using this access token(=mfa_token)
I built a custom pages for my user for enrollment and challenging the user via sms.
I am able to enroll user, confirm enrollment using this access token.
But when I challenge an user using this access token I get the following error after https://YOUR_DOMAIN/mfa/challenge call.
{
“error”: “invalid_grant”,
“error_description”: “Malformed mfa_token”
}
Can anyone please say me where I am going wrong?
Is the access token same as the MFA_Token in my case?
Thanks in Advance!
I think the access_token only serves as mfa_token during OOB/device registration. Thenafter, the user will get an mfa_token during auth, which is passed for MFA/OTP challenges
https://auth0.com/docs/login/mfa/ropg-mfa/manage-authenticator-factors-mfa-api#resource-owner-password-grant
I'm trying to get list of my shared albums from Google Photos.
I found a enable Photos API in Google Developers Console.
HTTP GET:
https://content-photoslibrary.googleapis.com/v1/sharedAlbums?key=AIzaSyCkXXXXXXXXXXXXXZiOSe9IiyM8E
RESULT:
{ "error": { "code": 401, "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", "status": "UNAUTHENTICATED" } } 1
Configuration in developers console:
Please, what I'm doing wrong? Thank you.
Google API need an access token to make sure that the user has the permission to access the feature. Access token is just like cookie that should be send together with the request.
Usually you will need so many setup to get the access token with your own code. But there are a client library that can help you access Google API with small setup.
Access token also has a lifetime, so if you don't use the library you will need to manually refresh the token.
You need to configure OAUth 2.0 credentials (client ID and secret) and not an API key. More details are in the developer documentation here: https://developers.google.com/photos/library/guides/get-started#request-id
The Google Photos library API acts on behalf of a user, that's why you need to authenticate via OAuth 2.0. As part of this request you also need to specify a scope for your users to accept, see this page for more details: https://developers.google.com/photos/library/guides/authentication-authorization
I've been working on a python project to backup google photos library and album info. you can probably modify it to do exactly what you want. It is fully working but does not currently distinguish between shared and private albums.
https://github.com/gilesknap/gphotos-sync
In particular, see https://github.com/gilesknap/gphotos-sync/blob/master/gphotos/authorize.py which handles authentication and authorization for any Google service (it also handles storing the token and refreshing the token).
I want to make a website which users can see their posted pictures on the page.
I have signed up for facebook API and have an app id and app secret.
https://graph.facebook.com/oauth/access_token?client_id={#}&client_secret={#}&grant_type=client_credentials
I send users to the oauth to get the user's access token but I don't know what to do next.
https://graph.facebook.com/v3.0/me?fields=id,name,posts&access_token={#}
I thought this would work but I had the error below
"An active access token must be used to query information about the current user.",
The URL you are using to get the Access Token is actually an App Token API.
To generate the Access Token Please replace
https://graph.facebook.com/oauth/access_token?client_id={#}&client_secret={#}&grant_type=client_credentials
with
https://www.facebook.com/v3.0/dialog/oauth?response_type=token&client_id={#id}&redirect_uri={#}&scope=publish_pages
add a redirection url here where the token is published.
OR
better option is to use the login button mentioned here.
https://developers.facebook.com/docs/facebook-login/web/login-button
Also you can read here about all Access Tokens
https://developers.facebook.com/docs/facebook-login/access-tokens/
We are using rdio to get music from rdio in our app. We have used OAuth2.0 for authentication. Currently we are using authorization code. I am exploring to switch to Resource owner credentials documented in (http://www.rdio.com/developers/docs/web-service/oauth2/auth-password/ref-oauth2-auth-password ). I have created the app in rdio site, obtained the client_id and client_secret. I am making POST call to https://services.rdio.com/oauth2/token and passing username= password= (HTTP Authorization header method of client verification) . The response comes as "error_code":"unauthorized_client" "error_description": "This client is not authorized to use the password grant". I have tried to substitute username and password with real username and password, but that doesn't work. Is it the validity of client_id and client_secret that is the issue? I've followed all the steps to T. Please let me know what am i doing wrong?
Regards Vinay
This OAuth 2.0 grant isn't available to every one, the documentation says:
This method is limited to trusted Rdio partners. Please contact us if you feel your application needs to use this method.