From the Magento wiki at:
http://www.magentocommerce.com/api/rest/authentication/oauth_authentication.html#OAuthAuthentication-OAuthProcess
When getting an API token you start off by getting an Unauthorized Request Token at:
www.mystore.com/oauth/initiate
However, my code does not work and when I browse to the above url in my browser I get a 404.
I am appending shop store code to the base url (eg www.mystore.com/en/) I don't know if this alters anything.
The Magento Wiki has a typo:
$adminAuthorizationUrl = 'http://yourhost/admin/oAuth_authorize';
Should be:
$adminAuthorizationUrl = 'http://yourhost/admin/oauth_authorize';
I struggled with this one for most of the day, so here's a late contribution in case it helps anybody:
The authorization URL that's documented by Magento, admin/oauth_authorize, assumes that you're not using a custom URL for your admin access. "admin" is the standard URL to access the Magento dashboard, but many people change it for security. If you have changed your admin URL to something other than "admin", use that instead.
IOW if you access your Magento dashboard at https://yoursite.com/foo, then your authorization URL is foo/oauth_authorize.
I also had the problem, that the following request returned the 404 http status:
http://yourmagentostore.com/oauth/initiate
The solution was quite simple: In case if you are using multiple stores and/or store views on the same domain, don't forget to add the url path which maps to the store view. E.g.
http://yourmagentostore.com/<my-store-view-path>/oauth/initiate
I just had the same problem. Not many similar problems to be found and no solution. This is strange because this seems to be a missing config option 'global/request/direct_front_name', which isn't set in Core/Oauth module. How can all the tutorials work without this important setting!?
Without "oauth" setting being there, every call to /oauth/[controller] leads to "noRouteAction" being resolved (see. Mage_Core_Controller_Request_Http::setPathInfo() and Mage_Core_Controller_Request_Http::isDirectAccessFrontendName($storeCode)) instead of default indexAction.
So, the solution is to set this setting in local config or an own extension as follows
<?xml version="1.0"?>
<config>
[...]
<global>
[...]
<request>
[...]
<direct_front_name>
<oauth/>
</direct_front_name>
</request>
</global>
</config>
Afterwards you can finally get the token at least. I'm checking the further process now.
There is one subtlety don't forget the http:// so your call to the store should be
http://yourmagentostore.com/oauth/initiate
Also there is more to REST services setup then on the link you posted, it is only an overview. There is a ton of configuration on the store before you will actually get a rest response and when the user isn't recognized, unauthorized or without proper ACL privileges you will get 404 or 500 responses. I guess that deters hackers but it is a bear to trouble shoot. I've been down this road and although I am using an automation tool the Setup of the store and troubleshooting is the same.
Take a look on my blog I keep it up to date with my adventures with the Magento REST API
Cheers!
Rich Borek
http://magento-simplified.blogspot.com
Related
Let's say I have a subdomain that I use for my site's API: http://api.example.com/
All of the API's methods are accessible as URL segments such as http://api.example.com/some_method, so the root itself isn't used for anything.
Should it redirect to http://example.com/, redirect to a 404 page like Twitter, emit a basic response in the format of the API with a short message, or just have it send an empty response?
Are there any resources out there (articles, etc.) with any other possible suggestions?
I think that's up to you. In a RESTful API, the root would be the starting point for visitors to learn how to operate your system (HATEOAS). But since you talk about /some-method, you're probably not using the REST architectural style, so that's not applicable.
I would avoid the empty response. Maybe a short message pointing to documentation for the API? It really depends a lot on how the rest of your system is designed, so it's hard to give "correct" advice.
I've been looking for this answer and the other pages didn't help me.
I'm trying to use the google drive api for php. I am trying to test on my local environment and receive this error.
Error: redirect_uri_mismatch
The redirect URI in the request: urn:ietf:wg:oauth:2.0:oob did not match a registered redirect URI
Request Details
scope=https://www.googleapis.com/auth/drive
response_type=code
redirect_uri=urn:ietf:wg:oauth:2.0:oob
access_type=offline
display=page
prompt=consent
client_id=735129338633-0epug8n80jsg0t50ijn7our4a661nnk6.apps.googleusercontent.com
Here is the page for the api:
The url is in
localhost:8888/Spreadsheets/driver.php
What am I doing wrong?
Looks like the current Google OAuth2 integration requires enabling
Contacts API
Google+ API
from the Google Developers Console for the associated Project. In my log I noticed errors liek 403, Access Not Configured. Please use ....
The redirect URI (where the response is returned to) has to be correct and exactly as you registered in the APIs console, and the error is indicating that you haven't done that or you haven't done it correctly.
To get the redirect URI from console:
Go to the console for your project and look under API Access.
Open Credentials section (in left side)
You should see your client ID & secret there, along with there is a
list of redirect URIs. If you want to change it or it was wrong,
click edit settings and modify.
Even if your redirect uri is properly set in the console, a lot of times, when you've recently changed settings in the google dev console, it will still tell you there's a redirect mismatch. It's a surprisingly common occurrence.
You can try...
Waiting; some have had luck with this, indicating that google takes some amount of time to register recent changes.
If you don't mind reconfiguring your app, creating a new client id in the google dev console tends to fix this problem with consistent results.
hello all i havent managed to find this elsewhere here nor in the old GAS product forum so here goes:
i am writing a simple client javascript which queries various APIs. when it comes to querying a certain GAS script i have set up to access gmail, i understand i am supposed to serve its data through JSONP. the client script dynamically injects a SCRIPT tag and should normally handle this "response" as script. except whenever the response contains html, requesting the user to grant permissions. in this case this HTML goes into the SCRIPT raising syntax error with MIME type mismatch.
researching this problem i was led to believe the solution lies somewhere around redirecting the user to this page always before every call. so my question is, where can i find best practice regarding this issue?
Unfortunately there isn't a full solution for detecting and granting authorizations to scripts used in JSONP requests. I've seen workarounds where an application first prompts the users to visit the web app's URL, so that they can grant authorization, before allowing them to use the JSONP portion of the application.
So I finally got a link in my facebook post using the properties parameters. I thought I could put my url scheme in there. But unfortunately it says it isn't a valid url, which makes sense. So I searched again for another solution. But everyone seems to be talking about fb:// and not their own app url scheme.
So I created this thread, hope somebody can help me.
Try using bit.ly (or some other URL shortener).
The last time I tried, bit.ly accepted any URI schema and just did a redirect. I've successfully used this in the past to work around inputs that expected either an HTTP or HTTPS schema.
Additionally, similar logic could be done on your own server if you prefer. Simply share a link to your own server on Facebook, and have your server side script do a 301 to whatever App specific URI you have.
I developed a weather app using google weather API
but from today it stopped working.
When I tried to access the weather API using location through browser it asks for human authentication.
How can my app work when it is like this? Is there a way to bypass the authentication process?
It's very odd behavior...I wonder if it has something to do with headers that are passed along as when I try loading the API url in Chrome, Unsupported API...or if I do same URL in Firefox, works just fine.
It's also worth noting that I tried setting up an Apache Proxy to Google's weather service by placing the following two lines in a separate Web Server's apache config and referenced the API via www.domain.com/weather/api?weather=Chicago and it still works...so that's my workaround for now:
ProxyPassReverse /weather/ http://www.google.com/ig/
ProxyPass /weather/ http://www.google.com/ig/
Try to change domain, ex: http://www.google.ca/ig/api?weather=Sondrio . It works (for now :D).
Looks like it is out of use from now on
Even using .CA it returns Unsupported API randomly.
Pity
Yeah, interesting, Google seems to send back random "Unsupported API" responses if the request is missing the cookies that the browsers (tested with Chrome and Firefox) are including with requests to the inofficial weather URL.
I've fixed my application by copying the entire "Cookie:" header I found when I ran the request in Firefox with Firebug's "Net" tab enabled.
Not sure where on .google.com the browser got the cookies from yet, I presume from using a personalized service like gmail.
if you are looking for a weather API that works right now, I have a suggestion…
Try Metwit Weather API, it's new but sounds very cool…
This api is really simple to use because it use standards that are available nowadays, like JSON and REST.
you can use this new api this has the same xml structure of google weather api
http://en.previmeteo.com/professionals/google-weather-api.php