I have the following secure request code:
$apiCall = 'https://api.instagram.com/v1/users/self/media/liked?sig='.$sig.'&access_token='.$token;
$request = curl_init();
curl_setopt($request, CURLOPT_URL, $apiCall);
curl_setopt($request, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($request, CURLOPT_RETURNTRANSFER, true);
curl_setopt($request, CURLOPT_SSL_VERIFYPEER, false);
$jsonData2 = curl_exec($request);
curl_close($request);
var_dump($jsonData2);
According to Instagram Documentation, it works because I get the following response:
{"pagination": {}, "meta": {"code": 200}, "data": []}
App is in Sandbox, but I am querying about a sandbox user (self). How can I see the real info? I mean, the structure with the likes data? Am I missing headers or something?
Thanks in advance.
I changed the endpoint to: "/users/self/media/recent" and return the expected response.
So, in sandbox, you can only see media and details OF the sandbox user. Even the interactions of this user in other accounts and media are invisible in sandbox mode.
Related
I own an institutional e-mail account and I want to access its content (and send emails) using a PHP web application I'm writing, and I want it to access this account without sign-in from the user (they will be logged to my application, that will send predefined messages based upon user's actions).
I registered the application using Microsoft Application Registration Portal using this institutional account credentials, and got my client_id and client_secret (password).
I'm using the code below to perform authentication based on these instructions:
function preformat($string) {
return "<pre>".htmlentities($string)."</pre>";
}
function getGraphAccessToken($domain, $client_id, $password) {
$graph_endpoint="https://graph.microsoft.com/.default";
$token_endpoint = "https://login.microsoftonline.com/".$domain."/oauth2/v2.0/token";
$token_postdata = implode("&",[
"grant_type=client_credentials",
"client_id=".urlencode($client_id),
"client_secret=".urlencode($password),
"scope=".urlencode($graph_endpoint)
]
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_URL, $token_endpoint);
curl_setopt($ch, CURLOPT_POSTFIELDS, $token_postdata);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$token_json = curl_exec($ch);
curl_close($ch);
$token_object = json_decode($token_json);
return "Authorization: ".$token_object->token_type." ".$token_object->access_token;
}
function queryGraph($auth_header, $feed){
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, false);
curl_setopt($ch, CURLOPT_URL, "https://graph.microsoft.com/v1.0/".$feed);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array($auth_header,"Accept:application/json;odata=minimalmetadata","Content-Type:application/json;odata=minimalmetadata","Prefer:return-content"));
$graph_query = curl_exec($ch);
curl_close($ch);
return $graph_query;
}
$auth_header=getGraphAccessToken($domain,$client_id,$client_secret);
echo preformat($auth_header);
$query_me=queryGraph($auth_header,"me");
echo preformat($query_me);
This code succeeds to grab the access token and requests from https://graph.microsoft.com/v1.0/me/ expecting to receive the institutional account's info (as a success test). However, I get the following response:
{
"error": {
"code": "BadRequest",
"message":
"Current authenticated context is not valid for this request.
This occurs when a request is made to an endpoint that requires user sign-in.
For example, /me requires a signed-in user.
Acquire a token on behalf of a user to make requests to these endpoints.
Use the OAuth 2.0 authorization code flow for mobile and native apps
and the OAuth 2.0 implicit flow for single-page web apps.",
"innerError": {
"request-id": "3073f561-43db-49d3-9851-7f50037abb61",
"date": "2018-12-31T17:28:45"
}
}
}
What am I missing or doing wrong here?
You cannot use /me with app-only authentication, you need to reference the user via their userPrincipalName - /users/{upn}. After all, how would Graph know which "me" you are referring too?
I am trying to the Instagram PHP API to get friends photos. I registered as a sandbox user as well as a dummy user with few random images posted.Then, I invited the dummy user to grant the app in sandbox to connect his account.
To get access token I send a request to get code and then get access token with scope:
https://api.instagram.com/oauth/access_token?client_id=CLIENT_ID&client_secret=SECRET_STRING&grant_type=authorization_code&redirect_uri=http://localhost/&code=CODE&scope=basic+public_content+comments+likes`
PHP code:
$url = 'https://api.instagram.com/oauth/access_token';
$payload = [
$GLOBALS['KEY_CID'] => $GLOBALS['VAL_CID'],
$GLOBALS['KEY_CECRET'] => $GLOBALS['VAL_CECRET'],
'grant_type' => 'authorization_code',
'redirect_uri' => 'http://localhost/',
'code' => $param_code,
'scope' => 'basic+public_content+comments+likes'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url); // url
curl_setopt($ch, CURLOPT_POST, true); // POST
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); // POST DATA
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // RETURN RESULT true
curl_setopt($ch, CURLOPT_HEADER, 0); // RETURN HEADER false
curl_setopt($ch, CURLOPT_NOBODY, 0); // NO RETURN BODY false / we need the body to return
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); // VERIFY SSL HOST false
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // VERIFY SSL PEER false
$response = json_decode(curl_exec($ch), true);
curl_close($ch);
After I got access token successfully.
I try to get images from a sandbox user which is a dummy account I created for testing:
https://api.instagram.com/v1/users/fane.leee/media/recent?access_token=ACCESS_TOKEN
PHP code for retrieving image:
$url = 'https://api.instagram.com/v1/users/fane.leee/media/recent?access_token='.$ACCESS_TOKEN;
$ch = curl_init(); // initializing
curl_setopt( $ch, CURLOPT_URL, $url ); // API URL to connect
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 ); // return the result, do not print
curl_setopt( $ch, CURLOPT_TIMEOUT, 30 );
$response = json_decode(curl_exec($ch), true); // connect and get json data
curl_close($ch);
The problem
The $response of the get image request is NULL without error message. Anyone got any ideas about the problem?
Thanks.
Reference
Instagram development doc authentication and authorization.
Instagram development doc about user endpoints
Another StackOverflow post about Instagram web API
Development environment:
Ubuntu 16.04
Apache2
PHP 7.0.8
MySQL 14.14
Edit 1: Add the PHP code calling cUrl functions.
Edit 2: If I replace the user id 'fane.leee' by using 'self', I am able to retrieve the images I posted. I also followed the user 'fane.leee'. Any else I should do to retrieve the friends' media?
The fane.leee is a username. Instagram requires a user id in the API caller.
To get a user id by calling a instagram API function, we could use
https://www.instagram.com/{username}/?__a=1
Another way to get the user id is to use a 3rd party website. It is able to retrieve an Instagram user id from a username. It is here
Reference:
An answer from Thinh Vu in this thread - Not the accepted answer, but the answer underneath. P.S the accepted answer is not working anymore.
Im trying to search images related to a specific Hashtag in Instagram, but every time I try to validate or get permissions in my API client I see an alert that say we cant do public calls to show elements in my personal page.
I try with :
$url = "https://api.instagram.com/v1/tags/snowy/media/recent?access_token=".$TOKEN;
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 20);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$json = curl_exec($ch);
curl_close($ch);
And return to me:
{"meta": {"error_type": "OAuthPermissionsException", "code": 400, "error_message": "This client has not been approved to access this resource."}}
This is related a API limitation? Preventing now using some API calls?
Hi,
I have setup a business account at Paypal, and it seems that I already have my Test API Credentials, since I can successfully retrieve them from my Sandbox accounts.
Now I am trying to make the "first call" to get an authorization token.
Here's my PHP code:
$ch = curl_init();
$clientId = "myid"; //not the actual one
$secret = "mypass"; //not the actual one
curl_setopt($ch, CURLOPT_URL, "https://api.sandbox.paypal.com/v1/oauth2/token");
curl_setopt($ch, CURLOPT_HEADER, "Accept: application/json");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, $clientId.":".$secret);
curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=client_credentials");
$result = curl_exec($ch);
$json = json_decode($result);
print_r($json);
curl_close($ch);
And here's the response:
stdClass Object ( [error] => invalid_client [error_description] => Invalid client credentials )
Does anybody have a clue?
Thanks
EDIT: This login is working (I found it elsewhere):
clientId: ASF6RRBP0uTq7FnC90tpFx7vfA-Pliw8uQDjv5RZ10Y_NVspuc88pUPLN6yM
Secret: EAdx7BDKzWczDomYG2QDHu8jhaAXj4xDZLHadvL5aRfesjwo5c81zbSpRxuE
Strangely the format looks very different from mine.
I'm stuck here, cannot go any further without a token.
You could pass it as a header similar as follows:
"Authorization" => "Basic " . base64_encode($clientId . ":" . $clientSecret)
This should act the same as above.
You could write it on curl_setopt like this:
curl_setopt($ch, CURLOPT_HEADER, "Authorization: Basic " . base64_encode($clientId . ":" . $clientSecret));
Also, just out of curiosity, you might want to try out PayPal-PHP-SDK. They have all these bells and whistles, that would keep you away from manually getting this code. It has documentations, and samples, that would help you get started with any API fairly quickly.
finally i managed to get it to work
the correct credentials are a hash of 60-digit, not 16 as first seen
i had to create an app to get them
nobody told me that at paypal, not even the "merchant technical support"
hope this helps someone in the future
thanks for your answers
I am using the box api as mentioned in the documentation. I get the ticket from api_key and then auth_token from api_key and ticket.
But when i use this auth_token for getting information like folder list or file contents etc. I get unauthorized error in response.
Here is my code:
$auth_token = $_REQUEST["auth_token"];
//exit($auth_token);
$headers = array(
"Authorization: BoxAuth api_key=".$box_api_key."&auth_token=".$auth_token
);
$http_message = curl_init("https://www.box.com/api/2.0/folders/0");
curl_setopt($http_message, CURLOPT_RETURNTRANSFER, true);
curl_setopt($http_message, CURLOPT_HTTP_VERSION, "CURL_HTTP_VERSION_1_1");
curl_setopt($http_message, CURLOPT_HTTPHEADER, $headers);
curl_setopt($http_message, CURLINFO_HEADER, true);
curl_setopt($http_message, CURLINFO_HEADER_OUT, true);
curl_setopt($http_message, CURLOPT_SSL_VERIFYPEER, false);
$response = curl_exec($http_message);
print($response);
What may be the problem in the code?
Thanks!
Thank you very much in advance!!!
Make sure you're setting $box_api_key to the api_key you're using to get the ticket and auth token. Also, while this should have no bearing on your question, please use the hostname api.box.com for all API V2 requests (aka, https://api.box.com/2.0/folders/0)