I have the WordPress rest API
and WordPress OAuth server setup plugins setup and am trying to authenticate using http://sevengoslings.net/~fangel/oauth-explorer/
every time the call content is not giving me the OAuth token or OAuth secret that I need.
I tried these steps
https://wordpress.org/support/topic/json-rest-api-from-mobile-app-with-authentication
1. Enter base url (http(s)://your.domain.com/oauth1
2. Access token = request
3. Authorize = authorize
4. Access_Token = access
5. Enter your consumer key and secret (leave method as HMAC-SHA1)
Click Get Request Token and you get Call content
I should get this in Call Content
Call content now =
oauth_token=xxxxxxxxxxxxxxx&oauth_token_secret=xxxxxxxxxxxxxxxxxxxxx&oauth_call_back_confirmed=true
But I only get this
page not found
Here they were not able to get 3-legged OAuth1 .0a to work so they used basic OAuth which requires another plugin and is not recommended for production.
Should I be using a different signature method?
I'm looking for two curl commands to get an OAuth grant from the server and another one to trade this grant for an access token+ refresh token.
I have got this to work and I'll outline how I have done this.
I'm using the Postman application to test and perfect the API calls. I highly advise using this. Once you have got the call working you can export to PHP Curl (or whatever you need).
If you use Postman you can view my API calls using this shared link.
For the First call you are having trouble with I have the following settings
First, I made sure my endpoint URL was:
{{url}}/oauth1/request
I set my API Call to PUSH and my AuthType to OAuth 1.0
I added my consumer_key and consumer_secret that I created in the WP Backend > Users > Applications (this is added with the OAuth plugin).
Signature Method - HSAC-SHA1
Then Postman will update this and dynamically create your Nonce, Timestamp and Version.
I set my Realm as 'Example'
I then made sure that I enabled the options:
- Add Params to header
- Add empty params to signature
Here is what I get for my params:
realm="Example",oauth_consumer_key="AdPuqyWrAQQc",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1470248765",oauth_nonce="dnOTvG",oauth_version="1.0",oauth_signature="gUahTX2hfV1lqZCfMUvHtLLoauI%3D"
This provides me with the following output:
oauth_token=xbTb4E93K6pP2tcg4qGJIYgl&oauth_token_secret=qWo01WL2ish205yvjiU8qyCkKVPMNUvSbKpFBB1T1oOuOtBc&oauth_callback_confirmed=true
I can use Postman to export this API call to a cURL function and if so I get the following:
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "http://mydomain.dev/oauth1/request",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"oauth_consumer_key\"\r\n\r\nAdPuqyWrAQQc\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"oauth_token\"\r\n\r\n\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"oauth_signature_method\"\r\n\r\nHMAC-SHA1\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"oauth_timestamp\"\r\n\r\n1470241356\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"oauth_nonce\"\r\n\r\n7VKp4N\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"oauth_version\"\r\n\r\n1.0\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"oauth_signature\"\r\n\r\n9qRrIkDxt56S9Ikf061eFOVLAdA%3D\r\n-----011000010111000001101001--",
CURLOPT_HTTPHEADER => array(
"authorization: OAuth realm=\"Example\",oauth_consumer_key=\"AdPuqyWrAQQc\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=\"1470248765\",oauth_nonce=\"dnOTvG\",oauth_version=\"1.0\",oauth_signature=\"gUahTX2hfV1lqZCfMUvHtLLoauI%3D\"",
"cache-control: no-cache",
"content-type: multipart/form-data; boundary=---011000010111000001101001",
"postman-token: dd85258e-a72a-b731-82d1-00109e30962f"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo 'response ' . $response;
$a = parse_str($response);
echo 'token ' . $oauth_token;
echo '<br>';
echo 'secret '. $oauth_token_secret;
}
This is step 1 of a 3 step process for OAuth Authentication. I'm just starting out on my journey to connect them all. There is not much documentation out there and not many examples.
Step 2 looks like a call to /oauth1/authorize with the provided token and secret. This looks like it then requires a user login and a new (and permenant) token and secret is created.
Step 3 looks like a call to /oauth1/access
I haven't succesfully got Step 2 and Step 3 to link together correctly, but I thought I should post to help with the original query about the first step not returning the correct tokens
This article is one of the better ones out there explaining how to use WP-API and OAuth.
Related
I am working on Walmart integration to my own web application using PHP. When I tried to acknowledge my Mexico orders, I got an empty response. The data type of response is string with 0 length, error code 400. It looks like my credentials are good. Is "https://marketplace.walmartapis.com/v3/orders/{PurchaseOrderId}/acknowledge" a valid API url?
$url="https://marketplace.walmartapis.com/v3/orders/P108915403/acknowledge";
$ch = curl_init();
$qos = uniqid();
$options = array(
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 60,
CURLOPT_HEADER => false,
CURLOPT_POST =>1,
CURLOPT_HTTPHEADER => array(
"WM_SVC.NAME: Walmart Marketplace",
"WM_QOS.CORRELATION_ID: $qos",
"Authorization: Basic $authorization",
"WM_SEC.ACCESS_TOKEN:$token",
"Accept: application/json",
"Content-Type: application/json",
"WM_MARKET: mx",
),
);
curl_setopt_array($ch, $options);
$response = curl_exec($ch);
var_dump($response);
Code Snippet
After putting it aside for a few months, today I picked it up and finally got it resolved luckily and got a 202 Accepted Response with empty content(Walmart's documentation says the response to a successful call contains the acknowledged order, but it actually contains nothing except for 202 Accepted code).
When I tried to acknowledge my Mexico orders, the response is actually not empty. The header contains error message: http code 400 Bad Request. I confirmed that it is due to wrong payload structure after testing.
So "https://marketplace.walmartapis.com/v3/orders/{PurchaseOrderId}/acknowledge" is a valid API URL and is the same as US API. The difference between them is that MX site needs a well-structured payload through POST while US site does not(US API only needs an empty payload through POST).
The key point to a successful call is the structure of the payload. The structure should be like the samples in the documentation.
Pay attention to the details of the structure. Refer to the picture for the structure of payload here.
The "orderLine" and "orderLineStatus" should be declared as ARRAY instead of single element. And this is the reason why I failed to call the acknowledge API before.
Looks like you are using an old API, which has been discontinued, the same has been communicated late December 2020.
We have improved our onboarding experience with following steps:
Create an account on Walmart IO platform - https://walmart.io by clicking on the user icon just before the search box.
Login to the account and accept "Terms of Use"
Click on "Create Your Application" to create a new application and fill in appropriate details.
Use this tutorial to generate two sets of public/private keys - https://walmart.io/key-tutorial
* One set will be used for production.
* Other set will be used for stage.
Upload both public keys using - https://walmart.io/key-upload?app_name=<your app name>
Consumer ID will be generated for both sets for prod and stage which can be seen on the dashboard - https://walmart.io/userdashboard
Click on "Request Access" for Checkout APIs at https://walmart.io/reference and fill out the form.
Once the access is approved, documentation will be available for integrating with Commerce API through Walmart I/O.
We will send out client secrets for stage and prod as soon as they’re ready.
Thanks,
Firdos
IOSupport
I am trying to use the Xero API to send an Invoice Email on my WordPress site. But I am unsure how to set the authorization header I have attempted the following:
$args = array(
'headers' => array(
'Content-Type: application/x-www-form-urlencoded',
'Authorization' => 'Basic ' . base64_encode('myClientID' . ':' . 'myClientSecret')
),
);
$response = wp_remote_post('https://api.xero.com/api.xro/2.0/Invoices/2dfa4120-1fd2-4e67-927e-c16ac821226c/Email', $args);
print_r($response);
This gives me a response of 404 unauthorized. Is there something I'm missing or doing wrong?
the Authorization header actually requires a valid access_token be set, not the id / secret combo. You can read more about the code flow required to get a token here: https://developer.xero.com/documentation/oauth2/auth-flow
If you familiar with PHP you can look through code in the PHP SDK sample app here: https://github.com/XeroAPI/xero-php-oauth2-app
Is your goal to send that invoice email to a dynamic organisation, or simply send an invoice from your own personal org?
Fortunately (or unfortunately) early next year we will have the option for this embedded access_token - but if you wanted to set this up in the interim you will need to generate an access token from a user flow, and then setup the backend mechanism to have it be refreshed prior to usage which I explain in this youtube vid: https://www.youtube.com/watch?v=Zcf_64yreVI
More about "machine 2 Machine" integrations aka the client_credentials OAuth2.0 grant
https://developer.xero.com/announcements/custom-integrations-are-coming/
I am trying to use Instagram Basic display API but when I post the authorization code to get the access token I keep getting the following error
{"error_type": "OAuthException", "code": 400, "error_message":
"Invalid platform app"}
I am following all the steps mentioned here -> https://developers.facebook.com/docs/instagram-basic-display-api/getting-started and Yes I am using the Instagram app ID and It's client secret which is in Products -> Instagram -> Display and following is the URL I am sending the request
"https://api.instagram.com/oauth/access_token?client_id=".$app_id."&client_secret=".$app_secret."&grant_type=authorization_code&redirect_uri=".$redirecturi."&code=".$code,
I ran into this same issue. Problem was I was using the Facebook App ID and App Secret instead of the Instagram App ID & App Secret. You must go to the "Instagram Basic Display" section on the Facebook developers site then scroll down until you find the Instagram App ID & Secret.
If you are using Postman, do remember it's a POST request. Use form data
When you exchange the code you need to use a POST request.
From the looks of your url, you've formed it as a GET request with all the parameters as part of the url rather than as form data. Try sending the parameters as part of the post body instead
Working example code:
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://api.instagram.com/oauth/access_token",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => array('client_id' => '{client_id}','client_secret' => '{client_secret}','grant_type' => 'authorization_code','redirect_uri' => '{redirect_uri}','code' => '{code}'),
CURLOPT_HTTPHEADER => array(
"Content-Type: multipart/form-data; boundary=--------------------------780367731654051340650991"
),
));
$response = curl_exec($curl);
curl_close($curl);
print_r($response);
I have got this error for the below reason.
If any case, App Id and Secret Key are blank then this type of error is generated. so we can first test first that that app id and secret key must be the correct one. I know that this is a very normal thing that we can notice easily. But sometimes, we can not notice some simple things.
I am new to Quickbooks API. I have found APIs list under API Exolorer link in Quickbooks. They have shown the Request URI & Request Headers that are needed for making the API call. I can understand that. But how to call that URI or how to integrate that API with PHP is not exactly specified. I tried to call the URI and get the results using curl,but it didn't succeed. I have lost lot of time for this integration. I have searched google in all possible way. But most of the results coming related to PHP SDKs. But I need to integrate the Quickbooks Online API.
The Request URI for creating an entity is looks like below.
https://{{baseurl}}/v3/company/{{companyid}}/account
Please help me to sort this out.
As most people suggested, using the PHP SDK is going to be the easier way for integrating QuickBooks Online with PHP: https://github.com/intuit/QuickBooks-V3-PHP-SDK
However, using plain PHP cURL is also possible, but a few concepts you need to understand before making the API call:
1) OAuth 1.0 protocol
It is what most developer get confused of. QuickBooks Online use OAuth 1.0 as authorization protocol. You need to spend sometime to understand how it worked. For documentation, you can read it here: https://developer.intuit.com/docs/0100_quickbooks_online/0100_essentials/000500_authentication_and_authorization/connect_from_within_your_app
However, I suggest you play with the OAuth playground, it gives you a feeling for how it looked like when you implement it: https://appcenter.intuit.com/Playground/OAuth/IA/ (fill your Consumer key and secrets, click on Connect to Quickbooks Button)
During the process, it will return something called: RealmID. That is the companyid in QBO, put it on the URL.
2) The base URL
When you create an app at developer.intuit.com, under keys tab, you will see Development Keys and Production Keys. The corresponding keys at the right side is what you need to fill for the {baseurl} part(For example, besides development keys, there is place called "Accounting Sandbox Url" : "sandbox-quickbooks.api.intuit.com"). For each API entity endpoint, refer to the documentation: https://developer.intuit.com/docs/api/accounting/customer
3) Authorization header
You are unlikely to implement it by yourself for OAuth 1.0. Twitter has a good link for how to use the Access Token and Access Token secrets from step 1) to generate signature: https://dev.twitter.com/oauth/overview/creating-signatures
You will put the signature as part of the authorization header.
If you are using POSTMAN, they have OAuth 1.0 as authorization protocol available for you. Here is an example
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://sandbox-quickbooks.api.intuit.com/v3/company/193514340994122/account/1",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"authorization: OAuth oauth_consumer_key=\"qyprdDjYtPpiEpbwFQZuUoAjubpVqm\",oauth_token=\"lvprdfblXv4LqNVhIv2WH2JebiSZgNs9POiEoCJxMwEhqbgc\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=\"1494441064\",oauth_nonce=\"cfh0b7\",oauth_version=\"1.0\",oauth_signature=\"KqpN9ximPGWnWJBaXg1Vs9urJLY%3D\"",
"cache-control: no-cache",
"postman-token: 7c570691-c6cd-a706-67a0-984c5ddb1e6a"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
I am using this example to successfuly make a login connection on windows live platform:
http://code.msdn.microsoft.com/messengerconnect
(the oauth handler callback one)
I receive a token and a user id from their api, but I can't seem to understand how to fetch the user profile from these info.
Does anyone know how to do this?
There are examples in MS website, but they are all C# or javascript ones and I have to do it in PHP.
After retrieving the token and the cid I tried this, but returns me an error:
$url_string = 'http://apis.live.net/V4.1/cid-'.$user->getId().'/Profiles/';
echo("<br/>\n".$url_string);
$curl_session = curl_init($url_string);
// build HTTP header with authorization code
$curl_options = array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => array(
'Authorization: WRAP access_token=AuthToken="'.urlencode($_REQUEST['stoken']).'"',
'Accept: application/json'
)
);
// setup options for curl transfer
curl_setopt_array($curl_session, $curl_options);
// execute session and get response
$curl_response = curl_exec($curl_session);
print $curl_response;
curl_close($curl_session);
The error is this:
{"Title":"ErrorResource","Code":1062,"Message":"Request does not contain a valid PUID."}
can you guys help me retrieving the user info?
EDIT:
solved the problem by removing the =AuthToken from the authorization and it worked!
Thanks,
Joe
Yes!
made it work after hours trying lots of differents samples from ms ¬¬
the problem was the Authorization: WRAP access_token=AuthToken=
just removed the AuthToken= and it worked!
so its now like this:
'Authorization: WRAP access_token="'.$wrapper->getReturnedParameter('wrap_access_token').'"'