I'm new to the Valence API and Desire2Learn/Brightspace and I'm unable to make successful API calls. Currently I'm using the language bindings at the Valence Site, and can authenticate properly. However, I have made the "Get Versions" call to work sometimes, but I have not been able to make any other call, even while using the user credentials that are supplied. Any other call and I receive a 400 Bad Request header.
All of the fields are left as the defaults, including the host which is "valence.desire2learn.com". If anybody can help solve my issue I would immensely appreciate it.
EDIT: I discovered that my problems lie with the server that I was testing against. If I change the host parameter to the URL that the API test tool uses (devcop.brightspacedemo.com), I can make API calls again.
The host you mention is a public test, demo site. The fact that you can make a GET versions call (which only needs to be made anonymously), but no other call leads me to wonder if you have appropriate user credentials for that site?
Related
I'm trying to use PHP (specifically the SDK made by tangent solutions: https://github.com/TangentSolutions/PowerBI-SDK-PHP/) to push data to a Power BI application (into https://app.powerbi.com) I'm working on. I'm able to get an access token using client_credentials and can run the test API calls Microsoft put into the documentation, however in my application I consistently get this 401 Unauthorized error just trying to run the API call for getting the datasets. I'm testing the datasets call for now, but I get the same response from other API calls too. I also can get the access token when running in Postman and get a 200 response. I've granted the permissions properly (as far as I can tell) in AAD:
I saw some people say to use password as a way of gaining access, which I tried, but I still get 401 Unauthorized back. I would prefer to use client_credentials though, so I'd rather not go this route.
I have not added any scopes to my registered app, because honestly this is the first time I've used AAD and I'm fairly new to using APIs, so I am not totally sure what that means or what I would enter in as a scope. I would think not having scopes could be a problem, but again, I was able to run the test API call from Microsoft's online documentation, which I'm not sure if that's an indication that it should work for the REST API.
The only other issue I can think of is I'm using the Power BI free account, and I'm not sure if I actually need the Pro account in order to build this. I haven't been able to find a straight answer about this, but if anyone knows if Power BI on https://app.powerbi.com uses the "embedded REST API", then I may just need to upgrade my account. I didn't want to upgrade my account just yet if the problem is I'm missing something else.
Usually the 401 error means that the audience of your token does not match your api. When you use the token to call the api, you will receive a 401 unauthorized error. The access token is issued based on the audience, so you must Make sure to set the scope to your api when you request the token. Of course you can also parse the token, check the aud claim, and make sure it is the api you want to call.
If you need to call the Power BI Service api, you should put https://analysis.windows.net/powerbi/api/.default in the scope.
Parse the token:
I have an API developed in PHP for my Flutter web app. I am using this API to fetch all the data. But, I can see all the requests made to the server.
Is there any way to hide/restrict any unauthorized person to use my API? I am using HTTP library to make calls from my flutter app to API. I just want to hide those calls to web API. I have seen some websites do that. Since the server code and website code in those websites are in the same directory it can be accessed directly without having to make a request to the webserver.
Two problems I see are
You are able to see all the request made to backend server from your web page and you want to hide them.
The answer to this is No you cant. I say this based on my search in google and some posts in SO like this
You may think about disabling the developers tools. The answer is No and maybe with unknown side effects.
Is there any way to hide/restrict any unauthorized person to use my API?
The answer to this question is yes and can be done in many approaches. Like you said token based authorization has its own issue with keys being leaked and thats why there is always validity associated with it and should be considered. There are mechanisms such as refresh tokens to renew tokens etc.
The first and foremost thing I would do is enable CORS mechanism in your sever where the server will only allow request from very specific domains to be processed. More details available here
This is my very first application I'm developing for an internal business requirement and I'm needing some help getting started.
So far I have found their documentation to be quite low in terms of standards but with a lot of Googling and research, I've managed to get a successful request producing an Access Token.
I have used Composer to download Guzzle and create a little code that listens to a GET request and I POST some details up and received the token. Great!
What now? It looks like I need to register a web hook but first I want to start with listing hooks - just to get a feel for what I need to do next.
I'm looking to retrieve order details each time a order is placed.
Questions:
I have a oauth.php file hosted on a SSL host which is called when I install a app. This gives me a token. Do I straight after receiving the token, register the web hook?
If that is a yes, do I now create a webhook.php file which listens for orders placed in real time?
If that is a yes, do I need to run the same code I have in oauth, to check if I'm allowed and if so, listen to the call and process?
Once you have an access token, you can create/list webhooks at any time. According to the sparse documentation, your access token will expire in 30-60 days, so you will need to eventually renew it.
Once you have created the webhook you will need a script in place to receive the incoming data from BigCommerce. If the webhook receives an HTTP code other than 200 from the script, it will attempt to repeat the request with a delay, and after a number of failures will eventually mark the hook as inactive.
You don't need any oauth related code on the script that is being triggered by webhooks. If you do want some form of authentication to verify the source of the data, look into the documentation on sending custom headers with the webhook requests. When the webhook triggers it will send a JSON object that contains the scope and ID of the resource that was changed.
It should be noted that while you need an HTTPS URL for both the oauth process and the webhook triggers, the webhook triggers will not work unless your SSL has all intermediate certificates loaded. You can get through the OAuth process without this, but the hooks will simply not work, to the extent of not even hitting your servers access logs.
I am implemented In App Billing for android.I wanted to implement subscription validity checking through my backend server. As Google Play Documentation, for making call for Google Play API,need authentication using oauth 2.0.
I followed instructions for registering project and creating credentials. But from there I have no idea how to use those credentials, I tried authentication via CURL request, but it asking permission as shown in follwing image
This permissions works fine I can exchange code and get access token, but all this done by manually, how should I implement this on backend.
I even try to use google api php library provided by Google, but It adds confusion. Also they didn't provide any example, how to use library.
Can anybody elaborate how exactly use library or pure php?
Thanks in advance.
To perform LVL and/or IAB validation on a server, do not access Google servers directly from the server. Even if all information were available, you would face integrity problems, because your app and your server will see different information due to synchronization latencies.
Instead, use your app as a proxy and validate the Google Play information on your server as described here.
I'm using the Zend Framework, specifically the Zend_Feed class, to grab the Facebook XML feed at http://www.facebook.com/feeds/page.php?format=rss20&id=120635284755 and merge it with a similar Twitter feed for display on a website.
The problem is that while I can grab the feed absolutely fine from both my local and remote testing servers, when I launch the app live at [http://www.pycsam.com.au], it is receiving a 403 response code.
Until I work out what is going wrong, I am mirroring the Facebook feed through my testing server, which proves that it works just fine, but it's not a good long-term solution since it requires an extra request.
Is anybody able to tell me why I would be receiving a different response from the Facebook server when the request is coming from different servers?
Many thanks in advance!
403 means "Forbidden". This can have any number of reasons:
You need to authenticate at some point, and the authentication doesn't work
The IP you are making the request from is blocked by Facebook's servers for some reason
There is a proxy somewhere in between blocking access (rather unlikely I'd say)
you may be able to get more detailed info by checking what the request body has to say.