I am using this example to successfuly make a login connection on windows live platform:
http://code.msdn.microsoft.com/messengerconnect
(the oauth handler callback one)
I receive a token and a user id from their api, but I can't seem to understand how to fetch the user profile from these info.
Does anyone know how to do this?
There are examples in MS website, but they are all C# or javascript ones and I have to do it in PHP.
After retrieving the token and the cid I tried this, but returns me an error:
$url_string = 'http://apis.live.net/V4.1/cid-'.$user->getId().'/Profiles/';
echo("<br/>\n".$url_string);
$curl_session = curl_init($url_string);
// build HTTP header with authorization code
$curl_options = array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => array(
'Authorization: WRAP access_token=AuthToken="'.urlencode($_REQUEST['stoken']).'"',
'Accept: application/json'
)
);
// setup options for curl transfer
curl_setopt_array($curl_session, $curl_options);
// execute session and get response
$curl_response = curl_exec($curl_session);
print $curl_response;
curl_close($curl_session);
The error is this:
{"Title":"ErrorResource","Code":1062,"Message":"Request does not contain a valid PUID."}
can you guys help me retrieving the user info?
EDIT:
solved the problem by removing the =AuthToken from the authorization and it worked!
Thanks,
Joe
Yes!
made it work after hours trying lots of differents samples from ms ¬¬
the problem was the Authorization: WRAP access_token=AuthToken=
just removed the AuthToken= and it worked!
so its now like this:
'Authorization: WRAP access_token="'.$wrapper->getReturnedParameter('wrap_access_token').'"'
Related
I am working on Walmart integration to my own web application using PHP. When I tried to acknowledge my Mexico orders, I got an empty response. The data type of response is string with 0 length, error code 400. It looks like my credentials are good. Is "https://marketplace.walmartapis.com/v3/orders/{PurchaseOrderId}/acknowledge" a valid API url?
$url="https://marketplace.walmartapis.com/v3/orders/P108915403/acknowledge";
$ch = curl_init();
$qos = uniqid();
$options = array(
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 60,
CURLOPT_HEADER => false,
CURLOPT_POST =>1,
CURLOPT_HTTPHEADER => array(
"WM_SVC.NAME: Walmart Marketplace",
"WM_QOS.CORRELATION_ID: $qos",
"Authorization: Basic $authorization",
"WM_SEC.ACCESS_TOKEN:$token",
"Accept: application/json",
"Content-Type: application/json",
"WM_MARKET: mx",
),
);
curl_setopt_array($ch, $options);
$response = curl_exec($ch);
var_dump($response);
Code Snippet
After putting it aside for a few months, today I picked it up and finally got it resolved luckily and got a 202 Accepted Response with empty content(Walmart's documentation says the response to a successful call contains the acknowledged order, but it actually contains nothing except for 202 Accepted code).
When I tried to acknowledge my Mexico orders, the response is actually not empty. The header contains error message: http code 400 Bad Request. I confirmed that it is due to wrong payload structure after testing.
So "https://marketplace.walmartapis.com/v3/orders/{PurchaseOrderId}/acknowledge" is a valid API URL and is the same as US API. The difference between them is that MX site needs a well-structured payload through POST while US site does not(US API only needs an empty payload through POST).
The key point to a successful call is the structure of the payload. The structure should be like the samples in the documentation.
Pay attention to the details of the structure. Refer to the picture for the structure of payload here.
The "orderLine" and "orderLineStatus" should be declared as ARRAY instead of single element. And this is the reason why I failed to call the acknowledge API before.
Looks like you are using an old API, which has been discontinued, the same has been communicated late December 2020.
We have improved our onboarding experience with following steps:
Create an account on Walmart IO platform - https://walmart.io by clicking on the user icon just before the search box.
Login to the account and accept "Terms of Use"
Click on "Create Your Application" to create a new application and fill in appropriate details.
Use this tutorial to generate two sets of public/private keys - https://walmart.io/key-tutorial
* One set will be used for production.
* Other set will be used for stage.
Upload both public keys using - https://walmart.io/key-upload?app_name=<your app name>
Consumer ID will be generated for both sets for prod and stage which can be seen on the dashboard - https://walmart.io/userdashboard
Click on "Request Access" for Checkout APIs at https://walmart.io/reference and fill out the form.
Once the access is approved, documentation will be available for integrating with Commerce API through Walmart I/O.
We will send out client secrets for stage and prod as soon as they’re ready.
Thanks,
Firdos
IOSupport
I am new to Quickbooks API. I have found APIs list under API Exolorer link in Quickbooks. They have shown the Request URI & Request Headers that are needed for making the API call. I can understand that. But how to call that URI or how to integrate that API with PHP is not exactly specified. I tried to call the URI and get the results using curl,but it didn't succeed. I have lost lot of time for this integration. I have searched google in all possible way. But most of the results coming related to PHP SDKs. But I need to integrate the Quickbooks Online API.
The Request URI for creating an entity is looks like below.
https://{{baseurl}}/v3/company/{{companyid}}/account
Please help me to sort this out.
As most people suggested, using the PHP SDK is going to be the easier way for integrating QuickBooks Online with PHP: https://github.com/intuit/QuickBooks-V3-PHP-SDK
However, using plain PHP cURL is also possible, but a few concepts you need to understand before making the API call:
1) OAuth 1.0 protocol
It is what most developer get confused of. QuickBooks Online use OAuth 1.0 as authorization protocol. You need to spend sometime to understand how it worked. For documentation, you can read it here: https://developer.intuit.com/docs/0100_quickbooks_online/0100_essentials/000500_authentication_and_authorization/connect_from_within_your_app
However, I suggest you play with the OAuth playground, it gives you a feeling for how it looked like when you implement it: https://appcenter.intuit.com/Playground/OAuth/IA/ (fill your Consumer key and secrets, click on Connect to Quickbooks Button)
During the process, it will return something called: RealmID. That is the companyid in QBO, put it on the URL.
2) The base URL
When you create an app at developer.intuit.com, under keys tab, you will see Development Keys and Production Keys. The corresponding keys at the right side is what you need to fill for the {baseurl} part(For example, besides development keys, there is place called "Accounting Sandbox Url" : "sandbox-quickbooks.api.intuit.com"). For each API entity endpoint, refer to the documentation: https://developer.intuit.com/docs/api/accounting/customer
3) Authorization header
You are unlikely to implement it by yourself for OAuth 1.0. Twitter has a good link for how to use the Access Token and Access Token secrets from step 1) to generate signature: https://dev.twitter.com/oauth/overview/creating-signatures
You will put the signature as part of the authorization header.
If you are using POSTMAN, they have OAuth 1.0 as authorization protocol available for you. Here is an example
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://sandbox-quickbooks.api.intuit.com/v3/company/193514340994122/account/1",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"authorization: OAuth oauth_consumer_key=\"qyprdDjYtPpiEpbwFQZuUoAjubpVqm\",oauth_token=\"lvprdfblXv4LqNVhIv2WH2JebiSZgNs9POiEoCJxMwEhqbgc\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=\"1494441064\",oauth_nonce=\"cfh0b7\",oauth_version=\"1.0\",oauth_signature=\"KqpN9ximPGWnWJBaXg1Vs9urJLY%3D\"",
"cache-control: no-cache",
"postman-token: 7c570691-c6cd-a706-67a0-984c5ddb1e6a"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
I am trying to show Instagram content from a user (mines) on a website. My client-side page would make an AJAX request to my server-side script, which in turn, would do the necessary stuff to pull the content from Instagram API (using cUrl) and send back a JSON response.
Sadly, I am little bit confused with the Authentication instructions, particularly Step One: Direct your user to our authorization URL.
In order to get an access_token to work with the API, I need to pass client_id, redirect_uri, and code. I have the client_id and redirect_uri. The problem is the last item, code, which gets found after redirecting from https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=code. The redirected page will be REDIRECT-URI?code=CODE which has the CODE to use to make the request to get the access_token.
Is there a way to "automate" this last part ? Or more precisely, is it possible to make a request (using cUrl) and then grabbing this CODE
Hopefully, this is clear. Unlike other APIs, Instagram seems to make things difficult. My goal is so that when users come on the page, they will see a gallery of images from my Instagram account. They shouldn't need to log into Instagram or do anything to see these images.
Edit
$clientId = 'XXX';
$clientSecret = 'YYY';
$redirectUri = 'ZZZ';
// step 1: authorize
$url = "https://instagram.com/oauth/authorize/?client_id={$clientId}&redirect_uri={$redirectUri}&response_type=code";
try {
$ch = curl_init();
curl_setopt_array($ch, array(
CURLOPT_CONNECTTIMEOUT => 30,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_URL => $url
));
$data = json_decode(curl_exec($ch), true);
// how to get CODE from response?
curl_close($ch);
} catch(Exception $e) {
echo $e->getMessage();
}
I have the WordPress rest API
and WordPress OAuth server setup plugins setup and am trying to authenticate using http://sevengoslings.net/~fangel/oauth-explorer/
every time the call content is not giving me the OAuth token or OAuth secret that I need.
I tried these steps
https://wordpress.org/support/topic/json-rest-api-from-mobile-app-with-authentication
1. Enter base url (http(s)://your.domain.com/oauth1
2. Access token = request
3. Authorize = authorize
4. Access_Token = access
5. Enter your consumer key and secret (leave method as HMAC-SHA1)
Click Get Request Token and you get Call content
I should get this in Call Content
Call content now =
oauth_token=xxxxxxxxxxxxxxx&oauth_token_secret=xxxxxxxxxxxxxxxxxxxxx&oauth_call_back_confirmed=true
But I only get this
page not found
Here they were not able to get 3-legged OAuth1 .0a to work so they used basic OAuth which requires another plugin and is not recommended for production.
Should I be using a different signature method?
I'm looking for two curl commands to get an OAuth grant from the server and another one to trade this grant for an access token+ refresh token.
I have got this to work and I'll outline how I have done this.
I'm using the Postman application to test and perfect the API calls. I highly advise using this. Once you have got the call working you can export to PHP Curl (or whatever you need).
If you use Postman you can view my API calls using this shared link.
For the First call you are having trouble with I have the following settings
First, I made sure my endpoint URL was:
{{url}}/oauth1/request
I set my API Call to PUSH and my AuthType to OAuth 1.0
I added my consumer_key and consumer_secret that I created in the WP Backend > Users > Applications (this is added with the OAuth plugin).
Signature Method - HSAC-SHA1
Then Postman will update this and dynamically create your Nonce, Timestamp and Version.
I set my Realm as 'Example'
I then made sure that I enabled the options:
- Add Params to header
- Add empty params to signature
Here is what I get for my params:
realm="Example",oauth_consumer_key="AdPuqyWrAQQc",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1470248765",oauth_nonce="dnOTvG",oauth_version="1.0",oauth_signature="gUahTX2hfV1lqZCfMUvHtLLoauI%3D"
This provides me with the following output:
oauth_token=xbTb4E93K6pP2tcg4qGJIYgl&oauth_token_secret=qWo01WL2ish205yvjiU8qyCkKVPMNUvSbKpFBB1T1oOuOtBc&oauth_callback_confirmed=true
I can use Postman to export this API call to a cURL function and if so I get the following:
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "http://mydomain.dev/oauth1/request",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"oauth_consumer_key\"\r\n\r\nAdPuqyWrAQQc\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"oauth_token\"\r\n\r\n\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"oauth_signature_method\"\r\n\r\nHMAC-SHA1\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"oauth_timestamp\"\r\n\r\n1470241356\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"oauth_nonce\"\r\n\r\n7VKp4N\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"oauth_version\"\r\n\r\n1.0\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"oauth_signature\"\r\n\r\n9qRrIkDxt56S9Ikf061eFOVLAdA%3D\r\n-----011000010111000001101001--",
CURLOPT_HTTPHEADER => array(
"authorization: OAuth realm=\"Example\",oauth_consumer_key=\"AdPuqyWrAQQc\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=\"1470248765\",oauth_nonce=\"dnOTvG\",oauth_version=\"1.0\",oauth_signature=\"gUahTX2hfV1lqZCfMUvHtLLoauI%3D\"",
"cache-control: no-cache",
"content-type: multipart/form-data; boundary=---011000010111000001101001",
"postman-token: dd85258e-a72a-b731-82d1-00109e30962f"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo 'response ' . $response;
$a = parse_str($response);
echo 'token ' . $oauth_token;
echo '<br>';
echo 'secret '. $oauth_token_secret;
}
This is step 1 of a 3 step process for OAuth Authentication. I'm just starting out on my journey to connect them all. There is not much documentation out there and not many examples.
Step 2 looks like a call to /oauth1/authorize with the provided token and secret. This looks like it then requires a user login and a new (and permenant) token and secret is created.
Step 3 looks like a call to /oauth1/access
I haven't succesfully got Step 2 and Step 3 to link together correctly, but I thought I should post to help with the original query about the first step not returning the correct tokens
This article is one of the better ones out there explaining how to use WP-API and OAuth.
I am writing a PHP application that's supposed to allow users to add certain events to a private Google Calendar. The calendar is owned by me, and I need a way for PHP to communicate with the calendar API using fixed credentials (everyone can add events using a form on the website, but the calendar itself is not publicly visible).
From what I have read, this is possible using ClientLogin in the v1 API. In the v3 API, however, the available options are OAuth2.0 or the API key. Using the API key doesn't seem to work, since it can only be used for requests that don't require authorization, and OAuth doesn't seem right either, because users are not supposed to access their own calendars, but the one my application uses.
I thought about getting the OAuth token programatically, but that's bound to break sooner or later, since the OAuth dialog can use captchas.
This seems to be such a standard use case — a web application that lets users interact with a single calendar in some predefined ways — yet I can't find any documentation on how to make it happen in the v3 API. Can anyone help me?
I have found a solution that I think that is "the official" for what you want to do.
First, you have to activate a Google API "Client ID for installed applications".
Go to the Google API console and create the project.
Then, activate the calendar.
Go to the "API access" option, and use the "Create OAuth 2.0 client" button.
Give a name (and a logo, if you want) to the product. Click "next".
Choose the "Installed application" option and click "Create Client Id".
Now you have your access configurated. Now, you will need some codes. To obtain them:
*The "Authentication Code". To get it, you need the following information:
SCOPE: https://www.google.com/calendar/feeds/ (if you want to access the calendar API. There are others you can find them at the OAuth 2.0 Playground)
CLIENT_ID: You will find it at the API Access Section at the Google API Console.
REDIRECT_URI: Get it at the same place.
Now, copy the following code into a file, put the values into the variables, execute the code (php -q script_name.php), and go to the URL printed.
<?php
$scope = '';
$client_id = '';
$redirect_uri = '';
$params = array(
'response_type' => 'code',
'client_id' => $client_id,
'redirect_uri' => $redirect_uri,
'scope' => $scope
);
$url = 'https://accounts.google.com/o/oauth2/auth?' . http_build_query($params);
echo $url."\n";
?>
The web page will ask you to allow the access. Do it, and you will get a code, which is your Authentication Code.
*The "Refresh Code". To get it, you will need:
The data you used before, plus the "client secret" code in the API Console, between the "client id" and the "redirect URI".
As you did before, copy the following code, and put the variables in place (the code field is the Authentication Code).
Execute and the result is the "Refresh Token".
<?php
$url = 'https://accounts.google.com/o/oauth2/token';
$post_data = array(
'code' => '',
'client_id' => '',
'client_secret' => '',
'redirect_uri' => '',
'grant_type' => 'authorization_code',
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
$token = json_decode($result);
echo $token->refresh_token . "\n";
?>
At this moment, you have all you need. Be careful if one day you change the Authentication Code. You will have to get new keys.
To access a calendar service, here you have the example:
Change the variable values before using it.
This example gets the primary calendar events, but you can change the address for any in the calendar API (http://code.google.com/intl/ca/apis/calendar/v3/getting_started.html#background_operations)
<?php
$scope = 'https://www.google.com/calendar/feeds/';
$client_id = '';
$client_secret = '';
$redirect_uri = '';
$refresh_token = '';
$token_url = 'https://accounts.google.com/o/oauth2/token';
$post_data = array(
'client_secret' => $client_secret,
'grant_type' => 'refresh_token',
'refresh_token' => $refresh_token,
'client_id' => $client_id
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $token_url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
$token_object = json_decode($result);
$access_token = $token_object->access_token;
// Get the results
$rest_url = 'https://www.googleapis.com/calendar/v3/calendars/primary/events';
$header = "Authorization: OAuth " . $access_token;
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, array($header));
curl_setopt($ch, CURLOPT_URL, $rest_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$rest_result = curl_exec($ch);
print_r(json_decode($rest_result));
?>
First, the script asks for an "Access Token", which is valid for an hour. Then, the script gets the REST service (any in the calendar scope), sending the access token in the header.
To give a best speed at the scrip, it would be good to store the access token in a cache until it's older than 3600 seconds. This way, the script would avoid one of the two calls.
Tips:
Visit OAuth 2.0 Playground to understand all the information sent in the OAuth process. It helped me a lot
A post by Eric Nagel in his blog gave me the solution. All the merit is to him. I can't link it since I haven't got enough "reputation".
You will need to use both the Developer Key (API Key) and OAuth2. The developer key authenticates who wrote the software and is used for things like quota which is on a per developer basis not a per user basis. OAuth2 is for user authentication and will be need to access the non-public calendar.
OAuth2 has a renew token from which you can generate a session token and this means that you will not need to screen scrape the OAuth screens to get authenticated. To get this I would write a little command line application, or you use a one off PHP page.
Under the Google Api Console go to API Access
Generate a new Client ID and choose Installed Application ( as you will be authenticating you server as you not as your user)
Either using a console app or a one off PHP page authenticate using OAuth and your google account (the one with the calendar you want access to)
In the return from the authentication there should be a renew token, (called renew or refresh or something similar). Save this string and make it available to your PHP site.
When you need to access the service your OAuth library should have a renew/refresh call. There is an example using .Net below.
private IAuthorizationState CreateAuthorization(NativeApplicationClient arg)
{
// Get the auth URL:
IAuthorizationState state = new AuthorizationState(new[] { AdsenseService.Scopes.AdsenseReadonly.GetStringValue() });
state.Callback = new Uri(NativeApplicationClient.OutOfBandCallbackUrl);
if (refreshToken.IsNotNullOrEmpty()) // refreshToken you stored in step 4
{
try
{
state.RefreshToken = refreshToken;
if (arg.RefreshToken(state)) // This is calling out to the OAuth servers with the refresh token getting back a session token, returns true if successful.
{
if (state.RefreshToken != refreshToken) // if the refresh token has changed, save it.
{
PersistRefreshToken(authorization.RefreshToken);
}
return this.authorization = state; // Retain the authorization state, this is what will authenticate your calls.
}
}
catch (ProtocolException ex) {...}
The AuthorisationState that has now been renewed can then be used to authenticate call you make to the API. this state can be used many time until it expires and then can be refreshed. As you are authenticating your application as yourself not as a user this AuthorisationState can be shared by all you sessions. Both the current AuthorisationState and the refresh token should be kept securely on your server and never sent to the client, if you ever sent these as part of a response your clients would have the same privileges as your code application
Can also be used with the Google php library. The access token for the $client->setAccessToken() function has to be formatted in the following way:
$at= '{"access_token":"' . $access_token . '",' .
'"token_type":"Bearer",' .
'"expires_in":3600,' .
'"refresh_token":"' . $refresh_token . '",',
'"created":' . time() . '}';
Where $access_token is the access token found by you and $refresh_token is the refresh token. Tested with the useless simple.php google example.
Authentication is then just:
$client->setAccessToken($at);