Currently i am redirecting order amount to merchant account that is working fine
but now when i perform refund operation getting persmission error
steps i followed :
gettting access token of merchant from his/her refresh token(stored in database) (using https://api-m.sandbox.paypal.com/v1/identity/openidconnect/tokenservice API)
now using above token(from step 1) for refund process in below API
https://api.sandbox.paypal.com/v2/payments/captures/{captureId}/refund where
captureId : got from order details
response of refund api :
{
"name": "NOT_AUTHORIZED",
"message": "Authorization failed due to insufficient permissions.",
"debug_id": "60091a8e09195",
"details": [
{
"issue": "PERMISSION_DENIED",
"field": "capture_id",
"value": "90Y75959CH863854A",
"description": "You do not have permission to access or perform operations on this resource.",
"location": "path"
}
],
"links": [
{
"href": "https://developer.paypal.com/docs/api/payments/v2/#error-PERMISSION_DENIED",
"rel": "information_link"}
]}
can someone help me to find what mistake am i doing ? and how can i resolve this issue ?
To determine which scopes you should try asking for during authorization, do a normal access_token request using your own credentials and look at the scopes variable returned.
https://uri.paypal.com/services/payments/refund seems relevant.
Related
I want to display all customers review on my web page. For that, I refer Get a review in the documentation.
But I am confused about account_name in the following request
https://mybusiness.googleapis.com/v4/accounts/account_name/locations/location_name/reviews
What value should i use for account_name?
Account_name = the name of the account you want to get data for
Location_name = the name of the location that you want to get reviews for
Use accounts list to find a list of accounts the current user has access to. Use locations list with account to find a list of the locations for that account
As you can see by the documentation accounts list returns a list of account objects.
Accounts.list
{
"accounts": [
{
object(Account)
}
],
"nextPageToken": string
}
An account resource contains a list of account_name's for the user who is currently authenticated.
{
"name": string,
"accountName": string,
"type": enum(AccountType),
"role": enum(AccountRole),
"state": {
object(AccountState)
},
"profilePhotoUrl": string,
"accountNumber": string,
"permissionLevel": enum(PermissionLevel),
"organizationInfo": {
object(OrganizationInfo)
}
}
Access
Remember you must fill out the form and request access to this api here
Authorization
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
Means that your request must be authenticated before you can use this method. YOu cant access private user data without the permission of the user who owns the data. Oauth I recommend you find the client library for your chosen language and look for information on how to authenticate using oauth2
I'm using Google Play Android Developer API. I access it from server with service account. I have private key and got access token with it.
I use scope https://www.googleapis.com/auth/androidpublisher. And when I ask subscription info, I got 401 error:
"error": {
"errors": [
{
"domain": "androidpublisher",
"reason": "permissionDenied",
"message": "The current user has insufficient permissions to perform the requested operation."
}
],
"code": 401,
"message": "The current user has insufficient permissions to perform the requested operation."
}
But when I use other queries with the same token and with the same scope, I got successfull responses. For example, I can successful get voided purchases list or info about inapp product:
200 OK
{
"packageName": "com.myapp.exapmle",
"sku": "subscr_month",
"status": "active",
"purchaseType": "subscription",
"defaultPrice": {
"priceMicros": "149000000",
"currency": "RUB"
}
What could be the cause of the problem? I added this service account to developer console and provided all permissions (administrator access).
I have a web app registered on Azure with the goal of being able to read and write the calendars of other users. To do so, I set these permissions for this app on Azure.
However, when I try to, for example, create a new event for a given user, I get an error message. Here's what I'm using:
Endpoint
https://graph.microsoft.com/v1.0/users/${requester}/calendar/events
HTTP Header
Content-Type application/json
Request Body
{
"subject": "${subject}",
"body": {
"contentType": "HTML",
"content": "${remarks}"
},
"start": {
"dateTime": "${startTime}",
"timeZone": "${timezone}"
},
"end": {
"dateTime": "${endTime}",
"timeZone": "${timezone}"
},
"location": {
"displayName": "${spaceName}",
"locationEmailAddress": "${spaceEmail}"
},
"attendees": [
{
"emailAddress": {
"address": "${spaceEmail}",
"name": "${spaceName}"
},
"type": "resource"
}
]
}
Error message
{
"error": {
"code": "ErrorItemNotFound",
"message": "The specified object was not found in the store.",
"innerError": {
"request-id": "XXXXXXXXXXXXXXXX",
"date": "2018-07-11T09:16:19"
}
}
}
Is there something I'm missing? Thanks in advance for any help!
Solution update
I managed to solve the problem by following the steps described in this link:
https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service
From your screenshot it's visible that you used application permission (although it'd be nice to include this information in your question):
Depending on kind of the permission you have given, you need to use proper flow to obtain access token (on behalf of a user or as a service. For application permissions you have to use flow for service, not on behalf of a user.
You can also check your token using jwt.io and make sure it's payload contains appropriate role. If it doesn't, it's very likely you used incorrect flow.
Regarding the expiration time of it, you may have found the information about refresh token (for example here). Keep in mind that it applies only to rights granted on behalf of a user. For access without a user you should make sure that you know when your token is going to expire and request a new one accordingly.
I'm trying to make a call to Google Reports API with a service account.
I follow this code example : https://godoc.org/golang.org/x/oauth2/google#JWTConfigFromJSON
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Access denied. You are not authorized to read activity records."
,
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Access denied. You are not authorized to read activity records."
}
}
I'm pretty sure it is on Google configuration side but :
I created the service account
I downloaded the JWT
I authorized the needed scopes
Then I try to call this URL : https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/login
What could I have forget ?
Thanks for helping me.
Fixed it. Needed to explicitly specify the subject value.
I now follow the Service Account example : https://godoc.org/golang.org/x/oauth2/google
I am developing an application for the Google Apps Marketplace.
I use the Licensing API to retrieve the notifications. I need to get the information about admin, who installed the app, but the API doesn't provide me with this.
The solution I found is to use the Directory API to search users, but I get an error
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Not Authorized to access this resource/api"
}
],
"code": 403,
"message": "Not Authorized to access this resource/api"
}
}
What is wrong with my request?
Are there any other solutions to get the information about admin?
The auth scopes:
- "email"
- "profile"
- "https://www.googleapis.com/auth/drive"
- "https://www.googleapis.com/auth/drive.file"
- "https://www.googleapis.com/auth/admin.directory.user.readonly"
- "https://www.googleapis.com/auth/admin.directory.group.readonly"