API Endpoints in Strapi V4 - strapi

I'm new to Strapi and Following Strapi Tutorial Playlist in Youtube.Youtube Playlist is old and He is using Strapi V3. But Current Version is 4.0.5. I facing problem in using API Endpoint.
I created Collection type and named it as Posts.I even published it.When I navigate to http://localhost:1337/api/posts, It returns
{
"data": null,
"error": {
"status": 403,
"name": "ForbiddenError",
"message": "Forbidden",
"details": {}
}
}
Does somebody help me please?

If you try to retrieve the data as a public user, then you need to go to roles and set the appropriate rights.
Settings -> Users & Permissions -> Roles -> Public -> Posts
then make sure find and fineone are checked.

For me, the problem was that I needed to set a scope for the auth configs of the route.
Like this (please note the scope):
routes: [
{
method: 'GET',
path: '/custom-route',
handler: 'custom-controller.getCustomMethod',
config: {
policies: [],
auth: {
scope: ['find'],
},
},
},
],

Related

Creating a new user from postman in Strapi v4

I need to create a new user using postman
I use the address: http://localhost:1337/api/users, make a POST request to it with the following data:
{
"data": {
"username": "Rafael",
"email": "rafael#rafael.com",
"password": "1234",
"confirmed": false,
"blocked": false
}
}
But I get
{
"data": null,
"error": {
"status": 500,
"name": "InternalServerError",
"message": "Internal Server Error"
}
}
And in VS Code I get: error: Forbidden access
What could it be?
Forbidden access 403, can be caused by several things:
You didn't pass API token (jwt) to the request header (Bearer token)
You have to allow the user/admin role to access User collection.
You can find all the config in the Admin Panel Settings menu.
Create and manage API token in Strapi: https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/api-tokens.html#api-tokens
Configure admin role access: https://docs.strapi.io/user-docs/latest/users-roles-permissions/configuring-administrator-roles.html
Configure end-user role access: https://docs.strapi.io/user-docs/latest/users-roles-permissions/configuring-end-users-roles.html
Hope it helps!

Sharing app content to stage - Insufficient RSC permission

sharing the content of our app hasn't worked for a week.
Using the Teams WebApp we are getting the following errors in the developer console:
CID[main] ShareExtensibleAppButtonContainer: Installed app is undefined or doesn't have authorization
Insufficient RSC permission for appId:'XXXXXXX' with isChannelMeeting: false
it worked last month, and nothing was changed from our side.
I tried to set the following permissions, but it has had no effect.
"authorization": {
"permissions": {
"orgWide": [],
"resourceSpecific": [
{
"name": "MeetingStage.Write.Chat",
"type": "Delegated"
},
{
"name": "ChannelMeetingStage.Write.Group",
"type": "Delegated"
}
]
}
}
could anyone help me to get it working?
Thank you

403 Forbidden on Microsoft Teams RSC graph api calls, except on own tenant

I'm working on a Microsoft Teams tab and am planning to use some of the new RSC endpoints to retrieve members of the Team/group the app has been added to.
I have followed all steps from the RSC docs looked at the RSC sample code but still have an issue making Graph API calls to the beta rsc endpoints.
I have listed the RSC permission in the Teams manifest:
"webApplicationInfo": {
"id": "{AD_APP_CLIENT_ID}",
"resource": "https://notapplicable"
},
"showLoadingIndicator": true,
"authorization": {
"permissions": {
"orgWide": [],
"resourceSpecific": [
{
"name": "Member.Read.Group",
"type": "Application"
},
{
"name": "TeamSettings.Read.Group",
"type": "Application"
},
{
"name": "ChatSettings.Read.Chat",
"type": "Application"
},
{
"name": "ChatMember.Read.Chat",
"type": "Application"
},
{
"name": "ChannelSettings.Read.Group",
"type": "Application"
},
{
"name": "TeamMember.Read.Group",
"type": "Application"
}
]
}
}
Query Graph API like so:
GET https://graph.microsoft.com/beta/teams/{{group_id}}/channels/{{channel_id}}
Authorization: Bearer {{access_token}}
content-type: application/json
Where access_token is retrieved like so:
POST https://login.microsoftonline.com/{{ad_tenant_id}}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id={{ad_app_client_id}}&client_secret={{ad_app_client_secret}}&scope=https://graph.microsoft.com/.default
When I make the GET request to a group+channel which is in the same AAD as where the AAD Application is registered it works fine and information is returned. However, when I run the exact same code on a group+channel which is in a different AD it returns 403 Forbidden.
{
"error": {
"code": "Forbidden",
"message": "Missing role permissions on the request. API requires one of 'TeamMember.Read.All, TeamMember.ReadWrite.All, Group.Read.All, Group.ReadWrite.All, TeamMember.Read.Group, Member.Read.Group'. Roles on the request 'Group.Selected'. Resource specific consent grants on the request ''.",
"innerError": {
"date": "2022-04-06T14:13:26",
"request-id": "ce212ed2-48dc-4a8e-a7ea-4172d0cfd4c4",
"client-request-id": "ce212ed2-48dc-4a8e-a7ea-4172d0cfd4c4"
}
}
}
The response mentions "Resource specific consent grants on the request ''." which seems to suggest it's either missing a header or another access token.
As mentioned before, this exact same code works perfectly fine when I use a group_id and channel_id from within the same AD tenant.
What other steps need to be done to get RSC calls working?

Problem with create team with Microsoft Graph Api

I have a problem with creating teams using the Microsoft Graph Api. I can get/create groups but when I try to get/create teams I get an error. I'm using postman and the group has owners and members, just as the documentation of MS, also has the permissitions it asks for groups. If somebody can help me, cause I look everywhere for a same error but no found it.
PUT https://graph.microsoft.com/v1.0/groups/{id}/team
Headers: Authorization: bearer token and content-type: json
Body is
{
"memberSettings": {
"allowCreateUpdateChannels": true
},
"messagingSettings": {
"allowUserEditMessages": true,
"allowUserDeleteMessages": true
},
"funSettings": {
"allowGiphy": true,
"giphyContentRating": "strict"
}
}
I always get the same error
{
"error": {
"code": "BadGateway",
"message": "Failed to execute backend request.",
"innerError": {
"request-id": "45eeba8a-9d35-45e8-b42e-c60da7a47dde",
"date": "2020-01-23T21:55:44"
}
}
}
According to the Graph API docs for this, you're not calling the correct endpoint to create a new Team. It should be
POST https://graph.microsoft.com/beta/teams
and a payload similar to
Content-Type: application/json
{
"template#odata.bind": "https://graph.microsoft.com/beta/teamsTemplates('standard')",
"displayName": "My Sample Team",
"description": "My Sample Team’s Description",
"owners#odata.bind": [
"https://graph.microsoft.com/beta/users('userId')"
]
}
Note that it's slightly different, as per the docs, whether you're using delegated versus application permissons.

Microsoft Graph - Can't read/write the calendar of other users

I have a web app registered on Azure with the goal of being able to read and write the calendars of other users. To do so, I set these permissions for this app on Azure.
However, when I try to, for example, create a new event for a given user, I get an error message. Here's what I'm using:
Endpoint
https://graph.microsoft.com/v1.0/users/${requester}/calendar/events
HTTP Header
Content-Type application/json
Request Body
{
"subject": "${subject}",
"body": {
"contentType": "HTML",
"content": "${remarks}"
},
"start": {
"dateTime": "${startTime}",
"timeZone": "${timezone}"
},
"end": {
"dateTime": "${endTime}",
"timeZone": "${timezone}"
},
"location": {
"displayName": "${spaceName}",
"locationEmailAddress": "${spaceEmail}"
},
"attendees": [
{
"emailAddress": {
"address": "${spaceEmail}",
"name": "${spaceName}"
},
"type": "resource"
}
]
}
Error message
{
"error": {
"code": "ErrorItemNotFound",
"message": "The specified object was not found in the store.",
"innerError": {
"request-id": "XXXXXXXXXXXXXXXX",
"date": "2018-07-11T09:16:19"
}
}
}
Is there something I'm missing? Thanks in advance for any help!
Solution update
I managed to solve the problem by following the steps described in this link:
https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service
From your screenshot it's visible that you used application permission (although it'd be nice to include this information in your question):
Depending on kind of the permission you have given, you need to use proper flow to obtain access token (on behalf of a user or as a service. For application permissions you have to use flow for service, not on behalf of a user.
You can also check your token using jwt.io and make sure it's payload contains appropriate role. If it doesn't, it's very likely you used incorrect flow.
Regarding the expiration time of it, you may have found the information about refresh token (for example here). Keep in mind that it applies only to rights granted on behalf of a user. For access without a user you should make sure that you know when your token is going to expire and request a new one accordingly.

Resources