The API request I am calling from Postman is
https://accounts.eu1.gigya.com/accounts.notifyLogin?UIDSig=[dummy_UIDSig]&UIDTimestamp=1608199002&UID=2e607bf09ce12874a909c5c1513fa437&apiKey=[API_of_the_site]&siteUID=[site_uid]
for me, the issue seems to be in UIDSig (not sure how to create it),
and getting bellow response
{
"callId": "c1f16c61f09d4be5962c2ab046396cbf",
"errorCode": 403003,
"errorDetails": "invalid request signature",
"errorMessage": "Invalid request signature",
"apiVersion": 2,
"statusCode": 403,
"statusReason": "Forbidden",
"time": "2020-12-17T10:21:00.966Z"
}
Many Thanks.
You only pass UID Signature when on a mobile device, otherwise you pass providerSessions - which is the data you received from the social network. For generating a signature, it would require something similar to this (and should only EVER be done on the server, as it requires using your secret key):
string constructSignature(string timestamp, string UID, string secretKey) {
baseString = timestamp + "_" + UID; // Construct a "base string" for signing
binaryBaseString = ConvertUTF8ToBytes(baseString); // Convert the base string into a binary array
binaryKey = ConvertFromBase64ToBytes(secretKey); // Convert secretKey from BASE64 to a binary array
binarySignature = hmacsha1(binaryKey, binaryBaseString); // Use the HMAC-SHA1 algorithm to calculate the signature
signature = ConvertToBase64(binarySignature); // Convert the signature to a BASE64
return signature;
}
Related
I just created a proto file like this
service Customer {
rpc SubmitCustomer(SubmitCustomerRequest) returns (SubmitCustomerResponse) {}
}
message SubmitCustomerRequest {
string name = 1;
map<string, google.protobuf.Any> details = 2;
}
message SubmitCustomerResponse {
int64 id = 1;
}
The code itself works when I called this from the client. But, I'm having trouble with testing it directly from bloomrpc or postman.
{
"name": "great name",
"details": {
"some_details": "detail value",
"some_int": 123
}
}
it throws me this error when I tried to hit it
.packets.SubmitCustomerRequest.details: object expected
I think I'm aware that the problem is with the details syntax format when I hit it on postman, but I'm not sure what the correct format is supposed to be. I've tried modifying it with any other possible format and none works either.
rpc CreateBook(CreateBookRequest) returns (Book) {
option (google.api.http) = {
post: "/v1/{parent=publishers/*}/books"
body: "book"
};
}
message CreateBookRequest {
// The publisher who will publish this book.
// When using HTTP/JSON, this field is automatically populated based
// on the URI, because of the `{parent=publishers/*}` syntax.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "library.googleapis.com/Book"
}];
Book book = 2 [(google.api.field_behavior) = REQUIRED];
string book_id = 3;
}
I don't understand post: "/v1/{parent=publishers/*}/books"
I thought publishers was a field in CreateBookRequest, then it populates to http, so it is something like this
post: "/v1/parent=publishers_field_value/books"
But publishers is not a field in CreateBookRequest
No, publishers is part of the expected value of the parent field. So suppose you have a protobuf request like this:
{
"parent": "publishers/pub1",
"book_id": "xyz"
"book": {
"author": "Stacy"
}
}
That can be transcoded by a client into an HTTP request with:
Method: POST
URI: /v1/publishers/pub1/books?bookId=xyz (with the appropriate host name)
Body:
{
"author": "Stacy"
}
If you try to specify a request with a parent that doesn't match publishers/*, I'd expect transcoding to fail.
That's in terms of transcoding from protobuf to HTTP, in the request. (That's the direction I'm most familiar with, having been coding it in C# just this week...)
In the server, it should just be the opposite - so given the HTTP request above, the server should come up with the original protobuf request including parent="publishers/pub1".
For a lot more information on all of this, see the proto defining HttpRule.
So I'm trying to use the Youtube Data API with Kotlin + Spring Boot and I've been struggling a bit.
For now, I'm using hardcoded values for the api_key and the access_token for test purposes.
I'm trying to send a request to list my playlists but I keep getting this error:
"error": {
"code": 403,
"message": "The request is missing a valid API key.",
"errors": [
{
"message": "The request is missing a valid API key.",
"domain": "global",
"reason": "forbidden"
}
],
"status": "PERMISSION_DENIED"
Here's my code:
Controller:
#RestController
class PlaylistController(
private val youtubeService: YoutubeService
) {
#GetMapping("/playlists")
fun getPlaylists() : YoutubePlaylistResponse {
return youtubeService.getPlaylists()
}
}
Service:
#Service
class YoutubeService(
private val youtubeClient: YoutubeClient
) {
fun getPlaylists() = youtubeClient.getPlaylists(
access_token = "[ACCESS_TOKEN]",
api_key = "[API_KEY]"
)
}
Client
#FeignClient(name = "youtube", url = "https://www.googleapis.com/youtube/v3")
interface YoutubeClient {
#GetMapping("/playlists")
fun getPlaylists(
#RequestHeader("Authorization", required = true) access_token: String,
#RequestParam("api_key") api_key: String,
#RequestParam("part") part: String = "snippet",
#RequestParam("mine") mine: Boolean = true
): YoutubePlaylistResponse
}
Any thoughts on what I'm doing wrong?
PS: I'm getting the acess_token through the OAuth 2.0 Playground
Edit:
I was calling api_key but it's actually only key.
But now I'm getting a new problem:
"error": {
"code": 401,
"message": "The request uses the \u003ccode\u003emine\u003c/code\u003e parameter but is not properly authorized.",
"errors": [
{
"message": "The r... (464 bytes)]] with root cause
Apparently, it's because I'm trying to access my playlists and it says that I don't have the permission, but when I do the same request using cURL I get an appropriate response. Any thoughts on this?
According to the API documentation, the parameter should be called key rather than api_key:
Every request must either specify an API key (with the key parameter) or provide an OAuth 2.0 token. Your API key is available in the Developer Console's API Access pane for your project.
Source: https://developers.google.com/youtube/v3/docs
I have a signed transaction and I want to verify that it is signed by the account ID that exists on NEAR.
The question is three-fold:
Check the transaction hash. Serialize the transaction with Borsh and compute sha256, it should match the transaction.hash.
Verify that the signature is valid for the given public key. Use any available tools that can verify the given signature type. There is ed25519 package in Python, so here is the example:
import ed25519
import base58
transaction = {
"hash": "EzvvJEqdxKA62oAjG32y5herDtRGYEdmZXHDDyxorJ48",
"public_key": "ed25519:oNCFEmRotRHTySKqmAwifNZ8VRpYS973p8cL61y7eiE",
"signature": "ed25519:46WsywQYe31isWcHASrnR2pYCja4Mtjzs4n87isrTHWyDdX5uwrUaUn4SbhY9BMwWKvWwdcuyCjMsXdkXdPJv8ko",
}
pk_bytes = base58.b58decode(transaction['public_key'][len('ed25519:'):])
pk = ed25519.VerifyingKey(pk_bytes)
# OK:
pk.verify(
sig=base58.b58decode(transaction['signature'][len('ed25519:'):]),
msg=base58.b58decode(transaction['hash'])
)
# Exception BadSignatureError:
pk.verify(
sig=base58.b58decode('66666666' + transaction['signature'][len('ed25519:') + 8:]),
msg=base58.b58decode(transaction['hash'])
)
Check that the key exists for the given account ID with near-shell, near-api-*, or raw RPC call:
$ http post https://rpc.nearprotocol.com method=query params:='["access_key/test/ed25519:oNCFEmRotRHTySKqmAwifNZ8VRpYS973p8cL61y7eiE", ""]' id=123 jsonrpc=2.0
{
...
"result": {
"block_height": 3297678,
"nonce": 10493,
"permission": "FullAccess"
}
}
I am using go-gin as server and trying to decode the request body. When I send request which has both the strings
{
"name": "abc"
}
The following code decodes it correctly:
var decodedBody map[string]string
err = json.NewDecoder(c.Request.Body).Decode(&decodedBody)
But if I send
{
"id": 1
}
The following code gives me a blank map
var decodedBody map[string]int
err = json.NewDecoder(c.Request.Body).Decode(&decodedBody)
Not sure what am I missing here. Any pointers?
because you set the decodeBody's data type with string,if your value is not the string value, it will not decode the correct value,{"id":1},it's value's type is int,not the string.