I am trying to create webhook as per this document and this doesn't include any clue about where does the token comes from.
https://docs.flock.com/display/flockos/Create+An+Incoming+Webhook
My curl command as below
curl -X POST -H "Content-Type: application/json" https://api.flock.com/hooks/sendMessage/guid-guid -d '{"text": "This is a test message.","token":"test"}'
Error message:
{"error":"InvalidParameter","description":"A required parameter for the method call is missing or invalid","parameter":"token"}
Can someone point me what's missing here.
Flock gives you the token for the webhook when you finish adding a new one at https://dev.flock.com/webhooks
You can look it up again when you're done by going to the edit option for the webhook you've added; at the moment the token is given at the bottom of the page:
Webhook URL
Send your JSON payload to this URL
[your-token-here]
Related
I am building an Github OAuth app and attempting to see if I can validate the access_token returned by github upon login. The access_token is returned by github by making a POST call to the end point https://github.com/login/oauth/access_token and passing in CLIEND_ID and CLIENT_SECRET provided by github. Using this access_token, we can then access users information. My main question is, is there an end point to validate this token? I wanted this because I am running a node server which accesses files on github. As of now, the node end point is open and anyone can just call the functions in it. In each function, I would like to check if the user has a valid token or not before returning data to them and as such, have some form of security to my node API.
This is how I get the access_token in node
const params = "?client_id="+CLIENT_ID+"&client_secret="+ CLIENT_SECRET +"&code="+req.query.code;
await fetch("https://github.com/login/oauth/access_token"+params,{
method: "POST",
headers:{
"Accept": "application/json"
}
}).then((response) => {
return response.json();
}).then((data)=> {
res.json(data);
});
I have tried the following cURL end points, and it does return data
curl -H 'Authorization: token myGitHubAccessToken' https://api.github.com/user/repos
reference: https://onecompiler.com/questions/3uxsn58yz/how-to-test-a-github-access-token-is-valid
The above command does return data and my client ID, so it is somewhat useful. However, the access_token, which github returns a new one every time the user logs in, it itself seems to never expire. So I can copy a previously returned token to get the same data dump in the above command. I had read whats the lifetime of Github OAuth API access token that the token never expires, but then that itself is an issues. Is there some other method I should use to get around this issue? I dont want my API's to be open. If I could validate the access_token provided by github in every one of the node functions and also have it expire upon logging out, the issue will be resolved.
Also tried some options mentioned here: https://developer.github.com/changes/2/
of which, https://docs.github.com/en/rest/apps/oauth-applications?apiVersion=2022-11-28#check-a-token
made the most sense to me. But the cURL command given on that page:
curl \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>"\
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/applications/Iv1.8a61f9b3a7aba766/token \
-d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'
does not seem to work. It returns Bad Data.
Please advise! Thank you!!
Found the answer:
To check access token:
curl -H 'Authorization: token access_token' https://api.github.com/user/repos
The above command returns repos. For me, this is enough because I just want some reply from github using the token thats not a 404
To delete the token:
curl \
-X DELETE \
-H "Accept: application/vnd.github.v3+json" \
-u CLIENT_ID:CLIENT_SECRET \
https://api.github.com/applications/CLIENT_ID/token \
-d '{"access_token":"ACCESS_TOKEN"}'
Reference: Remove/revoke GitHub OAuth 'access_token'
Apologies for the bad editing. Cant get it to look just right.
I am trying to get a response from Microsofts Office 365 Management API using bash curl commands-
I get the token like this-
TOKEN=$(curl -X POST "https://login.microsoftonline.com/$TENANTID/oauth2/token" -d "grant_type=client_credentials&client_id=$CLIENTID&client_secret=$ACCESSCODE&resource=$RESOURCEURL" | jq -r '.access_token')
And then use the token to fetch the data like this-
RESULT=`curl -X GET -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" https://manage.office.com/api/v1.0/$TENANTID/ServiceComms/Services`
I do get a token back with the first command, so that works fine and my tenant/client/resource strings are correct
But the second one always gives
{
"error":{
"code":"","message":"Authorization has been denied for this request."
}
}
I pretty sure I have access-
What am I missing?
Turns out the resource URL i was using did not match the URL i was requesting data from
I have tried both key 1 and key 2 from the Azure Resource Management > Keys page with the following, where foo is a direct copy/paste:
curl -X POST "https://api.cognitive.microsoft.com/sts/v1.0/issueToken?Subscription-Key=foo" --data ""
curl -X POST "https://api.cognitive.microsoft.com/sts/v1.0/issueToken" -H "Ocp-Apim-Subscription-Key: foo" --data ""
In both cases I get:
{ "statusCode": 401, "message": "Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription." }
Is there something I need to configure so I can I retrieve access tokens for my subscription? My ultimate goal is to use the access token to authenticate with a Custom Speech Service Endpoint. Thanks!
For some reason this URL worked instead of the one in the documentation:
https://westus.api.cognitive.microsoft.com/sts/v1.0/issueToken
Here's the complete command:
curl -X POST --header "Ocp-Apim-Subscription-Key:foo" --data "" "https://westus.api.cognitive.microsoft.com/sts/v1.0/issueToken"
Just trying to play with google app scripts. In anonymous mode things seem fine. Except that anyone can call my script simply like that snippet shows:
curl "https://script.google.com/macros/s/.../exec?ip=\"$myIp\""
I used this manual for tips on how to authenticate through GoogleLogin. The problem is "401 Unauthorized" I received when sent auth token and "Me(owner)/Only myself" options were set on google side. (The token seems correct itself. If I omit password or mistype it, then I receive "Bad auth") If I set "Anyone, even anonymous" again, it works, but auth stuff seems like ignored. What's the correct way to do the trick?
#!/bin/bash
gmail=$1
password=$2
myIp=$3
GoogleAuthToken=""
GoogleAuthToken=`curl --silent https://www.google.com/accounts/ClientLogin --data-urlencode Email=$gmail \
--data-urlencode Passwd=$password -d accountType=GOOGLE -d source=YouDontSay -d service=lh2`
echo $GoogleAuthToken
GoogleAuthToken=$(echo "$GoogleAuthToken" | grep 'Auth=' | sed s/Auth=//)
echo $GoogleAuthToken
curl -L --silent --header "Authorization: GoogleLogin auth=$GoogleAuthToken" "https://script.google.com/macros/s/.../exec?ip=\"$myIp\""
You use ClientLogin
https://www.google.com/accounts/ClientLogin
This is google error :
Important: ClientLogin has been officially deprecated since April 20,
2012 and is now no longer available. Requests to ClientLogin will fail
with a HTTP 404 response. We encourage you to migrate to OAuth 2.0 as
soon as possible.
I using curl to send a SOAP request to a web service and get the response using shell scripting. please find below the command i am using:-
curl -H "Content-Type: text/xml; charset=utf-8" -H "SOAPAction:" -d #sample_request.txt -X POST http://someWebServiceURL
I am getting an error response which says no SOAPAction header.
PFB the response body part
<soapenv:Body>
<soapenv:Fault>
<faultcode>Client.NoSOAPAction</faultcode>
<faultstring>WSWS3147E: Error: no SOAPAction header!</faultstring>
</soapenv:Fault>
</soapenv:Body>
Any help is appreciated !!
You need to provide the name of the SOAP action. You have:
-H "SOAPAction:"
Supply the name of the action in there. E.g.
-H "SOAPAction: http://my_example/my_action"
Get the name of the action from the WSDL if you have one. E.g., see How do you determine a valid SoapAction?.
From the WSDL of the service, you can find the SoapAction. And you can find the operation you're trying to invoke and access the WSDL by opening a web browser to the URL of the service.
Using the curl to invoke the SoapAction, you should specify the Action by "-H", such as -H SOAPAction: http://tempuri.org/Execute.