https://xxxx.service-now.com/api/now/v1/table/incident while we're consuming this API in postman we're getting
{
"error": {
"message": "User Not Authenticated",
"detail": "Required to provide Auth information"
},
"status": "failure"
}
Here we are given basic authentication and the JSON input like
{
"short_description":"Creating incident through Request",
"assignment_group":"287ebd7da9fe198100f92cc8d1d2154e",
"urgency":"3",
"impact":"3"
}
It basically says you are not authenticated, it either means you didnt provide correct credentials or you forgot to provide basic-auth header while querying through postman
I think the error message is pretty clear about what the problem is... you're not authenticated. You'll need to authenticate in order to utilize the API. Unless you have a complex authentication scheme going, you can probably use Basic Authentication in PostMan and use the credentials for an account which you know has access to the resource you're trying to access.
Related
My user account can use the Google Classroom web UI to see all the announcements for a given course. Trying to pull them programmatically using the Google Classroom API.
I've set up an app with Oauth consent screen covering (for test purposes) ALL the scopes listed under the Google Classroom API, and can run the consent flow with my user account to get an access token.
I can successfully GET course details by curl'ing https://classroom.googleapis.com/v1/courses/<my course ID> using the access token obtained from the oauth flow. However, when I GET https://classroom.googleapis.com/v1/courses/<my course ID>/announcements with the same token, I get the following:
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT",
"domain": "googleapis.com",
"metadata": {
"method": "google.classroom.v1.Work.ListAnnouncements",
"service": "classroom.googleapis.com"
}
}
]
}
}
Behaviour is same in using both client libraries as well as raw REST calls.
Am I missing an auth scope (I switched them all on), am I just not allowed to do this since I'm not the course owner, or am I doing something else wrong? Advice please!
You apear to be using the courses.get method
In order to access this method your application needs to be authorized with one of the following scopes.
You also appear to be using the courses.announcements.list method
This method requires that your application be authorized with one of the following scopes.
The error message "Request had insufficient authentication scopes." means exactly what it says. The access token you are using was not authorized with one of the scopes needed for the courses.announcements.list endpoint there for you can not use it.
You need to delete the access token you have now and request authorization of the user using the proper scope for this method. Always make sure to delete your old token. When changing scopes in code your app does not always request authorization again if you just change the scopes in the code. You need to force it to request authorization again.
All the scopes
you should not be requesting all of the scopes of the user only the scopes that you need. If you only need readonly access make sure not to request write.
I had forgotten that my code explicitly defines the scopes when configuring the client that then builds the oauth request URL:
config, err = google.ConfigFromJSON(b, classroom.ClassroomCoursesReadonlyScope)
Changed to
config, err = google.ConfigFromJSON(b, classroom.ClassroomCoursesReadonlyScope, **classroom.ClassroomAnnouncementsReadonlyScope**)
and it works fine.
I am trying to test the Google Cloud Logging API on the "Try this API" feature that Google Cloud Platform has on their documentation, but I get this response back:
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
I know that my response body is correct because it works with OAuth 2.0 but fails when I use API Key.
Auth 2.0:
Working request using OAuth 2.0
API Key:
Non-Working request using API Key
Google docs says that they generate their own API Key for this "Try this API" feature. https://developers.google.com/explorer-help/
Since Google is using their own API Key, I do not understand why I am getting a response status of PERMISSION_DENIED.
Edit:
Here is a link to the Try this API feature in Google Cloud Platform if you would like to give it a try. https://cloud.google.com/logging/docs/reference/v2/rest/v2/entries/write?apix_params=%7B%22resource%22%3A%7B%22entries%22%3A%5B%7B%22logName%22%3A%22projects%2F%5BPROJECT_ID%5D%2Flogs%2Frequests%22%2C%22resource%22%3A%7B%22type%22%3A%22http_load_balancer%22%2C%22labels%22%3A%7B%7D%7D%7D%5D%7D%7D
Here is the python request that I am using in my code to create an entry:
import requests
entry = {
"entries": [
{
"logName": "projects/[PROJECT_ID]/logs/requests",
"resource": {
"type": "http_load_balancer",
"labels": {}
}
}
]
}
requests.post('https://logging.googleapis.com/v2/entries:write?key=[YOUR_API_KEY]', data=json.dumps(entry))
The API key was created from my user that has "logs writer", "logs viewer", and "logging admin" permissions. This theoretically should be all the permissions I need to make the post request. However, it is still returning a "PERMISSION_DENIED" status.
Any help would be much appreciated. Thank you in advance.
It looks like you are making a request to write data which isn't publicly writable. API Keys have no concept of user, they are only identifying you are allowed to call an API. So it looks like your API key request is working to the extent it can, but the response is telling you: I don't know who you are so I can't let you do this.
OAuth 2.0 is the solution here, as it acts on behalf of your account (you have to give consent), allowing the API to verify you have permission to take this action.
Service accounts are another option, to act on behalf of your project instead of your user, but they aren't practical from a web UI.
I've generated a Google Cloud API key without restrictions. I'm passing that to the my topic:publish url as a query parameter, but I'm experiencing an authorization error.
{
"error": {
"code": 403,
"message": "User not authorized to perform this action.",
"status": "PERMISSION_DENIED"
}
}
I'm unsure how to diagnose the permission issue, as there don't appear to be any restrictions on the key. The owner of the topic is my account, so shouldn't be an issue there.
Google Pub/Sub does not support API Keys for authorization. Pub/Sub uses Access Tokens. This means using a Service Account or Google OAuth.
I have been trying to use the google rest api for google webmaster integration into my system.
After going through it's documentation i am able to configure all it's OAuth keys and client id so when i use the Api Explorer i am getting the required reponse there.
There itself i get some url like this :
https://www.googleapis.com/webmasters/v3/sites/https%3A%2F%2Fwww.abcd.in?key={YOUR_API_KEY}
I am providing client secret key in the YOUR_API_KEY but when i hit the url in browser i get this error :
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
PS: i didnt't get any api key while generating the OAuth key (if you think i shud have used any kind of API key here ).
Can anyone help ?
You need to go to Google developer console and register your own project. Make sure to enable the webmasters api and create oauth2 credentials.
The Key parameter only works for public data. Webmaster tools data is private user data so you will be using an access token and not a public api key
https://www.googleapis.com/webmasters/v3/sites/https%3A%2F%2Fwww.abcd.in?access_token={YOUR_ACCESS_TOKEN}
There is a bug in the explorer where it shows key instead of access token it has been reported to Google.
Once you have done that i recommend you find a client library in your chosen language to help you with the authentication part.
"message": "Login Required"
Means that you haven't authenticated your user properly. You should check the documentation for oauth2 or find a client library to help you code it.
I want to push/pull messages to topic on Google Cloud PubSub service. I need to fetch these messages with AJAX without promoting login/permissions screen to end user (i.e. end user can use this service without login). I have tried to add key={spiKey} in query string, but unable to get data every time get 401 error
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}