i am passing following header information using "rest client" plugin of firefox to the url "localhost/magento/api/rest/customers",
i am pass following header information:
Consumer key :olnnqgwm7gm75rtbft8w1wac4kp4vwig
Consumer secret:u9v6bdlpuopdlryc6vx0yjnslkj4vllo
Access token : null
Access token secret : null
i will give following response:
<magento_api>
<messages>
<error>
<data_item>
<code>401</code>
<message>
oauth_problem=parameter_absent&oauth_parameters_absent=oauth_token
</message>
</data_item>
</error>
</messages>
</magento_api>
so here i want to get Access token and Access token secret how to get it?
Access token : null
Access token secret : null
This is mandatory for getting the details of customer through REST Api. You have to configure the authentication process as defined here, please go through the article and you will get your answer.
Getting an Unauthorized Request Token
URI localhost/magento/oauth/initiate
Method: POST
Return: Sample Response: oauth_token=4cqw0r7vo0s5goyyqnjb72sqj3vxwr0h&oauth_token_secret=rig3x3j5a9z5j6d4ubjwyf9f1l21itrr&oauth_callback_confirmed=true
2.User Authorization
Uri: localhost/magento/oauth/authorize
Method: Get
Sample Response: /callback?oauth_token=tz2kmxyf3lagl3o95xnox9ia15k6mpt3&oauth_verifier=cbwwh03alr5huiz5c76wi4l21zf05eb0
NOTE:The second step of authentication. Without the user authorization in this step, it is impossible for your application to
obtain an Access Token.
3.Getting an Access Token
Uri: localhost/magento/oauth/token
Method: POST
Sample Response: oauth_token=0lnuajnuzeei2o8xcddii5us77xnb6v0&oauth_token_secret=1c6d2hycnir5ygf39fycs6zhtaagx8pd
If you complete all the above steps you will get the Access token and secret which can be used for getting customer response
Related
I'm trying to connect to an API of a website using Token Authorization in Postman.
So the URL that I'm trying to connect is a GET URL that goes like this:
https://seller.digikala.com/api/v1/profile/
And then at Postman, I set the Authorization type to BearerToken and copied and pasted the token.
And Headers is also set to Content-Type of application/json:
But I don't know why I get this error:
{
"status": 401,
"message": "Invalid token!"
}
I also test the token at the jwt.io website and it says: Invalid Signature!
So the question is, does the website provide me a wrong and invalid token (because I just copy and paste it and no chance of entering an incorrect token)?
What are the other ways for authorizing this token and how can I get the proper response?
BearerToken is not always JWT
BearerToken is a type of Authorization Header, you can pass to an http endpoint.
BearerTokens can have multiple token_type, like:
jwt,
api_token,
...
the BearerToken is not always jwt, it can have multiple algorithm.
the 12|xxx format is like api_token
Note: one of the signs if you want to know the token is jwt, if its
format is url encoded string with 2 dots, (xxx.yyy.zzz) its a chance
that it would be JWT token
Validating JWT
in the jwt.io you should provide the digikala.com public key to validate the signature.
It said invalid token, because you haven't provide, digikala
public key
but as decoder showed up, the token you have provided is a jwt token with payload data of :
{
"token_id" : 970,
"payload" : null
}
TD;DR
I guess you can access if you login again and try new token
I am getting below error while using Google API.
URL:
https://docs.google.com/feeds/download/documents/export/Export?id=${document_id}&exportFormat=${format}&format=${format}
Method: GET
Result format: File
Error:
Unauthorized (401) - The request requires user authentication (1 attempt)
we retrieve access token with help of refresh_token, client_id and client_secret key
while externally (except RunMyProcess portal) received 307 status code
Temporary Redirect (307) - The requested resource resides temporarily under a different URI
we just wanted to clarify about API. Is this API has been changed?
Cannot find Google API documentation for same.
I need to create request for getting data from Google Analytics API in Postman. I managed to generate access token with playground platform but I need permanent refresh token (in playground I can generate only 24h token).
I tried to generate token in Console API:
I've created project
Add analytics API in my project
Generate client ID and secret code
But I don't know which redirect URL using. Default value that was generate in JSON is urn:ietf:wg:oauth:2.0:oob","http://localhost
Than I've generated authorization code with request (from browser):
https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/analytics&redirect_uri=http://localhost&response_type=code&client_id=XXXX
And when I tried to generate access_token with POST request in Postman, sending such keys:
code:XXXXXX
redirect_uri:urn:ietf:wg:oauth:2.0:oob (also tryed http://localhost)
client_id:YYYYY
client_secret:ZZZZZZ
scope:https://www.googleapis.com/auth/analytics
grant_type:authorization_code
And got error
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
How should I set grant for Postman? Could you help me to resolve issue and understand what I do wrong
I managed to resolve my issue. It should be added redirect_url https://www.getpostman.com/oauth2/callback
I am trying to get the permanent access_token and access_token_secret from Mangento 1.9.
I have consumer_key and consumer_secret and have configured the required permission by following this link http://devdocs.magento.com/guides/m1x/api/rest/permission_settings/permission_settings.html
I have successfully generated the temporary access_token and access_token_secret. But while trying to generate the oauth_verifier I am getting:
An error occurred. Your authorization request is invalid.
How can I solve this problem?
You can generate permanent access token and and token secrete using Postman.
Follow the link.
How to use POSTMAN rest client with magento REST api with Oauth. How to get Token and Token Secret?
1) Create rest api consumer (Collect temporary consumer key and screte key from here)
2) Creat web -> admin role, given all the resource permision
3)Create magento admin user role->linked it with the Rest role
username-username
password-password
For getting the permenant access key and token
4)Oauth initiate GET request in postman will return temporary
oauth_token=---------------- oauth_token_secret=------------------
oauth_callback_confirmed=true
5)then o-auth authorize with parameter as a token(from the last request) simple GET request
6)The login form will open ->filled with the consumer role credentials and made a POST request
7)click on authorize will give the following in responce
"oauth_token": ----------------,
"oauth_verifier": ----------------
8)making request with all the parameters will give
permenant token and secrete key:
oauth_token=----------------
oauth_token_secret=----------------
will have to use this tokens in headers while requesting resources.
In Postman in oauth1.0 filling all the tokens(select auto add params to header and params and keep empty parameter)
and url http://yourhost/app/api/rest/customers
will return all the customer
I have a Google App Engine endpoints projects which is protected by Oauth2. I saw some request has failed due to Invalid token.
Request URL: https://example.appspot.com/_ah/api/mm/v1/list?filter=q%3Dtest&alt=json
Method: example.resource.list
Error Code: 401
Reason: required
Message: Invalid token.
I could log out the token from the HEADER of the request.
The token I get is access token, format like, ya29.vwGg-....
When I tried with
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=
to find out token information, like issue_to, client_id, extra.
It returns back with
{
error: "invalid_token",
error_description: "Invalid Value"
}
I have tested with
https://developers.google.com/oauthplayground
the url returns back the same error if the token has been expired.
My guess for the reason my request has failed is the token used has expired.
But not 100% sure.
Is there way to find token info about expired access token?
Or maybe more widely,
is there any way to find more info about invalid access token, like why it is invalid or anything else?
I remove google account and add google account, then login works.
Google's guide for Google Sign-In for Android on how to Authenticate with a backend server.
A simple way is to check the token, XYZ123 is your token
https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=XYZ123
There are many ways to get token information. Generally token will be invalid for various reasons so of the important reasons are Invalid Signature and Token expired. You can use https://jwt.io to decode your token and get the info. Your error description clearly tells the reason about why your token is considered invalid. Try deep diving into the code and see why it says invalid value.