I have node/express APIs running in Lambda function.
The API endpoint is {domain}/api/user/{username} where I pass username in URL itself.
example: to get userA detail, endpoint will be xxx.com/api/user/userA
also sending user_id:xxx in header.
Hitting above endpoint using API gateway/Lambda returns the data without any error.
Problem occurs when I use % in username.
Assume I have username as userA% .
Endpoint would become: xxx.com/api/user/userA%
Now, the problem is when I run this in my local machine with node/express/mysql api with endpoint localhost:2000/api/user/userA%, it returns the data.
But the same API using API gateway/Lambda : xxx.com/api/user/userA% throws
CORS: PreflightMissionAllowOriginHeader.
I have configured some CORS policies as shown in below image but can't seem to figure out what should I configure more to allow this type of requests.
Related
I'm able to update/create the function key using the API as per document.
https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/create-or-update-function-secret
My main aim is to update the function key every hour so I'm creating a http trigger (with the above api inside it) and scheduling the trigger.
For testing purpose I stored the url in one parameter.
URL:
'https://management.azure.com/subscriptions/xyz1/resourceGroups/xyz2/providers/Microsoft.Web/sites/func_appname/functions/func_name/keys/poc_testing1?api-version=2021-02-01{"Properties":{"Name": "poc_testing1","Value": "asdsda"}}'
Note: Value here is updating via random gen lib of python
Generated a bearer token using the service principal (which I'm already using to connect my stg acc) storing it in auth_token
header_auth= {'Authorization' : 'Bearer ' + auth_token }
Now running the below command in python
import requests
requests.post(url, headers=header_auth)
I'm getting 403 forbidden error
I'm thinking that it is not because of the bearer token, Did google the error and it is with the IP address. Can someone help me out here
I was referring the (https://learn.microsoft.com/en-us/troubleshoot/azure/general/request-throttling-http-403) doc but I'm not using any APIM service
Till now I referred the doc from MSFT.
https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/create-or-update-function-secret
I was able to create new function key.
I'm trying to do the same using python for which I performed the above steps.
Currently ran the above issue steps in my local Visual studio and tried az cli as well but same 403 error.
Why do you want to update the function key every hour?
If you aim to increased security use AzureAD Auth/OAuth2 rather than the function key.
Regarding the 403 error, please ensure you have assigned proper permissions to the service principal which allow the service principal to modify the azure function.
I am trying to create rest request using Call Multipart form data REST API service in REST API toolkit. It requires apiURL, HTTPHEADER, PARAMETERtoPOST, httpMethod (using GET). I defined all the parameters(client id, client secret, response type (code), scope and response mode (query)) and httpheader - > Content -Type is application/x-www-form-urlencoded.
But in the response message I dont get the authcode even though when I create whole URL directly including parameters , I get the authcode but without Redirect URI. If I include redirect uri, it shows me that URI is not configured even though system admin for that showed me its configured.
So am I missing any parameters or anything else?
I am getting redirect 302 error for my HTTP request in my logic app.
The scenario is that I have a logic app where I want to fetch data from an API endpoint. The API endpoint is protected and I need to provide an access token to be able to access the api.
To be able to connect to the API with an access token I have created an service principal in Azure AD (spn) to use in the logic app.
The logic app contains right now of two HTTP actions:
The first HTTP action makes a request against https://login.microsoftonline.com/<tenantId>/oauth2/token
with client_id, client_secret and tenant_id of the service principal to get an access token which I can use to authenticate against the API.
The second HTTP action makes a request against the API endpoint
with Header
Authroization = Bearer
but I only get 302 Redirect as response.
I have verified that everything is working as expected with Postman with the same requests as explained above.
Any ideas on how to get around this issue?
Redirect screenshot
Logic App workflow
I've found the cause of this issue. It was in fact something wrong with the token, the logic app successfully acquired the Bearer token, however, However, in the POST request against : https://login.microsoftonline.com/tenantId/oauth2/token
I had specified the following:
grant_type=client_credentials
&client_id=<clientId>
&client_secret=<clientSecret>
&resource=https://something.com <- (HERE I forgot an "/")
I found this when I tried using the token aquired in the logic app in postman and it returned a redirect and invalid token.
Thanks for the help all.
I have created a SQL connector and am trying to use it within a logic app (trigger) through the "HTTP + Swagger" Managed API from a blank template within the designer.
However after entering the SWAGGER ENDPOINT URL https://'my-host'.azurewebsites.net/swagger/docs/v1 I receive the following error:
Failed to fetch swagger. Ensure you have CORS enabled on the endpoint and are calling an HTTPS endpoint.
I have verified the configuration:
SQLconnector->Application Settings->Access Level = Public (anonymous)
SQLConnector->Host->API definition = https://'my-host'.azurewebsites.net/swagger/docs/v1
SQLconnector->Host->CORS = "*"
Restarted the Host
Note that I am able to retrieve Swagger Meta data directly through the browser using the above link. I can also retrieve data from the API through the browser.
Why does the logic app have the a problem getting the Swagger?
I have created one API endpoint for lambda function, as - https://XXXXXXXXX.execute-api.us-east-1.amazonaws.com/XXXX/XXXXXXXXXXXX/ which is GET method.
While calling that endpoint from postman it is giving me
{
"message": "'XXXXXXXXX3LPDGPBF33Q:XXXXXXXXXXBLh219REWwTsNMyyyfbucW8MuM7' not a valid key=value pair (missing equal-sign) in Authorization header: 'AWS XXXXXXXXX3LPDGPBF33Q:XXXXXXXXXXBLh219REWwTsNMyyyfbucW8MuM7'."
}
This is a screenshot of the Amazon Lambda Upload Site: http://i.stack.imgur.com/mwJ3w.png
I have Access Key Id & Secret Access Key for IAM user. I used it all but no luck. Can anyone suggest tweak about this.
If you're using the latest version of Postman, you can generate the SigV4 signature automatically. The region should correspond to your API region (i.e. "us-east-1") and the service name should be "execute-api"
This is not a solution but it has helped me more than once:
Double-check that you are actually hitting an existing endpoint! Especially if you're working with AWS. AWS will return this error if you don't have the correct handler set up in your Lambda or if your API Gateway is not configured to serve this resource/verb/etc.