Whenever I am migrating any customer from MWS to SP I am getting "No MWS Authorization exists" error. For me the situation is different If I migrate the EU region connection then its works fine. Only facing issues with US region connections.
To get the grantless LWA access token (code) I used the https://sellingpartnerapi-{customer.region}.amazon.com/authorization/v1/authorizationCode which works fine.
To exchange the code for a refresh token I use the seller mwsAuthToken, sellingPartnerId, and my developerId associated with the seller region.
What is the meaning of this error:
[{'code': 'InvalidInput', 'message': 'No MWS Authorization exists', 'details': ''}]
Related questions with no answer:
a. https://github.com/amzn/selling-partner-api-docs/issues/2252
b. Amazon SP-API : Getting No MWS Authorization exists when requesting authorization code via MWS token
The docs on this are spread all over the place and admittedly a bit hard to find. You mentioned changing {customer.region} in the url, and if it's working for EU, then you're probably getting the migration token properly, so it sounds like the only thing remaining different from EU to US is the region being used in the authorization signature.
EU region sellers use eu-west-1/execute-api. US sellers use us-east-1/execute-api.
Also, so you have it:
A walk-through on this process in docs: https://developer-docs.amazon.com/sp-api-blog/docs/migrate-seller-authorizations-from-mws-to-sp-api#step-1-generate-a-grantless-lwa-access-token.
A postman collection you can import:
https://github.com/amzn/selling-partner-api-models/tree/main/models/authorization-api-model.
And the endpoint reference:
https://developer-docs.amazon.com/sp-api/docs/sp-api-endpoints
Related
Trying to get response for https://graph.microsoft.com/v1.0/users/{user_id}/drives but get:
{'error': {'code': 'ResourceNotFound',
'message': "User's mysite not found.",}
Permissions is ok, user_id is correct
I tried to reproduce the error on my side, and found that, if I used ropc flow to generate an access token and used a different user id in request, it then returned 'User's mysite not found'. And if I used credential flow with a user id which doesn't has one drive license, it then returned that error. If I used correct user id which has one drive license, 200 code returned. And the api doc also mentioned that 'idOrUserPrincipalName string Required. The identifier for the user object who owns the OneDrive'
So my idea is check the user id if you used password flow to generate the access token and if not, you should make sure the user to tested via the api has the correct license.
I'm trying to request the contents of a Google doc (that I own) using the Google Docs API and the contents would be read to a website. I'm making the following request in Postman:
GET https://docs.googleapis.com/v1/documents/{documentId}?key=API_KEY
where the API_KEY is a key created in Google developer dashboard and is not restricted for now. However, I'm getting the following error:
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
I have made the doc public (read-access without signing in) and enabled the Docs API in the Google developer dashboard. Further, the dashboard is registering these (failing) requests, so something is going through.The answer is probably in the error message, but to me "or other valid authentication credential" means the API key that I'm already using.
I'm asking for advice on how to make this request successfully without needing to use OAuth or server-side code.
I found a workaround answer to my problem, although it didn't solve the problem with the Docs API. I decided to request the text data from a Google Sheet instead, which works fine with
GET https://sheets.googleapis.com/v4/spreadsheets/documentId?key=API_KEY
when the sheet is public and read-only.
Yes you can open the doc programatically using a service account. You need to "share" the doc with the service account email.
Instructions on creating a service account and reading a Google doc: https://www.futurice.com/blog/read-goog-doc-using-service-account
After developing in the sandbox, we got our api key approved and promoted to a live account.
Since then we've been getting the following response -
response: {
"errorCode": "ACCOUNT_LACKS_PERMISSIONS",
"message": "This Account lacks sufficient permissions."
}
http code: 401
exeucted at: 2017-05-17 15:03:59
Based on my research and according to ACCOUNT_LACKS_PERMISSIONS error when creating envelope
A setting needs to be switched on the backend at Docusign. The user mentions -
"They changed a setting called In Session to Enabled in API section near limiter that only the account manager or tier 2 support can change. All is well."
The account ID is 30953035
API username bcbffa28-a316-473e-b2b7-48d964d909a7
The API request is below. This was working just fine under a Demo account. I've even upgraded to the Intermediate API in the hopes that it will resolve my issues but no dice.
Support says that I need to post here...
This is caused by a bad account baseUrl that's being used in the request. When your integration performs authentication for a given user, if you are using Legacy auth (X-DocuSign-Authentication header) then you need to point to the following /login_information endpoint for the live system:
https://www.docusign.net/restapi/v2/login_information
When you get the response you then need to parse the baseUrl value that was returned and use that sub-domain for subsequent API requests. (Note that there are multiple sub-domains in the live system such as NA1, NA2, EU, etc)
The baseUrl that's returned will look something like:
https://na2.docusign.net/restapi/v2/accounts/12345/envelopes
Make sure you configure your code to read this sub-domain and use in subsequent requests, otherwise you if you simply use www for instance you will not be hitting the correct account endpoint and you'll receive the "Account lacks permissions" error you're receiving.
Ergin's answer seems to work; however, he does not state which part of the baseUrl to keep after parsing. In his example the baseUrl = "https://na2.docusign.net/restapi/v2/accounts/12345/envelopes" In all subsequent calls after authApi.Login(); use "https://na2.docusign.net/restapi" as the URL and that should eliminate the error message.
I have a client with a Azure subscription sitting in a US GOV data center. This subscription is under an EA (not pay-as-you-go).
Attempting to use the standard billing APIs (ratecard and usage) fails with a 'Subscription not found' error. I.e. running the following:
https://management.azure.com/subscriptions/[subscription id here]/providers/Microsoft.Commerce/RateCard?api-version=2015-06-01-preview&$filter=OfferDurableId eq 'MS-AZR-USGOV-0017P' and Currency eq 'USD' and Locale eq 'en-US' and RegionInfo eq 'US'
fails with:
{
"error": {
"code": "SubscriptionNotFound",
"message": "The subscription '[subscription id here]' could not be found."
}
}
I've found very little information on the rate card and usage APIs with EA accounts and even less information on these APIs for accounts running in a US GOV Azure region. Does anyone know if this is supposed to work?
I don't have any experience with the Gov environment, but otherwise my experience is that Resource Usage API also works for EA, whereas the RateCard does not.
I would suggest you to start out with the powershell cmdlets for an easy start
* Get-AzureRmUsage
https://learn.microsoft.com/en-us/powershell/resourcemanager/azurerm.insights/v2.3.0/get-azurermusage
Be sure that you have powershell running correctly towards the Government environment first.
If you want to roll your own client remember to use the correct endpoints as described in "Azure Government developer guide"
https://learn.microsoft.com/en-us/azure/azure-government-developer-guide
Brgds Brian
For EA offer IDs, you need to use the following API:
https://consumption.azure.com/v2/enrollments/(enrollment_id)/pricesheet
You will need to provide EA API Key (different than bearer token from other APIs):
curl -X GET https://consumption.azure.com/v2/enrollments/(enrollment_id)/pricesheet -H 'authorization: Bearer (api_key)'
Note that the API bearer token needs to be created in the EA Portal under the User Account. More detail can be found here: https://learn.microsoft.com/en-us/azure/billing/billing-enterprise-api
Also note that the user must have appropriate privileges otherwise the API will reject your request.
Was hoping someone could help me with this.
I've created a new "product" on developer.nest.com and gave it all available permissions with read/write access where available. My product is using code authentication, so after following all steps to get the code, it was time to make some requests.
When I got the "Exchange the authorization code for an access token" of the walkthrough, I did not get anything other than the metadata object. There was nothing about my devices or structures.
What am I doing wrong?
Thanks.
You are most likely authorizing the Works with Nest connection using a Family Account. Only the home "owner" can currently access the Nest structures and associated devices.
The metadata object is not part of "Exchange the authorization code for an access token" flow. If you are seeing metadata you must've received an access token and made an API request to https://developer-api.nest.com. This is where you would see the metadata object. As part of the "Exchange the authorization code for an access token" your response should be an access token and expiration, e.g.
{
"access_token": "c.FmDPkzyzaQe...",
"expires_in": 315569260
}