this is the request I want to emulate in python code, made here with httpie
$ http --auth mucho:pass POST http://3333333.ngrok.io/sms/ msg="love conquers all" to="255123456"
HTTP/1.1 201 Created
Allow: GET, POST, HEAD, OPTIONS
Content-Length: 67
Content-Type: application/json
Date: Mon, 30 Dec 2019 20:31:33 GMT
Server: WSGIServer/0.2 CPython/3.7.5
Vary: Accept, Cookie
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
{
"id": 70,
"msg": "love conquers all",
"owner": "mucho",
"to": "255123456"
}
I have tried this
from requests import Request,Session
url="http://3333333.ngrok.io/sms/"
data = {
"to": "255123456",
"msg": "love conquers all",
}
s=Session()
req=Request('POST',url,data=data)
preped=req.prepare()
preped.prepare_auth(("mucho","pass"),url)
resp=s.send(preped)
It works, but I am looking for a neater/simpler way possibly using headers. Thanks for any help my way
If you are looking for a way to test your api endpoints, you can use insomnia or postman.
It is easy to set the headers.
Related
I'm trying to fetch data from a ticketing system with logic app, using the built-in HTTP module.
When testing with postman, I get the following response:
GET: https://ticketsystem/api/ticket/{{number}}
{
"tickets": [
{
"links": {
"data1": {
"id": 4
},
"data2": {
"id": 3
},
"data3": {
"id": 969
}
...
},
"data1Id": 4,
"data2Id": 3,
"data3Id": 969,
"att1": 1,
"att1": 2,
"att1": 3,
"att1": 4
....
}
]}
But, when trying through the HTTP logic app module, this is the response:
{
"data1Id": 4,
"data2Id": 3,
"data3Id": 969,
"att1": 1,
"att1": 2,
"att1": 3,
"att1": 4
...
}
Everything else is the same, I have even tried in a new logic app and a totally different azure account. It is still the same.
I've looked through the http header response, and there are some differences.
Postman:
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/vnd.api+json; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-PS-ActionTime: 00:00:00.0022451
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Wed, 16 Jun 2021 09:41:50 GMT
Content-Length: 819
Azure HTTP:
"Pragma": "no-cache",
"Vary": "Accept-Encoding",
"X-PS-ActionTime": "00:00:00.0022021",
"X-Frame-Options": "deny",
"X-XSS-Protection": "1; mode=block",
"Strict-Transport-Security": "max-age=31536000; includeSubDomains; preload",
"Cache-Control": "no-cache",
"Date": "Wed, 16 Jun 2021 09:43:27 GMT",
"Server": "Microsoft-IIS/10.0",
"Content-Type": "application/json; charset=utf-8",
"Expires": "-1",
"Content-Length": "1733"
It looks like the "Content-Encoding: gzip" is missing from logic app, but I do not know why this is affecting the overall response structure. Also how to fix this issue.
I have tried to enable "Allow chunking", without any luck.
I understand that I might create an Azure Function to go around this, but I'm trying to avoid that for now.
Any advice?
EDIT
I tested with powershell Invoke-WebRequest, and I see that this is behaving the same as the Logic app HTTP action.
From powershell, the header is also the same (missing Content-Encoding: gzip) and the "Content-Type" = "application/json; charset=utf-8"
But, when testing with python (3.9) with the request module, then it's spitting out the same data as postman.
Content-Type: application/vnd.api+json; charset=utf-8
Content-Encoding: gzip
I am really trying to understand the difference here on the header level, as this is the only difference between the responses, and also what application/vnd.api+json and Content-Encoding: gzip does here.
Did you check this :
https://learn.microsoft.com/en-us/azure/connectors/connectors-native-http#omitted-http-headers
I see a feedback for this too: https://feedback.azure.com/forums/287593-logic-apps/suggestions/42578674-enable-support-for-content-type-header-in-http-get
I've sovled it.
I simply put this as a header on the HTTP Action:
"Accept": "application/vnd.api+json; charset=utf-8"
And the response message was the same as in Postman.
This still does not answer why it is behaving differently, since none of the request headers had this value in all of the metodes I tried.
I want to integrate a bot via a weebhook between Gitlab and discord, so I've configured the bot first, copied his url and put it into the gitlab weebhook configuration input and set it for sending push updates to the Discord server.
With a real push test, I have (with the body)
Request headers:
Content-Type: application/json
X-Gitlab-Event: Push Hook
and as response
Response headers:
Date: Tue, 26 May 2020 18:46:48 GMT
Content-Type: application/json
Content-Length: 58
Connection: close
Set-Cookie: __cfduid=d374998c2f84e3e20b75bbdec88fb63d91590518808; expires=Thu, 25-Jun-20 18:46:48 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax, __cfruid=418f7199379a53d23012d37b15f2ac5a3aac36b6-1590518808; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Ratelimit-Bucket: 3cd1f278bd0ecaf11e0d2391374c011d
X-Ratelimit-Limit: 5
X-Ratelimit-Remaining: 4
X-Ratelimit-Reset: 1590518811
X-Ratelimit-Reset-After: 2
X-Envoy-Upstream-Service-Time: 12
Via: 1.1 google
Cf-Cache-Status: DYNAMIC
Cf-Request-Id: 02f3e816a1000004823d920200000001
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
Cf-Ray: 5999a9376a790482-CDG
but got the error:
Response body:
{"message": "Cannot send an empty message", "code": 50006}
or also
Hook executed successfully but returned HTTP 400 {"message": "Cannot send an empty message", "code": 50006}
Thanks for help
You need to use the "Integrations" feature for "Discord notifications" instead of regular webhook.
See documentation here
We have
created Azure Active Directory
created a new Application
registered the new Application in Azure AD
given ALL the permissions to the API
granted admin permissions
Now we login with this app credentials
We get authorization:
GET /1111111-aaaa-4fd3-bf32-9bfc460f67b1/oauth2/v2.0/authorize HTTP/1.1
Host: login.microsoftonline.com
cache-control: no-cache
Postman-Token: 111111-aaaa-4696-9828-9110670706c5
We get the token:
POST /11111111-aaaa-4fd3-bf32-9bfc460f67b1/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
cache-control: no-cache
Postman-Token: 11111111-aaaa-47e4-b2fb-6b94cd02312a
client_id=11111111-aaaa-482e-ab17-86e4c2c6240c
scope=https%3A%2F%2Fgraph.microsoft.com%2F.default
client_secret=aaaaaaaaaaaDJk6jBJ%2FuBRJM6AFxyFIDMKn867hmvU%3D
grant_type=client_credentials
The token analyzed with jwt.io:
{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/1111111-ccc6-4fd3-bf32-9bfc460f67b1/",
"iat": 1541603660,
"nbf": 1541603660,
"exp": 1541607560,
"aio": "42RgYFB+/Gyh8uF3yl+uKU7km//kFwA=",
"app_displayname": "ToDoListService",
"appid": "1111111-4e99-482e-ab17-86e4c2c6240c",
"appidacr": "1",
"idp": "https://sts.windows.net/1111111-ccc6-4fd3-bf32-9bfc460f67b1/",
"oid": "1111111-98fb-4a47-af7f-d3800dde2f7b",
"roles": [
"Chat.UpdatePolicyViolation.All",
"Calls.JoinGroupCall.All",
"EduRoster.Read.All",
"OnlineMeetings.Read.All",
"Mail.ReadWrite",
"OnlineMeetings.ReadWrite.All",
"Device.ReadWrite.All",
"User.ReadWrite.All",
"Domain.ReadWrite.All",
"Application.ReadWrite.OwnedBy",
"SecurityEvents.Read.All",
"Calendars.Read",
"EduAssignments.ReadWrite.All",
"People.Read.All",
"Application.ReadWrite.All",
"Calls.InitiateGroupCall.All",
"Group.Read.All",
"Directory.ReadWrite.All",
"EduAssignments.ReadWriteBasic.All",
"MailboxSettings.Read",
"EduAdministration.Read.All",
"Calls.JoinGroupCallAsGuest.All",
"Sites.Read.All",
"Sites.ReadWrite.All",
"Contacts.ReadWrite",
"Group.ReadWrite.All",
"Sites.Manage.All",
"SecurityEvents.ReadWrite.All",
"Notes.Read.All",
"User.Invite.All",
"EduRoster.ReadWrite.All",
"Files.ReadWrite.All",
"Directory.Read.All",
"User.Read.All",
"EduAssignments.ReadBasic.All",
"EduRoster.ReadBasic.All",
"Files.Read.All",
"Mail.Read",
"Chat.Read.All",
"ChannelMessage.Read.All",
"EduAssignments.Read.All",
"Calendars.ReadWrite",
"identityriskyuser.read.all",
"EduAdministration.ReadWrite.All",
"Mail.Send",
"ChannelMessage.UpdatePolicyViolation.All",
"MailboxSettings.ReadWrite",
"Contacts.Read",
"IdentityRiskEvent.Read.All",
"AuditLog.Read.All",
"Member.Read.Hidden",
"Calls.AccessMedia.All",
"Sites.FullControl.All",
"Reports.Read.All",
"Calls.Initiate.All",
"Notes.ReadWrite.All"
],
"sub": "1111111-98fb-4a47-af7f-d3800dde2f7b",
"tid": "1111111-ccc6-4fd3-bf32-9bfc460f67b1",
"uti": "hxPwbjRRm0y6SI8hxuckAA",
"ver": "1.0",
"xms_tcdt": 1541414851
}
You can see that we get all the necesary permissions.
And this petition works:
https://graph.microsoft.com/v1.0/Users/
or
https://graph.microsoft.com/beta/Users/
but not this one:
https://graph.microsoft.com/beta/Users/<user-id>/Calendars
nor this one:
https://graph.microsoft.com/beta/users/<user-id>/sendMail
they both return 401:
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"request-id": "019ddc83-6528-4f19-95cc-8b99ea53a046",
"date": "2018-11-07T16:03:55"
}
}
}
I think that we had got all the necessary permission, configuration... etc... so why isn't it working? :'(
[UPDATE]
detailed call to get calendars
GET /v1.0/Users/<user-id>/Calendars HTTP/1.1
cache-control: no-cache
Postman-Token: xxxxxxxxxxxxxxxxxxxxxxx
Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
User-Agent: PostmanRuntime/7.3.0
Accept: */*
Host: graph.microsoft.com
accept-encoding: gzip, deflate
Connection: close
Response
HTTP/1.1 401 Unauthorized
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: application/json
request-id: 11111111-aaaa-aaaa-a115-e09bb6f09917
client-request-id: 11111111-aaaa-aaaa-a115-e09bb6f09917
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"North Europe","Slice":"SliceC","Ring":"3","ScaleUnit":"001","Host":"AGSFE_IN_34","ADSiteName":"NEU"}}
Duration: 377.0084
Strict-Transport-Security: max-age=31536000
Date: Thu, 08 Nov 2018 09:16:03 GMT
Connection: close
c6
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"request-id": "2bb9a7c1-f8a3-4c1f-a115-e09bb6f09917",
"date": "2018-11-08T09:16:04"
}
}
}
0
let me start by first of all noticing that you have posted a client secret on a public forum :) And one that has luxurious permission on your tenant. I hope you have changed the client secret by now.
But to get back to your question - I will have to ask a bit more in detail to get a better understanding of what your actual results were:
According to your JWT printout you are getting a V1 token but using the client credential flow (the field "ver" is set to 1.0). The Microsoft Documentation here Get access without a user explicitly states that you should use a V2 Token to access Microsoft Graph in this scenario. So the first question is: Did you create your Azure App using the V2 Portal: https://apps.dev.microsoft.com/ ? If not then this may be the issue.
A more common issue when manually testing - Have you made sure that the token had not expired from the time you got it from the /token endpoint up to the time you tested your API call?
If none of the above - please post your request to the https://graph.microsoft.com/beta/Users//Calendars endpoint in detail, the devil may be in the details
For the context I'm trying to update a file through the GitHub API.
Everything was fine until I tried to update the reference.
According to the doc, below are the requests I forged and their returns.
If anyone has an idea, I did find nothing to make it work.
$ curl -i -XPATCH -d '{"sha": "69d0a253406585d8faf616ce3ae0ff2453b346d7"}' -H "Authorization: token AUTH-TOKEN" https://api.github.com/repos/Trax-air/TraxIT/git/refs/heads/ci-migrate-quay
HTTP/1.1 422 Unprocessable Entity
Server: GitHub.com
Date: Wed, 18 Nov 2015 14:08:49 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 128
Status: 422 Unprocessable Entity
X-RateLimit-Limit: 5000
X-RateLimit-Remaining: 4948
X-RateLimit-Reset: 1447856141
X-OAuth-Scopes: gist, read:repo_hook, repo, user
X-Accepted-OAuth-Scopes:
X-GitHub-Media-Type: github.v3
X-XSS-Protection: 1; mode=block
X-Frame-Options: deny
Content-Security-Policy: default-src 'none'
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-GitHub-Request-Id: 4EC2914C:94AC:15486DB6:564C8671
{
"message": "Object does not exist",
"documentation_url": "https://developer.github.com/v3/git/refs/#update-a-reference"
}
I tried to update the reference by itself, it worked:
$ curl -i -XPATCH -d '{"sha": "694973310d80edfe9ca08bd2fd5a06a6407b08ad"}' -H "Authorization: token AUTH-TOKEN" https://api.github.com/repos/Trax-air/TraxIT/git/refs/heads/ci-migrate-quay
HTTP/1.1 200 OK
Server: GitHub.com
Date: Wed, 18 Nov 2015 14:10:20 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 337
Status: 200 OK
X-RateLimit-Limit: 5000
X-RateLimit-Remaining: 4947
X-RateLimit-Reset: 1447856141
Cache-Control: private, max-age=60, s-maxage=60
ETag: "25641a46e3d517196995aec80669dcd2"
X-OAuth-Scopes: gist, read:repo_hook, repo, user
X-Accepted-OAuth-Scopes:
Vary: Accept, Authorization, Cookie, X-GitHub-OTP
X-GitHub-Media-Type: github.v3
X-XSS-Protection: 1; mode=block
X-Frame-Options: deny
Content-Security-Policy: default-src 'none'
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
X-Served-By: c6c65e5196703428e7641f7d1e9bc353
X-GitHub-Request-Id: 4EC2914C:94AB:F33F280:564C86CC
{
"ref": "refs/heads/ci-migrate-quay",
"url": "https://api.github.com/repos/Trax-air/TraxIT/git/refs/heads/ci-migrate-quay",
"object": {
"sha": "694973310d80edfe9ca08bd2fd5a06a6407b08ad",
"type": "commit",
"url": "https://api.github.com/repos/Trax-air/TraxIT/git/commits/694973310d80edfe9ca08bd2fd5a06a6407b08ad"
}
}
I then tried to confirm my commit exist:
$curl -i -XGET -H "Authorization: token AUTH-TOKEN" https://api.github.com/repos/Trax-air/TraxIT/git/commits/69d0a253406585d8faf616ce3ae0ff2453b346d7
HTTP/1.1 200 OK
Server: GitHub.com
Date: Wed, 18 Nov 2015 14:03:29 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 1028
Status: 200 OK
X-RateLimit-Limit: 5000
X-RateLimit-Remaining: 4950
X-RateLimit-Reset: 1447856141
Cache-Control: private, max-age=60, s-maxage=60
Last-Modified: Wed, 18 Nov 2015 11:58:58 GMT
ETag: "4823502d472e3b3fe873841fcd60d3c6"
X-OAuth-Scopes: gist, read:repo_hook, repo, user
X-Accepted-OAuth-Scopes:
Vary: Accept, Authorization, Cookie, X-GitHub-OTP
X-GitHub-Media-Type: github.v3
X-XSS-Protection: 1; mode=block
X-Frame-Options: deny
Content-Security-Policy: default-src 'none'
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
X-Served-By: 8a5c38021a5cd7cef7b8f49a296fee40
X-GitHub-Request-Id: 4EC2914C:94AA:AE467E1:564C8530
{
"sha": "69d0a253406585d8faf616ce3ae0ff2453b346d7",
"url": "https://api.github.com/repos/Trax-air/TraxIT/git/commits/69d0a253406585d8faf616ce3ae0ff2453b346d7",
"html_url": "https://github.com/Trax-air/TraxIT/commit/69d0a253406585d8faf616ce3ae0ff2453b346d7",
"author": {
"name": "traxbot",
"email": "traxbot#trax-air.com",
"date": "2015-11-18T11:58:58Z"
},
"committer": {
"name": "traxbot",
"email": "traxbot#trax-air.com",
"date": "2015-11-18T11:58:58Z"
},
"tree": {
"sha": "ca47cb13f520913e643b15e6d0776f38ba577091",
"url": "https://api.github.com/repos/Trax-air/TraxIT/git/trees/ca47cb13f520913e643b15e6d0776f38ba577091"
},
"message": "Updated api_gateway to 0.15",
"parents": [
{
"sha": "694973310d80edfe9ca08bd2fd5a06a6407b08ad",
"url": "https://api.github.com/repos/Trax-air/TraxIT/git/commits/694973310d80edfe9ca08bd2fd5a06a6407b08ad",
"html_url": "https://github.com/Trax-air/TraxIT/commit/694973310d80edfe9ca08bd2fd5a06a6407b08ad"
}
]
}
This may be due to caching.
I asked to Github support and here is their answer:
Thanks for reaching out. The commit in question
(69d0a253406585d8faf616ce3ae0ff2453b346d7) doesn't exist in that repository,
so you're not allowed to update the branch to point to it.
As far as I can tell, it did exist in the repository at some point, but was pruned
because it was no longer reachable. I think the API was telling you that it still exists
in the repository due to caching.
I just cleared our caches and I think you should see that it's no longer available
if you try to fetch that commit. I'm sorry for the confusion about that --
I'll ask the team to investigate why this caching problem happened.
This solved it for me:
'{"sha": "new_sha", "force": true }'
I am in the middle of an Authorization Code Grant Flow with Azure AD. Even though the documentation says the grant_type should be authorization_code, I am getting an error message about this property.
POST https://login.windows.net/SOME_AZURE_AD_UUID/oauth2/token?api-version=1.0
Content-Type: application/x-www-form-urlencoded
client_id=SECRET_CLIENT_ID
&client_secret=SECRET_CLIENT_SECRET
&code=SECRET_CODE
&grant_type=authorization_code
&redirect_uri=https://myserver.example.com/login/auth_return
&resource=https://myserver.example.com/
&scope=openid email
(edit: whitespace added for clarity)
The error I am getting back:
HTTP/1.1 400 Bad request
Content-Length: 436
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
Request-Id: SOME_REQUEST_ID
X-Ms-Request-Id: SOME_REQUEST_ID
Strict-Transport-Security: max-age=31536000; includeSubDomains
Set-Cookie: x-ms-gateway-slice=slicea; path=/; secure; HttpOnly, stsservicecookie=acs; path=/; secure; HttpOnly
Server: Microsoft-IIS/8.0
Cache-Control: private
Date: Wed, 20 Aug 2014 14:44:08 GMT
Content-Type: application/json; charset=utf-8
{
"correlation_id": "SOME_CORRELATION_ID",
"error": "unsupported_grant_type",
"error_codes": [
70003
],
"error_description": "
ACS70003: The access grant 'authorization_code' is not supported.\r\n
Trace ID: SOME_TRACE_UUID\r\n
Correlation ID: SOME_CORRELATION_ID\r\n
Timestamp: 2014-08-20 14:44:08Z",
"timestamp": "2014-08-20 14:44:08Z",
"trace_id": "SOME_TRACE_UUID"
}
(whitespace added for clarity)
This request does work if I change grant_type to client_credentials (but I have not found a way to use the resulting token for what I need). It also works if I change some URLs to point to Google instead of Azure AD.
Is there a mistake with these requests or does the service genuinely not support the documented grant_type of authorization_code?
This is a bug I believe, and it took me 2-3 days to figure it out. Please do the following to get it working,
1) Remove the "?api-version=1.0" from your URL. I know it sounds strange but trust me their documentation is a mess.
2) Add a "Content-Type": "application/x-www-form-urlencoded" header in your request (hence you'll have to encode the post data values ... for example redirect_url=(encodedURL) etc
3) Remove unnecessary fields from post data REFER ... it should be like
{
'grant_type': "authorization_code",
'resource': "your resource",
'client_id': "your client Id",
'redirect_uri': "your redirect URL",
'client_secret': "your client secret",
'code': "the code u got"
}
I see you have done point 2 so you'll need to do point 1 and you're good to go.
Furthermore, if you want to get access_token quickly(if nothing I said works for you), then pass "client_credentials" in grant_type and you'll get a smaller response with access_token. But if you want the complete response with refresh_token as well, you'll have to do all those steps.
EDIT:
There is one more mistake in their documentation, for Refresh Tokens >>> the URL should be oauth2/token and NOT oauth2/authorize
Hope this helps!
try this
'grant_type':"client_credentials",
'resource': "your resource",
'client_id': "your client Id",
'redirect_uri': "your redirect URL",
'client_secret': "your client secret",