I am trying to subscribe to the Microsoft Graph API for webhook notifications to track changes in a folder in a SharePoint Document library. I have app only access to this SharePoint site and am able to see and download all the content within the drive associate with the document library. I can also upload new files using API.
When I make the call to the subscription endpoint I receive an internal server error.
Here is the request I make
curl -X POST \
https://graph.microsoft.com/v1.0/drive/root/subscriptions \
-H 'Accept: */*' \
-H 'Accept-Encoding: gzip, deflate' \
-H 'Authorization: Bearer TOKEN' \
-H 'Cache-Control: no-cache' \
-H 'Connection: keep-alive' \
-H 'Content-Length: 303' \
-H 'Content-Type: application/json' \
-H 'Host: graph.microsoft.com' \
-d '{
"changeType": "updated",
"notificationUrl": "https://c.ngrok.io/sp-hook",
"resource": "drives/{{DRIVE-ID}}/root",
"expirationDateTime": "2019-09-18T11:23:00.000",
"clientState": "test"
}'
Here is the response I get
{
"error": {
"code": "InternalServerError",
"message": "Unable to find target address",
"innerError": {
"request-id": "c8e66e50-5b94-4593-88d5-3111e5c5c6c7",
"date": "2019-09-13T09:50:12"
}
}
}
I believe this could be due to a wrong resource value, but I could not locate documentation about what the value of resource should be. I have gone over: https://learn.microsoft.com/en-us/graph/webhooks and https://learn.microsoft.com/en-us/graph/api/resources/webhooks?view=graph-rest-1.0. All the documentation seems to point to a resource value of "me/drives/root", however with app only access a my site is not defined and so the call fails.
These are the different values for resource that I have tried within the request json body
drives('DRIVE-ID')/root
drives/DRIVE-ID/root
DRIVE-ID
drive/DRIVE-ID
drive/DRIVE-ID/root
me/drive("DRIVE-ID")/root
DRIVE-ITEM-ID-FOR-ROOT
Different documentation seems to point to different subscription endpoints. These are the different endpoints I have tried
https://graph.microsoft.com/v1.0/subscriptions
https://graph.microsoft.com/v1.0/drive/root/subscriptions
https://graph.microsoft.com/beta/drives/{{drive-id}}/root/subscriptions
The error also made me suspect that during subscription registration, it was not able to find my webhook. However having tested the endpoint I am sure it is accessible.
Additional information
I use the following call to get the drive id for a sharepoint site
curl -X GET \
'https://graph.microsoft.com/v1.0/sites/SITE-ID/drive' \
-H 'Accept: */*' \
-H 'Accept-Encoding: gzip, deflate' \
-H 'Authorization: Bearer TOKEN' \
-H 'Cache-Control: no-cache' \
-H 'Connection: keep-alive' \
-H 'Content-Type: application/json' \
-H 'Host: graph.microsoft.com' \
I see you are performing POST on https://graph.microsoft.com/v1.0/drive/root/subscriptions endpoint
Expected subscriptions endpoint is https://graph.microsoft.com/v1.0/subscriptions
Please note there is no '/drive/root' in the URL path.
Related
I want to use azure translator service with the Authorization token. There are plenty of resources explaining how to do it with subscription key but I could not found any resource explaining the use of authorization token. I can get the authorization token but when I send a request with it, the response status code is 401.
This is how I send the request:
curl POST 'https://api.cognitive.microsofttranslator.com/translate?api-version=3.0&to=es' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer token' \
--data-raw '[{'\''Text'\'':'\''Hello World!'\''}]'
If you want to call Text Translation API with authentication token, please refer to the following steps
Get a token. If your service is global, the endpoint is https://api.cognitive.microsoft.com/sts/v1.0/issueToken
curl -v -X POST \
"https://YOUR-REGION.api.cognitive.microsoft.com/sts/v1.0/issueToken" \
-H "Content-type: application/x-www-form-urlencoded" \
-H "Content-length: 0" \
-H "Ocp-Apim-Subscription-Key: YOUR_SUBSCRIPTION_KEY"
Besides, please note that an authentication token is valid for 10 minutes. The token should be reused when making multiple calls to the Translator. However, if your program makes requests to the Translator over an extended period of time, then your program must request a new access token at regular intervals (for example, every 8 minutes).
Call API
curl -X POST 'https://api.cognitive.microsofttranslator.com/translate?api-version=3.0&from=en&to=de' \
-H 'Authorization: Bearer YOUR_AUTH_TOKEN' \
-H 'Content-Type: application/json' \
--data-raw '[{ "text": "How much for the cup of coffee?" }]' | json_pp
For more details, please refer to here and here.
When I try to submit a PATCH or PUT request to update an incident, I get:
{"error":"incident is missing"}
Here is my request:
curl --location --request PATCH 'https://api.statuspage.io/v1/pages/xxxx/incidents/lf7****nf2?api_key=xxx' \
--header 'Content-Type: application/json' \
--data-raw '{
"incident": "Requests Failed (500)",
"status": "identified"
}'
I have also tried with Authorization: Oauth approach
I am able to create an incident and am also able to list them, so I am unsure what is going on.
I am following https://developer.statuspage.io/#operation/putPagesPageIdIncidentsIncidentId and https://developer.statuspage.io/#operation/patchPagesPageIdIncidentsIncidentId
What am I missing?
Any advice is much appreciated
i need to use https://doers.statuspage.io/api/v1/
curl https://api.statuspage.io/v1/pages/qfn30z5r6s5h/incidents/21w20wsvz5kv.json \
-H "Authorization: OAuth 2a7b9d4aac30956d537ac76850f4d78de30994703680056cc103862d53cf8074" \
-X DELETE
I am trying to create an Event Hub in Azure using the REST APi ( with Postman ) but I am getting an error in the process of generating the SAS token.
curl --location --request POST 'https://login.microsoftonline.com/0e3603bd-2f0b-43e2-b9b5-5d456791cf33/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=myclientid' \
--data-urlencode 'client_secret=myclientsecret' \
--data-urlencode 'resource=https://management.azure.com/'
I store the bearer token and use it to authentificate on the following requeste:
First create the Event Hub namespace :
'''
curl --location --request PUT 'https://management.azure.com/subscriptions/6fa11037-363b-4ff4-a5a2-f4e93efa527c/resourceGroups/easypeasybi/providers/Microsoft.EventHub/namespaces/easypeasybi?api-version=2017-04-01' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer mybearertoken' \
--data-raw '{"location":"francecentral"}'
'''
Now in order to create the Event Hub, I need to build a SAS token,therefore I need to retrieve the SAS policy first:
The creation of the Namespace generate a SAS policy named RootManageSharedAccessKey, I can list all the policy using this call :
curl --location --request GET 'https://management.azure.com/subscriptions/6fa11037-363b-4ff4-a5a2-f4e93efa527c/resourceGroups/easypeasybi/providers/Microsoft.EventHub/namespaces/easypeasybi/AuthorizationRules?api-version=2017-04-01' \
--header 'Authorization: Bearer mybearertoken'
Lastly, I am trying to retrieve the RootManageSharedAccessKey policy but I am getting an error
{
"error": {
"code": "InvalidHostName",
"message": "The provided host name 'easypeasybi.servicebus.windows.net' is not whitelisted. "
}
}
The code I am using is the following
curl --location --request POST 'https://management.azure.com/subscriptions/6fa11037-363b-4ff4-a5a2-f4e93efa527c/resourceGroups/easypeasybi/providers/Microsoft.EventHub/namespaces/easypeasybi/AuthorizationRules/RootManageSharedAccessKey/listKeys?api-version=2017-04-01' \
--header 'Content-Type: application/atom+xml;type=entry;charset=utf-8' \
--header 'Host: easypeasybi.servicebus.windows.net' \
--header 'Authorization: Bearer mybearertoken' \
--data-raw '<entry xmlns='\''http://www.w3.org/2005/Atom'\''>
<content type='\''application/xml'\''>
<EventHubDescription xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/netservices/2010/10/servicebus/connect">
</EventHubDescription>
</content>
</entry> '
In the header, the Host should be management.azure.com.
So in you command, change this line of code
--header 'Host: easypeasybi.servicebus.windows.net' \
to
--header 'Host: management.azure.com' \
I do have a simple AWS API Gateway implementation protected by an AWS_IAM Authorization.
I just want to test from command line via cURL :
curl --location --request GET 'https://<API_ID>.execute-api.eu-west-1.amazonaws.com/stage?type=type&category=category&lc=lc&passprhase=passprhase&product=product'
--header 'Authorization: AWS4-HMAC-SHA256 Credential=<AWS_ACCESS_KEY>/20200127/eu-west-1/execute-api/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=<AWS_SECRET_ACCESS_KEY>' --header 'Content-Type: application/json' \
--data-raw '{"query":"","variables":{}}'
but keep getting the follow error :
Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header.
Can someone advice what am I doing wrong ?
AWS V4 signature authentication is supported in curl starting from version 7.75, so you should be able to call your AWS resource this way:
curl --location --request GET 'https://$API-ID.execute-api.eu-west-1.amazonaws.com/stage?type=type&category=category&lc=lc&passprhase=passprhase&product=product' \
--header 'Content-Type: application/json' \
--user $ACCESS_KEY:$SECRET_KEY \
--aws-sigv4 "aws:amz" \
--data-raw '{"query":"","variables":{}}'
Note that you may need to add in the --aws-sigv4 value your region and service.
For example: --aws-sigv4 "aws:amz:eu-west-2:execute-api"
You can find more documentation here: https://curl.se/libcurl/c/CURLOPT_AWS_SIGV4.html
And the documentation for the CLI option here: https://curl.se/docs/manpage.html#--aws-sigv4
AWS_IAM authorization uses Sigv4 and its calculation process requires values certain headers - Date being one of them. You are passing x-amz-date as a part of the "SignedHeaders" field, but not actually passing it with the other headers.
One way to create the right curl command to invoke an API with AWS_IAM would be to use Postman application. Add in the API URL and select "AWS Signature" under Authorization tab. You can then select the "Code" option and get the full curl command which would look something like this -
curl -X POST \
https://$API-ID.execute-api.$AWS_REGION.amazonaws.com/$STAGE/$RESOURCE \
-H 'authorization: AWS4-HMAC-SHA256 Credential=$ACCESS_KEY/20200128/$AWS_REGION/execute-api/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=$SIGNATURE_VALUE' \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-H 'host: API-ID.execute-api.$AWS_REGION.amazonaws.com' \
-H 'postman-token: 15f9498e-95b7-f22b-eed9-016cdea07424' \
-H 'x-amz-date: $DATE_STAMP'
Create a Canonical Request for Signature Version 4
I could suggest to use awscurl which is much easier.
To install awscurl click here. For documentation you can refer here.
Example to call apigateway to call lambda for POST query is below.
awscurl --service execute-api -X POST -d '{ "alias" : "xyx", "type" : "LDAP" }' https://.execute-api.us-west-2.amazonaws.com/Prod/user/groups/get --region us-west-2 --access_key ACCESS_KEY --secret_key mfBl0YJRsXDue4C5F5B6rz1eUpQpA8uC24RtSnsg --security_token SECURITY_TOKEN
I'm trying to send messages following this guide, but i'm getting 403.
The bot is deployed on Azure using Web App Bot template.
I got the bearer token
curl -X POST \
https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Postman-Token: ea607e32-4939-4005-85f4-440bc71d6e12' \
-H 'cache-control: no-cache' \
-d 'grant_type=client_credentials&client_id=655fde6d-0086-4b7c-b82c-8033b05555e5&client_secret=C*bd%3B%7D%5Ed1%3F7_(D%5Dq%5E%2B%2Bm6c%5E%5BQ-%7D&scope=https%3A%2F%2Fapi.botframework.com%2F.default&undefined='
Send message with auth
curl -X POST \
https://webchat.botframework.com/v3/conversations/26573ac9cd7c4242aaa3c9692248b11a/activities \
-H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ii1zeE1KTUxDSURXTVRQdlp5SjZ0eC1DRHh3MCIsImtpZCI6Ii1zeE1KTUxDSURXTVRQdlp5SjZ0eC1DRHh3MCJ9.eyJhdWQiOiJodHRwczovL2FwaS5ib3RmcmFtZXdvcmsuY29tIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvZDZkNDk0MjAtZjM5Yi00ZGY3LWExZGMtZDU5YTkzNTg3MWRiLyIsImlhdCI6MTU0OTIxNTIyOSwibmJmIjoxNTQ5MjE1MjI5LCJleHAiOjE1NDkyMTkxMjksImFpbyI6IjQySmdZSGo1NGU3TzZVOGI1Mlo2dk1yTUxWQXBBQUE9IiwiYXBwaWQiOiI2NTVmZGU2ZC0wMDg2LTRiN2MtYjgyYy04MDMzYjA1NTU1ZTUiLCJhcHBpZGFjciI6IjEiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9kNmQ0OTQyMC1mMzliLTRkZjctYTFkYy1kNTlhOTM1ODcxZGIvIiwidGlkIjoiZDZkNDk0MjAtZjM5Yi00ZGY3LWExZGMtZDU5YTkzNTg3MWRiIiwidXRpIjoiSnRmU3dTMEt0VWUzTl8xTldfNWJBQSIsInZlciI6IjEuMCJ9.B4837ahaYuc00_dU8v-RyuC0CC0NXXKSGaNFyj5VcjkGsMUfKRBfXtDfebv0mMbDz7Vaw_VSmO4Y-WSn_LOrYv6qqB1-vGhD6zf3DkZ3SUnSUVkNmTS93Vc2N18C6pvAm129P2-YYlCJu-bQJtX-ZKXFjcJ2oQ70P-X3A-zFrVj1rSzd6pyRqRLJJw58ZnaAUosBs7KgEzDoRCRn61lcrDqIny-BoWrlGsTPMUWl2hAsZnj-0-QR0CE1oxTTfkRYElZua1zwsKf6-VaOxvQNhtkHemzqpo5ctUyQMmlkHEVyUCXhUPzPNYdgPyF87pLJq7fhimgRAe5YAjJMlbRANA' \
-H 'Content-Type: application/json' \
-H 'Postman-Token: f19c7788-3933-4b4a-9ce6-ebfcc953903f' \
-H 'cache-control: no-cache' \
-d '{
"type": "message",
"from": {
"id": "NotificationApi",
"name": "Notification"
},
"text": "Haircut on Saturday"
}'
The serviceUrl and conversation I got from session.message.address
Then, the response code is 403- Forbiden.
Can someone help me ?
I think the mistake here is that you're attempting to authenticate the WebChat channel with an OAuth based bearer token rather than using token based authentication. OAuth token acquisition happens over the channel once it's connection is established.
This blog post does a pretty good job explaining the difference between the two and walking through the various steps of configuring an DirectLine channel (which supports more advanced scenario for acquiring tokens), fetching a token from it for the WebChat to use and then, later, performing the OAuth token exchange via the Bot Framework Service.