Using REST builder I created some API endpoints. I am trying to access them using curl.
$ curl -X GET "http://localhost:8080/o/headless-xxx/v1.0/profile/12345" -H "accept: application/json" -H "x-csrf-token: xxx"
I retrieved the token from the browser after logged in with Liferay.authToken.
I get this error message.
"message" : "Access denied to com.xxx.headless.xxx.internal.resource.v1_0.ClassName#methodName"
I replaced actual names with xxx, ClassName and methodName. They all look correct.
Is there a setting I am missing? Am I authenticating incorrectly?
I was expecting to see the output of the api but I only get the error.
The message Access denied to might also result from a missing Service Access Policy. Please check it in the:
Control Panel -> Configuration -> Service Access Policy
If you have an oauth2 authentication, you could add
com.xxx.headless.xxx.internal.resource.v1_0.ClassName#methodName
or
com.xxx.headless.xxx.internal.resource.v1_0.ClassName#*
to AUTHORIZED_OAUTH2_SAP
Is there any way to allow user to get access of stream URLs and embed code of only one application and restrict access to other applications?
Yes, you can restrict your specific user. You just need to create a user according to below CURL command or Ant Media Server Dashboard Users section in Settings tab.
curl -X POST -H "Content-Type: application/json" -d '{"email": "test", "password": "testtest", "scope": "system", "userType": "ADMIN"}' "https://{YOUR_SERVER_ADDRESS}:5443/rest/v2/users"
Note: scope parameter can be system or specific application name such as LiveApp. If you use LiveApp, user will have permission only for LiveApp. system can access each application scope.
userType parameter can be ADMIN, USER or READ-ONLY.
Check this guide for more detail.
I'm using the python SDK for Docusign API. I created an integration in the sandbox and successfully promoted the integrator key to a production account.
I retrieved the integrator key, API Acccount ID and API Username from Admin > API and Keys on Docusign.com for the production account. I successfully obtained consent and successfully get a token via configure_jwt_authorization_flow().
However, when I try to make an API call with the token I get: USER_DOES_NOT_BELONG_TO_SPECIFIED_ACCOUNT.
If I use /oauth/userinfo with my token, I get same Username and Account ID that I retrieved above from the Docusign web page.
I haven't posted any code because the code works with my Sandbox account. I just don't understand why the information from the API and Keys page on the website isn't working.
The crazy thing is that I'm logging in as the user in Docusign to obtain the account information. Why doesn't the API think the user is part of that account?
Any help will be much appreciated.
Thanks
Answering my own question in case it helps someone else...
I was using the wrong "Base URL" in production (i.e. https://www.docusign.net/restapi). You need to determine your custom endpoint based on your account. Like this:
curl -i -H "Accept: application/json" -H 'X-DocuSign-Authentication:{"Username": "yourownemail#xxx.com","Password": "yourOwnPassword", "IntegratorKey": "yourOwnIntegratorKey"}' -X GET https://www.docusign.net/restapi/v2/login_information
The result will be something like:
{ "loginAccounts": [ { "name": "John Dough", "accountId": "12345",
"baseUrl": "https://na2.docusign.net/restapi/v2/accounts/12345",
"isDefault": "true", "userName": "John Dough", "userId":
"02e6fc42-0c2e-4e8e-ade1-8ed6f140daee", "email": "john#example.com",
"siteDescription": "" } ] }
Use the returned value of baseUrl for your integration.(https://na2.docusign.net/restapi).
I needed to access resource room's events via the Microsoft Graph API in a server-to-server environment so I followed this guide a few months ago. I created the application, set the calendar-related Application Permissions required and used an admin account to consent to the permissions successfully. Everything has been working for a good 3-4 months now without issues.
However, after not changing anything, today I am getting this response back from the /v1.0/users/{resource room email}/events endpoint:
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"request-id": "952955b5-562e-4fa6-8b0f-e381c8294fcd",
"date": "2017-09-06T03:09:49"
}
}
}
This appears to be a permissions issue as the /v1.0/users/{resource room email}/messages endpoint returns the resource room's messages just fine (assuming permissions are set).
If I follow the previously linked guide using CURL I can replicate the issue.
Get a token:
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" \
-d 'client_id=XXXXXX-XXXX-XXXX-XXXX-XXXXXXX&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=XXXXXXXXX&grant_type=client_credentials' \
'https://login.microsoftonline.com/{my tennant URL}/oauth2/v2.0/token'
Try and get the events:
curl -X GET -H "Authorization: Bearer {token}" 'https://graph.microsoft.com/v1.0/users/{resource room email}/events'
And I receive the same error as above.
Has something changed that I am unaware of that would break this functionality?
Thanks for your help.
I want to use Groovy, HttpBuilder and REST API to access our company's onsidte GitHub appliance.
The GitHub developer's site: https://developer.github.com/v3/, shows this URL: https://api.github.com. So if my company's GitHub URL is: http://github.mycompany.com, what is my REST API endpoint URL? e.g. if I want to list all users, what's the correct URL?
When I access this URL: https://github.mycompany.com/api/v3, it gives me an error:
github.mycompany.com refused to connect.
ERR_CONNECTION_REFUSED
According to "API Enterprise 2.5":
All API endpoints—except Management Console API endpoints—are prefixed with the following URL:
https://hostname/api/v3/
But you need to authenticate:
Authentication
Your Enterprise installation's API endpoints accept the same authentication methods as the GitHub.com API. Specifically, you can authenticate yourself with OAuth tokens (which can be created using the Authorizations API) or basic authentication.
Every Enterprise API endpoint is only accessible to GitHub Enterprise site administrators, with the exception of the Management Console API, which is only accessible via the Management Console password.
TLTR; These are the endpoints
+----+------------------------------------------+--------------------------------+
| | Enterprise | GitHub |
+----+------------------------------------------+--------------------------------+
| v3 | https://[YOUR_HOST]/api/v3 | https://api.github.com |
| v4 | https://[YOUR_HOST]/api/graphql | https://api.github.com/graphql |
+----+------------------------------------------+--------------------------------+
Examples
Here you have some examples in case you want to try them. You'll need to create an ACCESS_TOKEN
Enterprise
curl -H "Authorization: bearer [ACCESS_TOKEN]" https://[YOUR_HOST]/api/v3/organizations
curl -H "authorization: bearer [ACCESS_TOKEN]" https://[YOUR_HOST]/api/graphql -d "{\"query\": \"query { viewer { login } }\"}"
GitHub
curl -H "Authorization: bearer [ACCESS_TOKEN]" https://api.github.com/organizations
curl -H "authorization: bearer [ACCESS_TOKEN]" https://api.github.com/graphql -d "{\"query\": \"query { viewer { login } }\"}"
If you are not using https, it's "http://github.mycompany.com/api/v3/".
You're getting that message because the request is not authenticated.
First you have to figure out what kind of auth your server accepts and then incorporate that into the header or the (query string) of your request.
For example, this is how I get a list (using the header approach) of organizations I can access:
`url -k -H "Authorization: token xxxxxx...xxx" \ https://git.acme.com/api/v3/organizations`
Note that xxxxx...xxx is a place holder for a personal access token I created with read-only access to my repos. The docs refer to this as OAUTH_TOKEN. You can opt for inserting the token as a query string. In neither case do you have to enter a user name because the server figures that out from the token.
if you need https://github.com/google/shaka-player it would be
https://api.github.com/repos/google/shaka-player
more info at https://api.github.com/
"current_user_url": "https://api.github.com/user",
"current_user_authorizations_html_url": https://github.com/settings/connections/applications{/client_id}",
"authorizations_url": "https://api.github.com/authorizations",
"code_search_url": "https://api.github.com/search/code?q={query}{&page,per_page,sort,order}",
"commit_search_url": "https://api.github.com/search/commits?q={query}{&page,per_page,sort,order}",
"emails_url": "https://api.github.com/user/emails",
"emojis_url": "https://api.github.com/emojis",
"events_url": "https://api.github.com/events",
"feeds_url": "https://api.github.com/feeds",
"followers_url": "https://api.github.com/user/followers",
"following_url": "https://api.github.com/user/following{/target}",
"gists_url": "https://api.github.com/gists{/gist_id}",
"hub_url": "https://api.github.com/hub",
"issue_search_url": "https://api.github.com/search/issues?q={query}{&page,per_page,sort,order}",
"issues_url": "https://api.github.com/issues",
"keys_url": "https://api.github.com/user/keys",
"label_search_url": "https://api.github.com/search/labels?q={query}&repository_id={repository_id}{&page,per_page}",
"notifications_url": "https://api.github.com/notifications",
"organization_url": "https://api.github.com/orgs/{org}",
"organization_repositories_url": "https://api.github.com/orgs/{org}/repos{?type,page,per_page,sort}",
"organization_teams_url": "https://api.github.com/orgs/{org}/teams",
"public_gists_url": "https://api.github.com/gists/public",
"rate_limit_url": "https://api.github.com/rate_limit",
"repository_url": "https://api.github.com/repos/{owner}/{repo}",
"repository_search_url": "https://api.github.com/search/repositories?q={query}{&page,per_page,sort,order}",
"current_user_repositories_url": "https://api.github.com/user/repos{?type,page,per_page,sort}",
"starred_url": "https://api.github.com/user/starred{/owner}{/repo}",
"starred_gists_url": "https://api.github.com/gists/starred",
"topic_search_url": "https://api.github.com/search/topics?q={query}{&page,per_page}",
"user_url": "https://api.github.com/users/{user}",
"user_organizations_url": "https://api.github.com/user/orgs",
"user_repositories_url": "https://api.github.com/users/{user}/repos{?type,page,per_page,sort}",
"user_search_url": "https://api.github.com/search/users?q={query}{&page,per_page,sort,order}"