After developing in the sandbox, we got our api key approved and promoted to a live account.
Since then we've been getting the following response -
response: {
"errorCode": "ACCOUNT_LACKS_PERMISSIONS",
"message": "This Account lacks sufficient permissions."
}
http code: 401
exeucted at: 2017-05-17 15:03:59
Based on my research and according to ACCOUNT_LACKS_PERMISSIONS error when creating envelope
A setting needs to be switched on the backend at Docusign. The user mentions -
"They changed a setting called In Session to Enabled in API section near limiter that only the account manager or tier 2 support can change. All is well."
The account ID is 30953035
API username bcbffa28-a316-473e-b2b7-48d964d909a7
The API request is below. This was working just fine under a Demo account. I've even upgraded to the Intermediate API in the hopes that it will resolve my issues but no dice.
Support says that I need to post here...
This is caused by a bad account baseUrl that's being used in the request. When your integration performs authentication for a given user, if you are using Legacy auth (X-DocuSign-Authentication header) then you need to point to the following /login_information endpoint for the live system:
https://www.docusign.net/restapi/v2/login_information
When you get the response you then need to parse the baseUrl value that was returned and use that sub-domain for subsequent API requests. (Note that there are multiple sub-domains in the live system such as NA1, NA2, EU, etc)
The baseUrl that's returned will look something like:
https://na2.docusign.net/restapi/v2/accounts/12345/envelopes
Make sure you configure your code to read this sub-domain and use in subsequent requests, otherwise you if you simply use www for instance you will not be hitting the correct account endpoint and you'll receive the "Account lacks permissions" error you're receiving.
Ergin's answer seems to work; however, he does not state which part of the baseUrl to keep after parsing. In his example the baseUrl = "https://na2.docusign.net/restapi/v2/accounts/12345/envelopes" In all subsequent calls after authApi.Login(); use "https://na2.docusign.net/restapi" as the URL and that should eliminate the error message.
Related
I am trying to obtain an access token for use with the SharePoint Rest API. For my organizations base site. I am able to obtain a token and use that token to make subsequent requests successfully.
Next, I followed the same process and created more app permissions for a different site: {{tenant removed}}/sites/testsite. I was initially unable to create the request for the token because the resource parameter was not valid (see image below):
Per the URI encoding standards, I replaced the "/" in the site url with "%2f" and I am able to get a token (see image below):
Next however, the requests using that token to the API fail:
{
"error_description":
"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."
}
In the response header:
3000003;reason="Invalid audience Uri
'00000003-0000-0ff1-ce00-000000000000/{{tenant
removed}}%2fsites%2f{{removed}}#{{realm
removed}}'.";category="invalid_client"
Did I encode the resource incorrectly? What am I missing? How can I use this method to get information from the other site?
I can see many developers making the same assumption when they create requests, since almost all documentation don't point out this scenario. You will be able to obtain a token for the site successfully as long as the resource is in a valid uri format, there is no validation done on the uri itself. Even if you get a token it will not work for any requests.
When fetching the access token for subsites (i.e: {{tenant}}/sites/testsite ). The resource part of the request body does not need to be modified.
So, for example, when you are getting a token for test.sharepoint.com/sites/testsite the resource of the request body should just be:
00000003-0000-0ff1-ce00-000000000000/test.sharepoint.com#{{realm}} (without /sites/testsite)
However, when you make HTTP requests to the API with the token, you should use the full site name. Example:
https://test.sharepoint.com/sites/testsite/_api/web/
I'm trying to request the contents of a Google doc (that I own) using the Google Docs API and the contents would be read to a website. I'm making the following request in Postman:
GET https://docs.googleapis.com/v1/documents/{documentId}?key=API_KEY
where the API_KEY is a key created in Google developer dashboard and is not restricted for now. However, I'm getting the following error:
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
I have made the doc public (read-access without signing in) and enabled the Docs API in the Google developer dashboard. Further, the dashboard is registering these (failing) requests, so something is going through.The answer is probably in the error message, but to me "or other valid authentication credential" means the API key that I'm already using.
I'm asking for advice on how to make this request successfully without needing to use OAuth or server-side code.
I found a workaround answer to my problem, although it didn't solve the problem with the Docs API. I decided to request the text data from a Google Sheet instead, which works fine with
GET https://sheets.googleapis.com/v4/spreadsheets/documentId?key=API_KEY
when the sheet is public and read-only.
Yes you can open the doc programatically using a service account. You need to "share" the doc with the service account email.
Instructions on creating a service account and reading a Google doc: https://www.futurice.com/blog/read-goog-doc-using-service-account
I got this error trying to get an auth token from Sharepoint REST api. My SP is cloud based and I am using Postman to test the requests, as a previous attempt similarly ran into a dead end when much troubleshooting back and forth with Msoft lead no where .. Anyway, I have the following error and I was wondering if anyone could help me figure out what it is or how I can troubleshoot this issue.
error_description: "AADSTS50169: The realm 'realm' is not a configured realm of the current service namespace"
error_codes : 50169
I followed this tutorial
Thanks!
Edit: I went through and started again, this tut seems to be working I guess I may have missed a step (my guess is I didn't correctly configure the app permissions with xml when creating the app)
To do authorization of SharePoint online and use REST API via Postman, here is a solution for your reference:
First: get security Token
Access [https://login.microsoftonline.com/extSTS.srf] via Http Post method. The content of the http request is as follows.
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
utility-1.0.xsd">
<s:Header>
<a:Action
s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>
<o:Security s:mustUnderstand="1"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken>
<o:Username>[username]</o:Username>
<o:Password>[password]</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<a:EndpointReference>
<a:Address>[endpoint]</a:Address>
</a:EndpointReference>
</wsp:AppliesTo>
<t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
The demonstration screenshot in Postman:
And the response content will include a security token as below, we can use this security token to get Access Token of SharePoint.
Second: get Access Token
Here i show you how to get access token of SharePoint online using the security token and SharePoint Rest API.
Access [https://yourdomain.sharepoint.com/_forms/default.aspx?wa=wsignin1.0] via http Post method. The content of the request is the security token that we have got above as below.
And the response as below:
We can see that there are two cookie, rtFa and FedAuth in response header, and these two cookie need to be added to the request in subsequent request.
Third: get Request Digest
Access [https://yourdomain.sharepoint.com/_api/contextinfo] via http Post method with that two cookies which we have got above.
And the response as below:
This is the final Token we want!
Then we can use REST API of SharePoint, we only need to add this token and the previous two cookie, as shown in the following figure.
I have a Logic App with an HTTP initial trigger that is all set up:
When I make the POST to the URL that is given to me (looks like https://___.azure.com/workflows/___/triggers/manual/paths/invoke?____), I get back:
{"error": {
"code":"AuthorizationFailed",
"message":"The authentication credentials are not valid."
}}
For this case, I need to accept anonymous calls.
Where in the Azure Portal do I setup the permissions for this?
The closest I've found is the "Access Control Configuration", and it is set like this:
Logic Apps does not allow anonymous calls, you are required to provide the SAS key, which is provided in Url generated on the request card.
Found the issue. My client-side code was appending a parameter to the URL without realizing the URL already had query parameters. As such, it was adding to the last parameter rather than adding a new parameter. With that fixed, the call works.
Yes, the URL that will be present at the callbacK URL while creating should work, Does your URL has SP, sv and sig query paramemters?
I used to get user image through this URL
https://plus.google.com/s2/photos/profile/(user_id)?sz=150
but now what all I am getting is 404 error or no image. I know google has changed its policies and way it connects and allows other to get information, but I didn't anything to achieve same result as above.
Note: I can't use authenticate thing here since I am showing image of users to other users which are not connected at all.
OR in other way user may be not coming from Google log-in but I need to show other Google users images only.
Any help would be highly appreciated!!!
Edit:
I have checked through people.get method
https://www.googleapis.com/plus/v1/people/11595...3592320?key=AIzaSyCkdmtNN1XDg....EpepOIIs
but I am getting error saying
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "accessNotConfigured",
"message": "Access Not Configured. Please use Google Developers Console to activate the API for your project."
}
],
"code": 403,
"message": "Access Not Configured. Please use Google Developers Console to activate the API for your project."
}
}
Edit: I have this already enabled since I am using Google+ log-in already in my site, here I am attaching screenshot:
Earlier I have also the same problem for my site after so much of research and efforts I found solution from my self and i hope that will also work for you and solve your problem:
Old Trick
Google had changed their policy so the old trick for getting the Google profile image will not work now.
e.g https://plus.google.com/s2/photos/profile/(user_id)?sz=150
New Trick
Get Request:
https://www.googleapis.com/plus/v1/people/115950284...320?fields=image&key={YOUR_API_KEY}
Response :200 OK
{
"image":
{
"url": "https://lh3.googleusercontent.com/-OkM...AANA/ltpH4BFZ2as/photo.jpg?sz=50"
}
}
Where YOUR_API_KEY is your Public API Access key which is generated through Credentials under APIs & Auth from https://console.developers.google.com/
And While creating Public API access key you can choose Referers URL's from which this request should be made but for checking you should try by not adding any URL to it, if it works then go with URL of your site.
You can choose other fields to send with URL which you may need from here.
Happy Coding!!!
You can get this information using the people.get Google+ API call and specifying the userid of the user you want information for. This will include an image.url field which you can use and resize as appropriate.
Since this is public information for a user, you don't need the user to authenticate to access it. You do, however, need an API Key which you will add to the end of the URL used in the API call.
You can get an API Key by going to https://console.developers.google.com/ under the "APIs and auth" section and "Credentials" subsection. You can then click on the button under "Public API Access" that says "Create New Key".
The URL you'll use to get the info will look something like
https://www.googleapis.com/plus/v1/people/1234567890?key=api_key
and you'll get back a JSON object with the profile info.
Update:
Make sure you have also enabled the Google+ API in the developes console. You can get to this through https://console.developers.google.com/, under the "APIs and auth" section and "API" subsection, you can find the "Google+ API" on the list and turn it on.