I am trying to create a webhook for my survey using the API -
https://developer.surveymonkey.com/api/v3/#webhooks.
However, I am getting an out of scope - permission denied to the request.
P.S. : My account with SurveyMonkey is under GOLD PLAN.
Please help.
You need to make sure you are requesting the webhooks scopes in your app settings.
Go to https://developer.surveymonkey.com/apps/ find the app you are working with and click "Settings".
You should see a scopes section like this:
Make sure view/create webhooks are set to required. Then you can use the auto-generated access token, or when doing oauth approve the app and you'll have access to those scopes.
Related
Unable to use Microsoft Graph API to create or update SharePoint list items with client credentials access token (getting access token with out a user), I get the following error,
I'm able to successfully call GET and DELETE methods with the same access tokens for the same site/list, additionally I'm able to call all methods GET/POST/PATCH/DELETE for the same site/list using the user generated access token.
For my use case I need to able to create/update list items with out user access so, followed this article - https://learn.microsoft.com/en-us/graph/auth-v2-service, API has required permissions granted in the application
can't seem to find any documentation on what exactly I'm missing, looks like POST/PATCH endpoints are looking for some user info in the token, but client crendentials do not have any user info so not sure what to do next, Here's the documentation I'm following https://learn.microsoft.com/en-us/graph/api/listitem-create?view=graph-rest-1.0&tabs=http & I've tried using the .net graph client SDK as well and I get the same error message for both POST/PATCH requests.
Any help on how to successfully create/update sharepoint list items via graph api using client credential token would be highly appreciated.
Followed this article in setting up the application in azure ad - https://learn.microsoft.com/en-us/graph/auth-v2-service, Added app roles are as highlited in this article https://learn.microsoft.com/en-us/answers/questions/756563/app-roles-in-client-credentials-scope-in-azure-b2c.html but no luck.
Hope you are not using delegated permission in your personal account ,
Looks like there is something wrong with your API call ,make sure you are using the correct API call - https://graph.microsoft.com/v1.0/sites/{site-id}/lists/{list-id}/items
You can also Try to create and Update in graph explorer- https://learn.microsoft.com/en-us/graph/api/listitem-create?view=graph-rest-1.0&tabs=http#example .
Hope this helps
Thanks
I have a demo / bogus azure function app that by default is open to anyone. It has a hello world function. Its using "AuthorizationLevel.Anonymous"
So far so good - it's wide open and anyone can call it.
Now I need to ensure that only users within our organization can consume this API. So I followed this tutorial: https://learn.microsoft.com/en-us/azure/app-service/scenario-secure-app-authentication-app-service
When I try to call my demo function from a browser I get a 401 unauthorized error which is a good thing I guess - that's what I requested when unauthorized users try to hit my API.
From what I've read, I in order to call this API now, I have to pass it a token. But this is where it's not clear to me how / where I get this token.
If I create the new application registration and change the "Unauthenticated requests" from the 401 to 302 option, it correctly redirects me to the Microsoft Login prompt when I try to call my API. I enter my creds and then the function works.
The issue is that the callers of my API will be doing so programmatically and not manually by a person.
So far I've been checked all the related links listed in that tutorial but I haven't found what I'm looking for. Or maybe I missed it.
Any tips would be appreciated. I think I just need to read the right article / doc that will help me understand the big picture for this specific use case.
Thanks.
EDIT 1
In case it helps, here's a screen shot of the output from my integration assistant wizard. I selected "web api" as the type of application I'm trying to build:
From the documentation you posted:
"In the App Service authentication settings section, leave Authentication set to Require authentication and Unauthenticated requests set to HTTP 302 Found redirect: recommended for websites."
If that's set then there's something wrong with the website.
I am trying to use "https://graph.microsoft.com/v1.0/me/events" or "https://graph.microsoft.com/v1.0/me/onlineMeetings" to create online meeting programmatically.
I used help from many resources specially this
https://vikrantsdynamicsblogs.wordpress.com/2020/03/28/programmatically-create-the-teams-meeting/.
I have used this API to get token using password grant type
"https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token" but the problem happened when I am calling "https://graph.microsoft.com/v1.0/me/onlineMeetings" I got 403 Forbidden
and when I am trying to call "https://graph.microsoft.com/v1.0/me/events" using the same access token I am getting this response
I have added delegate permission from Azure portal
Any Ideas why both are not working with me?
Authorization errors can occur as a result of several different issues, most of which generate a 403 error (with a few exceptions). We could refer to this doc to resolve Microsoft Graph authorization errors.
We cannot create online meeting via personal Microsoft account, if you are using work or school account, we need to ensure the account has the permission: OnlineMeetings.ReadWrite, if you are create online meeting via Application, we need OnlineMeetings.Read.All and OnlineMeetings.ReadWrite.All* permission, check this Create onlineMeeting and Online meetings permissions for more details.
I am trying out Docusign sandbox environment in which I have created an integrator key with appropriate redirect uri
When I request the api:
https://admindemo.docusign.com/oauth/auth?response_type=id_token&scope=open_id&client_id=<integrator-key>&state=custom&redirect_uri=https://webhook.site/1b7aba4c-f96f-41e1-922d-2d8d38392208&admin_consent_scope=impersonation
Docusign does not redirect to the redirect-url, but opens the Docusign admin page.
If I request the URL:
https://account-d.docusign.com/oauth/auth?response_type=id_token&scope=open_id&client_id=<integrator-key>&state=custom&redirect_uri=https://webhook.site/1b7aba4c-f96f-41e1-922d-2d8d38392208&admin_consent_scope=impersonation
Then I get the error:
You are not an organization admin. Please contact your DocuSign Administrator
response_type=id_token is invalid. The response type should be code. Unfortunately, the 'Obtaining Consent' documentation still references this incorrect value.
scope=open_id can only be used if your account is associated with an Organization, and if you are an Organization Administrator. If your account is not under an Organization, you'll need to use the individual consent workflow, which means scope should be signature impersonation and the admin_consent_scope parameter should be removed.
If you would like to create an Organization in the sandbox environment, you will need to open a case with DocuSign Support requesting that functionality be added to your Demo account. To have that enabled in Production, you'll need to contact your Account Manager or the Sales team.
Your question is not so clear -- please update your question if this answer is in the wrong direction.
I think you are trying to implement the oauth authorization code grant flow and are having a problem.
The starting url for DocuSign for the oauth auth code grant flow:
For the developer sandbox environment: https://account-d.docusign.com/oauth/auth
For the production platforms: https://account.docusign.com/oauth/auth
Also, why are you including the admin_consent_scope query parameter?
Hopefully this answer regarding the correct url will help. If so, then ask a NEW question if you run into any future issues.
Developer documentation
My goal is to list the calendar events of an Office 365 group using the Microsoft Graph API.
The endpoint used is https://graph.microsoft.com/v1.0/groups/{id}/events based on the documentation. Using the Graph Explorer, I'm able to get the information with my delegated permissions. The problem is when I make the same call using application permissions. I'm positive JWT token contains the required roles to make the call (Group.Read.All, Group.ReadWrite.All) but I'm getting the following error:
Access is denied. Check credentials and try again
Curiously enough, I'm able to get the group /v1.0/groups/{id} but whatever is related to it's calendar and events isn't accessible.
Using application permissions to look at group resources/contents is not currently supported. Please see known issues here: https://developer.microsoft.com/en-us/graph/docs/concepts/known_issues#groups-and-microsoft-teams.
If this is required for your scenarios, please vote for
https://officespdev.uservoice.com/forums/224641-feature-requests-and-feedback/suggestions/18747862-app-authentication-to-retrieve-conversation-messag or
https://officespdev.uservoice.com/forums/224641-feature-requests-and-feedback/suggestions/16851937-allow-application-only-consent-to-read-conversation
Both of which are about app-only access to group conversations (similar to group events).
Otherwise please create a new user voice request.