I am trying to connect to Intuits v3 REST api, using node.js. I am using SuperAgent and superagent-oauth to make the requests. I generated the access tokens using Intuits Oauth playground. But I keep getting "ApplicationAuthenticationFailed; errorCode=003200; statusCode=401"
This is what I am using.
var OAuth = require('oauth')
,request = require('superagent');
require('superagent-oauth')(request);
var oauth = new OAuth.OAuth('','', consumerKey, consumerSecret, '1.0.A', null, 'HMAC-SHA1')
request.get("https://quickbooks.api.intuit.com/v3/company/672198300/customer/102")
.set('Content-Type', 'text/plain')
.accept('json')
.sign(oauth,accessToken,accessTokenSecret )
.end(function (err, res) {
console.log(res.text)
})
and here is the response
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<IntuitResponse time="2014-06-14T18:33:49.228-07:00" xmlns="http://schema.intuit.com/finance/v3">
<Fault type="AUTHENTICATION">
<Error code="3200">
<Message>message=ApplicationAuthenticationFailed; errorCode=003200; statusCode=401</Message>
</Error>
</Fault>
Can anyone shed any light on what is happening?
You could use the node.js client library
Like most other clients, that would save you from manually building http requests. Just provide the application credentials and the individual user credentials and you can simply call methods on a Javascript object. All of the REST endpoints have corresponding methods on the QuickBooks object, which follows node.js convention and takes an optional callback as the last argument.
SOlVED!
I used Postman to create the request. And it worked. Then I checked the oAuth header Postman had generated against the one I was generating with node ( I used requestBin to see the header of my request ). I discovered that the only real difference was that I was using "1.0A" as the version. Changing that to "1.0" worked!
var oauth = new OAuth.OAuth('','', consumerKey, consumerSecret, '1.0', null, 'HMAC-SHA1')
I do not have anything for ou in node.js but can provide you with raw request and response for the calls. Compare your raw requests against this. The signature should be double encoded.
Get Request token call-
GET https://oauth.intuit.com/oauth/v1/get_request_token?oauth_callback=oob&oauth_nonce=34562646-ab97-46e1-9aa7-f814d83ef9d1&oauth_consumer_key=qyprd7I5WvVgWDFnPoiBh1ejZn&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1392306961&oauth_version=1.0&oauth_signature=0EtvSnzsuumeyib2fiEcnSyu8%3D HTTP/1.1
Host: oauth.intuit.com
HTTP/1.1 200 OK
Date: Thu, 13 Feb 2014 15:56:03 GMT
Server: Apache
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 150
Connection: close
Content-Type: text/plain
oauth_token_secret=dXhHHMS1EfdrQ32UabOMscIRWt5bLJNX3ZKljjBc&oauth_callback_confirmed=true&oauth_token=qyprdbwXdWrAt0xM2NgkLlJ79yCp4I2SmDg7tahDBPjA6Wti
Get Access Token-
GET https://oauth.intuit.com/oauth/v1/get_access_token?oauth_verifier=b4skra3&oauth_token=qyprde5fvI7WNOQjTKYLDzTVxJ2dLPTgQEQSPlDVGxEy9wZX&oauth_nonce=f20a5a4b-3635-40a8-92cf-697dfdb07b9d&oauth_consumer_key=qyprd7I5WvVgJZUvWDFnPoiBh1ejZn&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1392397399&oauth_version=1.0&oauth_signature=gEVHttlM8IBAAkmi1dSNJgkKGsI%3D HTTP/1.1
Host: oauth.intuit.com
HTTP/1.1 200 OK
Date: Fri, 14 Feb 2014 17:03:20 GMT
Server: Apache
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 120
Connection: close
Content-Type: text/plain
oauth_token_secret=474gtp6xsFzNJ1EhrrjiHrTH96xXieaRLinjPomA&oauth_token=qyprdNIpWn2oYPupMpeH8Byf9Bhun5rPpIZZtTbNsPyFtbT4
Related
I have an active and functional Go Live account. When I use it in my development environment (localhost) I can retrieve the token and send the envelope to the recipients. When I try to use it in the production environment, I can recover the token but I cannot send the envelope. It returns the error to me:
POST https://na2.docusign.net:8822/restapi/v2.1/accounts/xxXXXxxXXxx/envelopes
TraceToken: 03e22f1f-0454-42a5-9e71-337ebf1dd39f
Timestamp: 2020-02-07T19:28:16.4891717Z
Content-Length: 0
Content-Type: application/json
Accept: application/json
Authorization: Bearer [omitted]
Host: na2.docusign.net
User-Agent: Swagger-Codegen/2.0.1/php
Content-Transfer-Encoding: base64
X-DocuSign-SDK: PHP
X-SecurityProtocol-Version: TLSv1.2
X-SecurityProtocol-CipherSuite: ECDHE-RSA-AES256-GCM-SHA384
x-forwarded-for: 34.73.119.92
400 BadRequest
Content-Type: application/json; charset=utf-8
Content-Length: 82
X-DocuSign-TraceToken: 03e22f1f-0454-42a5-9e71-337ebf1dd39f
{"errorCode":"UNSPECIFIED_ERROR","message":"Non-static method requires a target."}
I don't think it's a coding problem because it works well in the development environment
If this is the entire API log, the issue is that your API call does not have a body. Since you're using an SDK, this means that an empty or otherwise invalid EnvelopeDefinition was passed into your CreateEnvelope method.
Due to constraints of current project, I am having to write the WebSocket protocol by hand in C++. I am able to get the authorization key, but when I try to upgrade the next socket connection, the server stalls after getting a completed MIME header. Then when I send anything after it, I get a 400 error. I do not get an acknowledgement from the server that the connection has been upgraded to a WebSocket. Here is a dump:
=========================================================================
POST /sts/v1.0/issueToken HTTP/1.1
Accept: */*
Connection: Keep-Alive
Content-Length: 0
Content-Type: application/x-www-form-urlencoded
Host: api.cognitive.microsoft.com
Ocp-Apim-Subscription-Key: 21cedc8aaab847369294240b2122b08d
Origin: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapi.cognitive.microsoft.com&data=04%7C01%7Cv-lufil%40microsoft.com%7C427ffe760b7a4f6ffe6a08d4d8fa0613%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636372015735060988%7CUnknown%7CVW5rbm93bnx7IlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiT3RoZXIifQ%3D%3D%7C-1&sdata=823HpmiJeZ54tzq6CpX86ZS8B0yUiOYSNMXvrmDSunA%3D&reserved=0
User-Agent: Gideon/0.0.1
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 495
Content-Type: application/jwt; charset=us-ascii
Expires: -1
Server: Microsoft-IIS/8.5 Microsoft-HTTPAPI/2.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
apim-request-id: 00fe24bc-ba53-4d91-9363-ea7fddfe2a5a
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Operation-Location
Date: Tue, 01 Aug 2017 15:21:40 GMT
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzY29wZSI6Imh0dHBzOi8vc3BlZWNoLnBsYXRmb3JtLmJpbmcuY29tIiwic3Vic2NyaXB0aW9uLWlkIjoiZmMwOGVlNGM5ZmNkNGI0MWFmNTZiNzJmZDliZTE4ZWEiLCJwcm9kdWN0LWlkIjoiQmluZy5TcGVlY2guUHJldmlldyIsImNvZ25pdGl2ZS1zZXJ2aWNlcy1lbmRwb2ludCI6Imh0dHBzOi8vYXBpLmNvZ25pdGl2ZS5taWNyb3NvZnQuY29tL2ludGVybmFsL3YxLjAvIiwiYXp1cmUtcmVzb3VyY2UtaWQiOiIiLCJpc3MiOiJ1cm46bXMuY29nbml0aXZlc2VydmljZXMiLCJhdWQiOiJ1cm46bXMuc3BlZWNoIiwiZXhwIjoxNTAxNjAxNDk5fQ.2RQhid_B45fN5M2BmUlodhIe4Xxx71Ws1b03JylERUw
=========================================================================
POST /speech/recognition/dictation/cognitiveservices/v1?language=en-US HTTP/1.1
Accept: */*
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzY29wZSI6Imh0dHBzOi8vc3BlZWNoLnBsYXRmb3JtLmJpbmcuY29tIiwic3Vic2NyaXB0aW9uLWlkIjoiZmMwOGVlNGM5ZmNkNGI0MWFmNTZiNzJmZDliZTE4ZWEiLCJwcm9kdWN0LWlkIjoiQmluZy5TcGVlY2guUHJldmlldyIsImNvZ25pdGl2ZS1zZXJ2aWNlcy1lbmRwb2ludCI6Imh0dHBzOi8vYXBpLmNvZ25pdGl2ZS5taWNyb3NvZnQuY29tL2ludGVybmFsL3YxLjAvIiwiYXp1cmUtcmVzb3VyY2UtaWQiOiIiLCJpc3MiOiJ1cm46bXMuY29nbml0aXZlc2VydmljZXMiLCJhdWQiOiJ1cm46bXMuc3BlZWNoIiwiZXhwIjoxNTAxNjAxNDk5fQ.2RQhid_B45fN5M2BmUlodhIe4Xxx71Ws1b03JylERUw
Connection: upgrade
Content-Length: 8002
Content-Type: audio/wav; codec=audio/pcm; samplerate=16000
Host: speech.platform.bing.com
Path: audio
Sec-WebSocket-Key: Z2lkZW9ucm9ja3MK
Transfer-Encoding: chunked
Upgrade: websocket
User-Agent: Gideon/0.0.1
X-RequestId: 21cedc8aaab847369294240b2122b08d
X-Timestamp: 2017-08-01T15:21:40
HTTP/1.1 400 Bad Request
Exception: 4xx Client failure
Note that the server does not reply despite getting two "\r\n" to indicate an end of MIME header. When I send anything afterwards I get a 400 error.
According to your dump logs, it seems that you want to use Microsoft's Speech Service to convert the speech to text.
By using Microsoft's Speech Service,the 400 error means you don't have applied all the required parameters and HTTP headers and that the values are correct.
I found your request missed the X-ConnectionId in your request.
According to this article:
The Microsoft Speech Service requires that all clients include a unique id to identify the connection. Clients must include the X-ConnectionId header when starting a web socket handshake. The X-ConnectionId header value must be a universally unique identifier. Web socket upgrade requests that do not include the X-ConnectionId, that do not specify a value for the X-ConnectionId header, or that do not include a valid universally unique identifier value will be rejected by the service with a 400 Bad Request response.
So I suggest you could add the identify id and test again.
One of our applications is tested by Whitehat Sentinel and one of their findings was that in some cases our response header for Server is set to:
Microsoft-HTTPAPI/2.0
I have tried accessing the URL they identified with Postman and Fiddler but I do not see the Server header. I have also tried an online web sniffer http://web-sniffer.net/
Can someone advise how I can see this header?
In Chrome Network tab I see these headers
HTTP/1.1 404 Not Found
Content-Type: text/html
Strict-Transport-Security: max-age=300
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Date: Thu, 13 Jul 2017 13:59:15 GMT
Content-Length: 1245
No Server header.
The URL reported by Whitehat was not working for me, I changed the target URL to domain.com/%% and this caused the request to be handled by http.sys and it returned the Server attribute.
That is not the name of the header. That is the value found in the Server header when an application serves files over HTTP via http.sys, which is the kernel-mode HTTP server built into Windows.
For example, when serving a file via a C# HttpListener, I get this header:
Server: Microsoft-HTTPAPI/2.0
This header can be disabled by setting the following registry value:
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters
Name: DisableServerHeader
Type: DWORD
Value: 1
I am trying to send a GET request in JMETER. But it's not going through and giving me the following error:
Thread Name: End to End Insight Box test 1-1
Sample Start: 2016-12-07 17:07:28 EST
Load time: 16
Connect Time: 2
Latency: 15
Size in bytes: 28787
Headers size in bytes: 336
Body size in bytes: 28451
Sample Count: 1
Error Count: 1
Response code: 401
Response message: Unauthorized
Response headers:
HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
Content-Length: 28451
ETag: W/"6f23-0bLnx7HfhP7SCnvUxqCu0w"
set-cookie: connect.sid=s%3AaQNcuFY1rAJsD0zK8kzVaUPvpog4nFXP.PD2fB8x8XLvFogGSe6l3l%2BHKQ0Sa0KQKf0qt4zE208I; Path=/; HttpOnly
Date: Wed, 07 Dec 2016 22:07:28 GMT
Connection: close
HTTPSampleResult fields:
ContentType: text/html; charset=utf-8
DataEncoding: utf-8
In the request:
[no cookies]
Request Headers:
Connection: close
content-type: application/json
Host: 192.168.100.194:3001
User-Agent: Apache-HttpClient/4.2.6 (java 1.5)
For this GET request the user needs to login. So I wrote a python script to login using OS process Sampler before this GET request. Still I am having the issue
You most probably forgot to add either a Session cookie or a Token in headers or in parameter.
I'd suggest trying to record the call with Http Test script recorder element (just use the Templates menu and select recording, then start the Recorder)
This will create for you the Http Sampler with the parameters or headers required.
You will just have to make it dynamic then by extracting it from the response it appeared in and injecting it the the request that is failing.
When I punch in the URL for a secured database it displays the following message on the page:
{"error":"unauthorized","reason":"You are not authorized to access this db."}
Although this message certainly gets the point across I would prefer to redirect the user to a different page, like a login page. I've tried changing the authentication_redirect option in the couch config but no success. How would I go about doing this?
Authentication redirect is only works if client explicitly accepts text/html content type (e.g. sends Accept: text/html header):
GET /db HTTP/1.1
Accept: text/html
Host: localhost:5984
In this case, CouchDB will send HTTP 302 response instead of HTTP 401 which redirects on your authentication form, specified with authentication_redirect configuration option:
HTTP/1.1 302 Moved Temporarily
Cache-Control: must-revalidate
Content-Length: 78
Content-Type: text/plain; charset=utf-8
Date: Tue, 24 Sep 2013 01:32:40 GMT
Location: http://localhost:5984/_utils/session.html?return=%2Fdb&reason=You%20are%20not%20authorized%20to%20access%20this%20db.
Server: CouchDB/1.4.0 (Erlang OTP/R16B01)
{"error":"unauthorized","reason":"You are not authorized to access this db."}
Othewise CouchDB doesn't know was request send by human from browser or by application library. In the last case redirecting to the HTML form instead of raising HTTP error isn't suitable solution.