I'm building up a mash up retrieving by api
calls the feed from instagram/twitter/facebook
api by hashtag.
I don't have any problems to get a secure url
for the profile picture for twitter and
facebook but for instagram I do.
I tried with:
http://images.ak.instagram.com/profiles/profile_251686283_75sq_1352714126.jpg
https://images.ak.instagram.com/profiles/profile_251686283_75sq_1352714126.jpg
but it doesn't work :(
UPDATE
I do an api call with
https://api.instagram.com/v1/tags/mycoolhashtag/media/recent?count=100&access_token=my_access_token
I get
http://images.ak.instagram.com/profiles/profile_251686283_75sq_1352714126.jpg
but I need a secure url and this
https://images.ak.instagram.com/profiles/profile_251686283_75sq_1352714126.jpg
doesn't work
I need a secure url because all the stuff runs in a facebook app
therefore with a https protocol and I don't find the way to get it !
You can use their S3 bucket - distillery. It's not part of CDN but it will give a valid SSL functions
https://distillery.s3.amazonaws.com/profiles/profile_183641024_75sq_1372016363.jpg
You can obtain the https url of a profile picture, given the http one the API gave you, as follows:
profile_picture.sub(%r{http://photos-([a-z]).ak.instagram.com}, 'https://igcdn-photos-\1-a.akamaihd.net')
For example:
http://photos-h.ak.instagram.com/hphotos-ak-xaf1/t51.2885-19/11325003_523023611188279_332538806_a.jpg
gets mapped to:
https://igcdn-photos-h-a.akamaihd.net/hphotos-ak-xaf1/t51.2885-19/11325003_523023611188279_332538806_a.jpg
As of September 2015, Instagram's /v1/users/{user-id} endpoint returns HTTPS URLs by default for the user's profile_picture, served from https://scontent.cdninstagram.com. You should be good to go!
UPDATED ANSWER: You cannot just decide to start using HTTPS and have everything be made secure if the server at the other end doesn't support it, which, it looks like in this case, Instagram does not (other than account related operations like login & edit profile).
It seems you'll have to find another way from making this call from within your facebook app, which I am not familiar with at all, sorry
OLD ANSWER: Not quite sure what you're asking, but when I get data back from Instagram the profile picture is always a HTTP URL.
For example:
"user": {
"username": "theserv",
"website": "",
"profile_picture": "http://images.ak.instagram.com/profiles/profile_239265119_75sq_1387243654.jpg",
"full_name": "Diane Alexandra",
"bio": "",
"id": "239265119"
}
Are you saying you can't access either of the URL's that you posted? Both do work for me, but the https gives a warning about non-secure content, understandably
Related
I was trying to do some simple authorization for ameritrade's developer platform. I was attempting.
According to the platform, the Endpoint I need to access is is:
https://auth.tdameritrade.com/auth?response_type=code&redirect_uri={uri}&client_id={client_id}}%40AMER.OAUTHAP
https://developer.tdameritrade.com/content/simple-auth-local-apps
When looking at the client_id, for the dev application, I was noticing that they may actually be referencing the Applications, Consumer Key instead? So i did just that, but when attempting to query the information, it returns: A third-party application may be attempting to make unauthorized access to your account. The reason why i think it is the consumer key, is listed at: https://developer.tdameritrade.com/content/getting-started
So I ended up doing something like:
from urllib.parse import urlencode, quote_plus
url = "https://auth.tdameritrade.com/auth?response_type=code&redirect_uri={uri}&client_id={client_id}}%40AMER.OAUTHAP".format(
uri=urlencode("http://localhost", quote_via=quote_plus),
client_id="JHBDFGJH45OOUDFHGJKSDBNG" #Sample
)
I dont think this is because I am currently in a different country currently, I think that something else is wrong here.
It doesnt follow through with it, but instead returns a 400 error with that information. Im not sure whats wrong though.
This happens when you copied the callback URI incorrectly. Imagine if this were a client application, and TD detected that the application is trying to send the user to a different URL than the app is configured with. If they send the callback request to that application, it will receive the token and gain full control over your account.
Have you double and triple checked that you're copying the callback URL correctly, protocol name, ports, and trailing slashes and everything? Also, consider using an API library instead of writing your own. You can find documentation about this specific error here.
I had this issue and I solved it using simply using http://127.0.0.1 on the call back URI of the App.
I then used below URL and it worked as expected.
https://auth.tdameritrade.com/auth?response_type=code&redirect_uri=http%3A%2F%2F127.0.0.1&client_id={MyConsumerKey}%40AMER.OAUTHAP
Just in case anyone is still having this problem, make sure the callback URI is spelled EXACTLY the same as you specified when creating the app. I was having this problem because I set the callback on the TD developer website to "https://localhost/" and used "https://localhost" in the URL instead (missing the slash at the end). As soon as I added the slash at the end, it worked.
I found out that the issue is caused by the way the callback URL is set. It have to be exactly the same as the callback URL you have typed in at the apps details on the TD developer API page. I tried several permutations and indeed to get the authorization to work both have to be the same. eg. https or http.. end with '/' or does not, it matters. There is also no need to URL encode it.
I am implementing google reCaptcha. In the Google documentation, they say the way to do it. The documentation suggests server side validation of captcha. I wanted to know why we need to verify it in the server side as it is already verified in the UI side from the google server. Is it a suggested to implement captcha in the UI side alone with no validation in the server? What are the problems(if any) if done in UI alone.
a example would be: you're creating a register form and want to prevent bots to create a account on your site, you need to verify it serverside, because in the background you're sending a request which will look something like this:
POST /register 1.1 HTTP
Host: www.example.com
{"username":"example","email:"hey#gmail.de","captcha-token":"123984f729340fmu2q34f9"}
and if you dont send the captcha-token with the request or the server doesnt validate it, this bot could just spam this request without loading the frontend page. Please mind in head, that bots dont visit your "UI" (frontend page). Just verify everything serverside like text length, bad characters, rate limits...
I am seeing this error from my live server using the Instagram API.
{
"Error":true,
"message":"Matching code was not found or was already used."
}
I have read a few suggestion on here to clear cache but that isn't fixing the issue. I am also unable to submit a support ticket directly on the Instagram site as I am receiving an error message while attempting to submit a ticket.
There are a bunch of developers complaining about the same issue at https://news.ycombinator.com/item?id=13178789. I don't think unchecking "Disable implicit OAuth" fixes the issue as I have already tried that and it didn't work.
The best thing you can do is to submit a report to instagram using your client id to put some pressure on their side to fix this issue.
I have the same issue, I guess it's from Instagram I reported an issue from my client panel in developer > manage clients > Report issue.
You can do they resolve this issue as soon as possible.
There is definitely a problem with the Instagram OAuth flow. The returned authorization code doesn't seem to work for some reason, it's very likely a network related problem that they need to fix on their end.
My theory is that the authorization code generated is not distributed to all Instagram API servers, and if you happen to hit a bad node then you're out of luck.
However, I recently found a solution that doesn't rely on the authorization code. If you use the client-side authentication then you'll be able to retrieve the access token without ever using the authorization code. It's less secure but works great as a temporary fix.
You simply change response_type=code to response_type=token. The token response type will redirect the user back to your website using this URL structure:
http://your-redirect-uri#access_token=ACCESS-TOKEN
I recommend fetching the access token from the URL client-side using JavaScript, and then passing it to an endpoint on your website. E.g. /callback?accesstoken={accessToken}. This is required because the content in the hash is not passed to the server.
Example:
<script>
if (window.location.hash && window.location.hash.indexOf('#access_token=') !== -1) {
var accessToken = window.location.hash.replace('#access_token=', '');
window.location.href = '/callback?accesstoken=' + accessToken;
}
</script>
The code snippet above is copied and slightly modified from the solution at https://news.ycombinator.com/item?id=13178789
You can read more about Instagram client side authentication on https://www.instagram.com/developer/authentication/ under Client-Side (Implicit) Authentication
I just had the same issue. Not sure why, but for me the code returned from oauth/authorize/? had 2 special characters at the end - "#_". After removing these my code worked.
This is due to security restrictions in place on your Instagram app. You can choose to allow it by unchecking "Disable implicit OAuth" for your Instagram app, under the Security tab.
I have some java code that retrieves blogs through the REST API's. I am not using the social business toolkit, but we have our own framework for that.
The application works perfectly on an on-premise connections environment and has worked on multiple versions.
However when switching to Connections Cloud, some parts stopped worked.
We get a 403 - Forbidden exception on 2 occasions:
Getting the details of a blog post: /blogs/[blog-id]/feed/entry/atom?entryid=[entry-id]
Getting images inside the blog post: /blogs/[blog-id]/resource/BLOGS_UPLOADED_IMAGES/[image file name]
I have fixed issue 1) by switching to the plublishing API: /blogs/[blog-id]/api/entries/[entry-id].
I cannot find a way to fix issue 2). I have also found 2 other image urls:
https://apps.ce.collabserv.com/blogs/[blog-id]/api/media/[file-name]
https://apps.ce.collabserv.com/blogs/[blog-id]/api/media/BLOGS_UPLOADED_IMAGES/[file-name].media
Both return:
<sp_0:error xmlns="http://incubator.apache.org/abdera" xmlns:sp_0="http://incubator.apache.org/abdera">
<code>404</code>
<message>Not Found</message>
</sp_0:error>
I want to authenticate by using Basic Authentication when possible. This does not appear to work with the given 403 urls.
My guess is that this the basic authentication header is not picked up. I have seen this before.
I used to fix this by first calling another URL that does support basic authentication and using the Ltpa cookies to authenticate the image url.
This also does not work: I do get LtpaTokens, but when I pass all the cookies to the URL, the image still does not work.
I prefer not to use OAuth of OAuth 2 at this moment. Is there any other way to fix this?
Anybody else managed to retrieve BLOGS_UPLOADED_IMAGES?
The issue is can also be reproduced in a browser.
Make sure you are not yet authenticated and the blog has posts with
images
Go to /blogs/[blog-id]/api/media
Authenticate using the popup in the browser The Atom feed now appears. This contains the images of your blog.
403 when opening:
/blogs/[blog-id]/resource/BLOGS_UPLOADED_IMAGES/[image]
404 xml when opening: /blogs/[blog-id]/api/media/* links
A few days ago, I was playing around with a local API(not Google) and it required me to provide a Redirect Uri while trying to setup my app in their dashboard.
I did some googling and top searches led me to oAuth2.0 and Google Developer's website. But this API I'm using is not related with any of Google's so I thought it won't be relevant.
Is the setup of Redirect Uri for most APIs universal or almost the same? What programming languages can I use to implement this?
The description also says I need to parse a subscriber_number and access_token in JSON format. How do I do that?
Please note that I have already found a free hosting site via Firebase and have provided my own link. I also did the initial steps from another user to fire the required access_token that I needed to parse from the Redirect Uri. But accessing it from the browser right after triggering doesn't give me anything. I'm so clueless. Any help is much appreciated!