I want to connect to the seller partner api in python using boto3.
The steps assumeRole to get temporary credentials for a session client I get. But sp-api is not in the list of aws services to handle with boto3. Is there a reference for the sp-api to use with python or what would be the equivalent to s3 = boto3.client('s3') for the sp-api?
I had also issues and questions like you have, I managed to connect successfully, maybe this can help:
import boto3
# ======== GET AUTH ========
# Credentials for user created following the docs
amw_client = boto3.client(
'sts',
aws_access_key_id=self.access_key,
aws_secret_access_key=self.secret_key,
region_name=self.region
)
# ROLE created following the docs
# STS assume policy must be included in the role
res = amw_client.assume_role(
RoleArn='arn:aws:iam::xxxx:role/xxxx',
RoleSessionName='SellingPartnerAPI'
)
Credentials = res["Credentials"]
AccessKeyId = Credentials["AccessKeyId"]
SecretAccessKey = Credentials["SecretAccessKey"]
SessionToken = Credentials["SessionToken"]
from requests_auth_aws_sigv4 import AWSSigV4
aws_auth = AWSSigV4('execute-api',
aws_access_key_id=AccessKeyId,
aws_secret_access_key=SecretAccessKey,
aws_session_token=SessionToken,
region=self.region
)
import requests
# ======== GET ACCESS TOKEN ======
body = \
{
'grant_type': 'refresh_token',
'client_id': amazon_app_client_id,
'refresh_token': amazon_app_refresh_token,
'client_secret': amazon_app_client_secret
}
h = {'Content-Type': 'application/json'}
access_token_response = \
requests.post('https://api.amazon.com/auth/o2/token', json=body, headers=h)
access_token = self.access_token_response.json().get('access_token')
# ======== CONSUME API ========
resp = requests.get(
request_url, auth=aws_auth, headers={'x-amz-access-token': access_token})
Let me know if I can help further :)
Related
I am trying to reach my automL model prediction endpoint that I have setup, I have created a service account and added the correct role to it, now I am trying to call the endpoint in Python, but I am not sure how to call it: Here is what I have tried. The key file is downloaded from google so it's good.
from google.oauth2 import service_account
project_id = 'aaa'
endpoint_id = 'bbb'
with open('./ServiceAccountKey.json') as source:
info = json.load(source)
credentials = service_account.Credentials.from_service_account_info(info)
scoped_credentials = credentials.with_scopes(
['https://www.googleapis.com/auth/cloud-platform'])
access_token = scoped_credentials.get_access_token()
endpoint = f"https://us-central1-aiplatform.googleapis.com/v1alpha1/projects/{project_id}/locations/us-central1/endpoints/{endpoint_id}:predict"
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer " + access_token}
payload = {}
x = requests.post(endpoint, data = payload, header=headers)
print(x)
The error I get is this:
AttributeError: 'Credentials' object has no attribute 'get_access_token'
Permissions I have given the service account:
The best way is to use the AI Platform Python client library. Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path to your service account file and you are good to go.
Better to not deal with access token and refresh tokens yourself if there is a ready-made library available.
I'm trying to get an access token instead of getting this error message
AdalError: Get Token request returned http error: 400 and server response: {"error":"invalid_grant","error_description":"AADSTS50034: The user account {EmailHidden} does not exist in the XXXXX directory. To sign into this application, the account must be added to the directory.\r\nTrace ID: f18021a8-b10a-40bf-9f0a-7975b38e2300\r\nCorrelation ID: 4f61c8f5-ed06-41f1-8d7b-756dd7c09e10\r\nTimestamp: 2020-12-16 03:27:49Z","error_codes":[50034],"timestamp":"2020-12-16 03:27:49Z","trace_id":"f18021a8-b10a-40bf-9f0a-7975b38e2300","correlation_id":"4f61c8f5-ed06-41f1-8d7b-756dd7c09e10","error_uri":"https://login.windows.net/error?code=50034"}
My python code
import adal
import json
import pyodbc
import requests
AUTHORITY_URL = 'https://login.windows.net/XXXXX'
RESOURCE = 'https://analysis.windows.net/powerbi/api'
CLIENT_ID = 'XXXXX'
userid='nurdin#xxxxx.com.my'
userpassword='xxxxx'
completedtime = []
verify = []
def make_headers(access_token):
return {
'Authorization': 'Bearer {}'.format(access_token)
}
context = adal.AuthenticationContext(AUTHORITY_URL)
token = context.acquire_token_with_username_password(RESOURCE,userid,userpassword,CLIENT_ID)
access_token = token['accessToken']
print(access_token)
Your code works fine on my side, make sure your work account is under the tenant in the AUTHORITY_URL, if not, you could follow this link to create a new user without MFA-enabled.
import adal
AUTHORITY_URL = 'https://login.windows.net/<tenant-id>'
RESOURCE = 'https://analysis.windows.net/powerbi/api'
CLIENT_ID = '<client-id>'
userid='username#tenantname.onmicrosoft.com'
userpassword='xxxxxx'
context = adal.AuthenticationContext(AUTHORITY_URL)
token = context.acquire_token_with_username_password(RESOURCE,userid,userpassword,CLIENT_ID)
access_token = token['accessToken']
print(access_token)
Is it possible to calling an AppSync mutation with Cognito authentication using Python? How?
I am trying to use boto3, but I don't found a way to execute graphql operations.
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/appsync.html
You can turn your API auth mode to be "API KEY" and call an AppSync mutation with http.
For example.
import requests
import json
APPSYNC_API_KEY = 'da2-xxxxxxxxxxxxx'
APPSYNC_API_ENDPOINT_URL = 'https://xxxxxxxxxxxxx.appsync-api.us-west-2.amazonaws.com/graphql'
headers = {
'Content-Type': "application/graphql",
'x-api-key': APPSYNC_API_KEY,
'cache-control': "no-cache",
}
def execute_gql(query):
payload_obj = {"query": query}
payload = json.dumps(payload_obj)
response = requests.request("POST", APPSYNC_API_ENDPOINT_URL, data=payload, headers=headers)
return response
Imagine you have a model called Items and you can easily make query like below:
if __name__ == '__main__':
print(execute_gql("query { listItems { items { id name } } }").json())
Simply replace the string with the mutation operation.
It appears that idToken from auth response is the only one you need to pass under the Authorization header. Nothing more is required. Auth middleware shouldn't be passed in the Transport object at all. Here is how it finally worked from my side:
import boto3
from gql import gql, Client as GQLClient
from gql.transport.requests import RequestsHTTPTransport
username = "YOUR_USER_NAME"
password = "YOUR_PASSWORD"
authClientId = "YOUR_COGNITO_AUTH_APP_CLIENT_ID"
regionName = "YOUR_REGION_NAME"
appSyncEndpoint = "YOUR_APPSYNC_ENDPOINT"
def authenticate():
cgClient = boto3.client("cognito-idp", region_name=regionName)
response = cgClient.initiate_auth(
ClientId=authClientId,
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": password},
)
return response["AuthenticationResult"]["IdToken"]
def make_client(idToken):
headers = {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Authorization': idToken #<<<< Just an idToken
}
transport = RequestsHTTPTransport(url=appSyncEndpoint,
headers=headers) #<<<< there is no `auth` parameter here at all
client = GQLClient(transport=transport,
fetch_schema_from_transport=False)
return client
creds = authenticate()
queryText = """mutation createMessage($message: String!) {
createMessage(input: {message: $message}) {
id
message
createdAt
}
}"""
asClient = make_client(creds)
result = asClient.execute(gql(queryText))
print(result)
graphql-python/gql supports AWS AppSync since version 3.0.0rc0.
It supports queries, mutation and even subscriptions on the realtime endpoint.
It supports IAM, api key and JWT (for Cognito for example) authentication methods.
The documentation is available here
Here is an example of a mutation using the API Key authentication:
import asyncio
import os
import sys
from urllib.parse import urlparse
from gql import Client, gql
from gql.transport.aiohttp import AIOHTTPTransport
from gql.transport.appsync_auth import AppSyncApiKeyAuthentication
# Uncomment the following lines to enable debug output
# import logging
# logging.basicConfig(level=logging.DEBUG)
async def main():
# Should look like:
# https://XXXXXXXXXXXXXXXXXXXXXXXXXX.appsync-api.REGION.amazonaws.com/graphql
url = os.environ.get("AWS_GRAPHQL_API_ENDPOINT")
api_key = os.environ.get("AWS_GRAPHQL_API_KEY")
if url is None or api_key is None:
print("Missing environment variables")
sys.exit()
# Extract host from url
host = str(urlparse(url).netloc)
auth = AppSyncApiKeyAuthentication(host=host, api_key=api_key)
transport = AIOHTTPTransport(url=url, auth=auth)
async with Client(
transport=transport, fetch_schema_from_transport=False,
) as session:
query = gql(
"""
mutation createMessage($message: String!) {
createMessage(input: {message: $message}) {
id
message
createdAt
}
}"""
)
variable_values = {"message": "Hello world!"}
result = await session.execute(query, variable_values=variable_values)
print(result)
asyncio.run(main())
Question in short: how to get Facebook API access_token with permission
I want to read the reach for specific ad settings from the Facebook API using Python. In order to do so, I need a facebook access token with extended permissions. I use the following function to get a new access token, but the token I get does not have the proper permission levels. So: how to get an access_token with custom permissions, like you can do manually here?
Python example below (problem is actually language independent):
import requests
import json
from facebookads.adobjects.adaccount import AdAccount
from facebookads.api import FacebookAdsApi
from facebookads.adobjects.adset import AdSet
app_id = 'xxxx'
app_secret = 'xxxx'
account_id = 'xxxx'
def get_fb_token(app_id, app_secret):
payload = {'grant_type': 'client_credentials',
'client_id': app_id,
'client_secret': app_secret,
}
file = requests.post('https://graph.facebook.com/oauth/access_token?', params = payload)
string = file.content.decode('utf-8')
json_obj = json.loads(string)
return json_obj['access_token']
access_token = get_fb_token(app_id, app_secret)
account = AdAccount(account_id)
# initiate API
FacebookAdsApi.init(app_id, app_secret, access_token)
# Request reach
targeting_spec = {
'geo_locations': {
'countries': ['nl']
},
}
fb_params = {
'currency': 'EUR',
'optimize_for': AdSet.OptimizationGoal.offsite_conversions,
'targeting_spec': targeting_spec,
}
reach_estimate = account.get_reach_estimate(params=fb_params)
And the error message I get:
(#278) Reading advertisements requires an access token with the extended permission ads_read
Help is highly appreciated!
Try this:
payload = {
'grant_type': 'client_credentials',
'client_id': app_id,
'client_secret': app_secret,
'scope': 'ads_read'
}
file = requests.post('https://graph.facebook.com/oauth/access_token?', params = payload)
Also, you need to redirect to the correct endpoint (https://www.facebook.com/v2.xy/dialog/oauth), not POST to it. You cannot get a User token without user interaction.
I'm trying to upload a file to OneDrive of an MS SharePoint using Python API. I've succeeded in authentication, but I can't get any service_info returned.
I've already looked here and here. I'm experiencing the exact same issues describe there. I've modified my code accordingly, but nothing seems to work.
Here's my complete code.
import onedrivesdk
from onedrivesdk.helpers import GetAuthCodeServer
from onedrivesdk.helpers.resource_discovery import ResourceDiscoveryRequest, ServiceInfo
from onedrivesdk.helpers import http_provider_with_proxy
redirect_uri = 'http://localhost:8080'
client_id='xxxxxxx'
client_secret = 'xxxxxxx'
discovery_uri = 'https://api.office.com/discovery/'
auth_server_url='https://login.microsoftonline.com/common/oauth2/authorize'
auth_token_url='https://login.microsoftonline.com/common/oauth2/token'
proxy = {
'http': 'xxx',
'https': 'xxx'
}
import json
import requests
class AnyVersionResourceDiscoveryRequest(ResourceDiscoveryRequest):
def get_all_service_info(self, access_token, sharepoint_base_url):
headers = {'Authorization': 'Bearer ' + access_token}
response = json.loads(requests.get(self._discovery_service_url,
headers=headers).text)
service_info_list = [ServiceInfo(x) for x in response['value']]
# Get all services, not just the ones with service_api_version 'v2.0'
# Filter only on service_resource_id
sharepoint_services = \
[si for si in service_info_list
if si.service_resource_id == sharepoint_base_url]
return sharepoint_services
sharepoint_base_url = 'https://xxx.sharepoint.com/'
# http = onedrivesdk.HttpProvider()
http = http_provider_with_proxy.HttpProviderWithProxy(proxy, verify_ssl=True)
auth = onedrivesdk.AuthProvider(http,
client_id,
auth_server_url=auth_server_url,
auth_token_url=auth_token_url)
auth_url = auth.get_auth_url(redirect_uri)
code = GetAuthCodeServer.get_auth_code(auth_url, redirect_uri)
auth.authenticate(code, redirect_uri, client_secret, resource=discovery_uri)
# If you have access to more than one service, you'll need to decide
# which ServiceInfo to use instead of just using the first one, as below.
# service_info = ResourceDiscoveryRequest().get_service_info(auth.access_token)[0]
service_info = AnyVersionResourceDiscoveryRequest().get_all_service_info(auth.access_token, sharepoint_base_url)[0]
auth.redeem_refresh_token(service_info.service_resource_id)
client = onedrivesdk.OneDriveClient(service_info.service_resource_id + '/_api/v2.0/', auth, http)
I'm stuck at the 3rd line from the bottom. What am I doing wrong here?