I've been testing reading from the Graph API with an app I'm working on for a while. I've been reading events directly from their /{id} endpoints using the Python package. When I attempted this today, however, it didn't work. The response was as follows, when attempted using the Graph API Explorer.
{
"error": {
"message": "Unsupported get request. Object with ID 'XXXXXXXXXXX' does not exist, cannot be loaded due to missing permissions, or does not support this operation. Please read the Graph API documentation at https://developers.facebook.com/docs/graph-api",
"type": "GraphMethodException",
"code": 100,
"error_subcode": 33,
"fbtrace_id": "HAli25GZ3N4
"
}
}
The Explorer itself seems to know somehow that the object in question is an event, as the field options it gives in the left sidebar are all specific to Event objects. I'm aware you need to go through App Review to be able to read public Events, but I haven't needed to thus far. What's the issue?
I've also checked the changelogs, that state nothing breaking has occured today in that instance. One thing to note was that I was briefly demoted to Moderator of the Page I'm trying to read from. I've tried using my personal Access Token and that of the Page too.
Related
I am farely new to the Twitter API and I've got the following issue.
I try to send a tweet with the 'Twitter v2 API / Manage tweets / POST Create a Tweet' endpoint.
Unfortunately this results in an error '429', every time i call this endpoint (manually)
{
"title": "Too Many Requests",
"detail": "Too Many Requests",
"type": "about:blank",
"status": 429
}
The returning header shows nothing strange (from my inexperienced point of view) , see screenshot below
Headers of 429 response
Some general remarks:
I've got just 1 application in my Twitter developer account.
Within this application there is just one App.
I am the only one who generates the requests manually.
The execution is manual and all within the bounderaries of the API (200 per 15 min)
I started with the 'out the box' create_tweet.py solution (see link below), due to my misunderstanding I made several autorization request with the same twitter user, (following the link, entering the PIN) maybe that triggered some type of blockage or rejection? I regenerated all my tokens and started all over via Postman (as mentioned in the Quickstart, see link below) The error 429 is still there (both with the python script as via Postman)
Anyone got an idea? Thanks in Advance!
Links:
create_tweet.py:
https://github.com/twitterdev/Twitter-API-v2-sample-code/blob/main/Manage-Tweets/create_tweet.py
Quickstart:
https://developer.twitter.com/en/docs/twitter-api/tweets/manage-tweets/quick-start
From documentation on https://developers.google.com/vault/guides/exports, I've been able to create, list, and retrieve exports, but I haven't found any way to download the exported data associated with a specific export. Is there any way to download the exported files via the API, or is this only available through the vault UI?
There is a cloudStorageSink key in the export metadata, but trying to use the values provided using the cloud storage API results in a generic permissions issue (403 Error).
Example export metadata response:
{
"status": "COMPLETED",
"cloudStorageSink": {
"files": [
{
"md5Hash": "da5e3979864d71d1e3ac776b618dcf48",
"bucketName": "408d9135-6155-4a43-9d3c-424f124b9474",
"objectName": "a740999b-e11b-4af5-b8b1-6c6def35d677/exportly-41dd7886-fe02-432f-83c-a4b6fd4520a5/Test_Export-1.zip",
"size": "37720"
},
{
"md5Hash": "d345a812e15cdae3b6277a0806668808",
"bucketName": "408d9135-6155-4a43-9d3c-424f124b9474",
"objectName": "a507999b-e11b-4af5-b8b1-6c6def35d677/exportly-41dd6886-fb02-4c2f-813c-a4b6fd4520a5/Test_Export-metadata.xml",
"size": "8943"
},
{
"md5Hash": "21e91e1c60e6c07490faaae30f8154fd",
"bucketName": "408d9135-6155-4a43-9d3c-424f124b9474",
"objectName": "a503959b-e11b-4af5-b8b1-6c6def35d677/exportly-41dd6786-fb02-42f-813c-a4b6fd4520a5/Test_Export-results-count.csv",
"size": "26"
}
]
},
"stats": {
"sizeInBytes": "46689",
"exportedArtifactCount": "7",
"totalArtifactCount": "7"
},
"name": "Test Export",
...
}
There are two approaches that can do the action you require:
The first:
using OAuth 2.0 refresh and access keys however it requires the intervention of the user, acknowledging your app access.
You can find a nice playground supplied by Google and more info here: https://developers.google.com/oauthplayground/.
You will first need to choose your desired API (in your case it is the: https://www.googleapis.com/auth/devstorage.full_controll under the Cloud Storage JSON API v1 section.
Then, you will need to log in with an admin account and click: "Exchange authorization code for tokens" (the fields "Refresh token" and "Access token" will be field automatically).
Lastly, you will need to choose the right URL to perform your request. I suggest using the "List possible operations" to choose the right URL. You will need to choose "Get Object - Retrieve the object" under Cloud Storage API v1 (notice that there are several options with the name -"Get Object", be sure to choose the one under Cloud Storage API v1 and not the one under Cloud Storage JSON API v1). Now just enter your bucket and object name in the appropriate placeholders and click Send the request.
The second:
Programmatically download it using Google client libraries. This is the approach suggested by #darkfolcer however I believe that the documentation provided by Google is insufficient and thus does not really help. If a python example will help, you can find one in the answer to the following question - How to download files from Google Vault export immediately after creating it with Python API?
Once all the exports are created you'll need to wait for them to be completed. You can use https://developers.google.com/vault/reference/rest/v1/matters.exports/list to check the status of every export in a matter. In the response refer to the “exports” array and check the value of “status” for each, any that say "COMPLETED" can be downloaded.
To download a completed export go to the “cloudStorageSink” object of each export and take the "bucketName" and "objectName" value of the first entry in the "files" Array. You’ll need to use the Cloud Storage API and these two values to download the files. This page has code examples for all the popular languages and using the API https://cloud.google.com/storage/docs/downloading-objects#storage-download-object-cpp.
Hope it helps.
The issue you are seeing is because the API works with the principle of least privilege.
The implications for you is that, since your objective is to download the files from the export, you would get the permissions to download only the files, not the whole bucket (even if it contains only those files).
This is why when you request information from the storage bucket, you get the 403 error (permission error). However, you do have permission to download the files inside the bucket. In this way, what you should do is get each object directly, doing requests like this (using the information on the question):
GET https://storage.googleapis.com/storage/v1/b/408d9135-6155-4a43-9d3c-424f124b9474/o/a740999b-e11b-4af5-b8b1-6c6def35d677/exportly-41dd7886-fe02-432f-83c-a4b6fd4520a5/Test_Export-1.zip
So, in short, instead of getting the full bucket, get each individual file generated by the export.
Hope this helps.
I'm working with Python for AWS Lambda. I have Profile PATCH and Profile DELETE api calls. PATCH request works fine. DELETE returns InternalServerError on
profile_request = ast.literal_eval(str(event['_body']))
PATCH uses the exact same thing. I even tried copy-pasting the line from PATCH to make sure there wasn't a typo. I've seen people say a syntax issue can cause this. I copy-pasted the body from PATCH and replaced profile with archive_status to make sure there wasn't a syntax issue. event is a dictionary. event['_body'] is unicode type. Both requests have the exact same Authorization and Headers requirements. I checked CloudWatch logs to make sure the body is actually listed as _body in the event. I can't figure out why I am getting the InternalServerError for DELETE profile and not PATCH profile. Any suggestions would be appreciated.
PATCH body:
{
"AccessToken": "eyJraWQiOiIzRUZtNG1lRE45c1wvQU9XUGdiYkZJNm1wakVkOVRFR05PYTY0SXJZOWRDdz0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIwZTQ1ZDYyZi1mYzQxLTQxNTQtYjZiOC04NjBiNTdkZWNkOGUiLCJkZXZpY2Vfa2V5IjoidXMtZWFzdC0xXzhkYTA3NWQ2LWEzNmItNDZhNS04YjAyLWY3ZmNjY2UxMGZiOCIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXdzLmNvZ25pdG8uc2lnbmluLnVzZXIuYWRtaW4iLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV96dnNGSkYzRzEiLCJleHAiOjE1MDYzNzI2MjksImlhdCI6MTUwNjM2OTAyOSwianRpIjoiMDU3NTkwMzItYmQ5YS00MzljLWJjM2QtYWY2OGZiZjJmNTBiIiwiY2xpZW50X2lkIjoiNWNscm9vNDhtamZpb2QzaDRoZGgyZDNvZHUiLCJ1c2VybmFtZSI6IjBlNDVkNjJmLWZjNDEtNDE1NC1iNmI4LTg2MGI1N2RlY2Q4ZSJ9.G2-gGYyZajrsAikFPuuttYQAj1Yc7uj-UUz469NEUk0SoEFvcJ3E6MOINmIWYg1W6BwJG09W4C_DvBrbybNZep-TtVoAHqNeuiEubt4IABeycZ9ELhKS4G-aaIvbV6CTVFVljFcUdTqCBf0TP7kxKp6P2kRRx08PjCqfQX-34XE-YJt2FyIGzSc958OT0MasROdHxr_ozJS6LGHw52BF1UG1llpR3YPGtMe8Gz9Y65RFEIDIpXllShKSFogvy-rdJFnaJqAYYn6WfjtmqDUjYzFTNZmGNOWy7_BxGFX90lUBB0V47k8M4nxvC_qWQ9o1LTkCYXIDD9sWMCtY4ewYmw",
"profile": {
"name": "Test"
}
}
DELETE body:
{
"AccessToken": "eyJraWQiOiIzRUZtNG1lRE45c1wvQU9XUGdiYkZJNm1wakVkOVRFR05PYTY0SXJZOWRDdz0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIwZTQ1ZDYyZi1mYzQxLTQxNTQtYjZiOC04NjBiNTdkZWNkOGUiLCJkZXZpY2Vfa2V5IjoidXMtZWFzdC0xXzhkYTA3NWQ2LWEzNmItNDZhNS04YjAyLWY3ZmNjY2UxMGZiOCIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXdzLmNvZ25pdG8uc2lnbmluLnVzZXIuYWRtaW4iLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV96dnNGSkYzRzEiLCJleHAiOjE1MDYzNzI2MjksImlhdCI6MTUwNjM2OTAyOSwianRpIjoiMDU3NTkwMzItYmQ5YS00MzljLWJjM2QtYWY2OGZiZjJmNTBiIiwiY2xpZW50X2lkIjoiNWNscm9vNDhtamZpb2QzaDRoZGgyZDNvZHUiLCJ1c2VybmFtZSI6IjBlNDVkNjJmLWZjNDEtNDE1NC1iNmI4LTg2MGI1N2RlY2Q4ZSJ9.G2-gGYyZajrsAikFPuuttYQAj1Yc7uj-UUz469NEUk0SoEFvcJ3E6MOINmIWYg1W6BwJG09W4C_DvBrbybNZep-TtVoAHqNeuiEubt4IABeycZ9ELhKS4G-aaIvbV6CTVFVljFcUdTqCBf0TP7kxKp6P2kRRx08PjCqfQX-34XE-YJt2FyIGzSc958OT0MasROdHxr_ozJS6LGHw52BF1UG1llpR3YPGtMe8Gz9Y65RFEIDIpXllShKSFogvy-rdJFnaJqAYYn6WfjtmqDUjYzFTNZmGNOWy7_BxGFX90lUBB0V47k8M4nxvC_qWQ9o1LTkCYXIDD9sWMCtY4ewYmw",
"archive_status": "archive"
}
Sorry. I'm fairly new to python and brand new to json and AWS. Another company setup chalice for deployment and a skeleton of our api with some basic code. I'm supposed to figure it all out and learn how to make it work as my company wants it to. I was testing through postman. The lambda code logger that goes to cloudwatch was how I was tracking down the issue. It turns out the issue was the log line immediately after ast.literal_eval:
profile_request = ast.literal_eval(str(event['_body']))
logger.info(profile_request)
I assumed not seeing that log in cloudwatch meant the ast.literal_eval was the issue. Finding a way to test locally so I could see the trace allowed me to figure out the log line was causing AttributeError: 'dict' object has no attribute 'strip'. That's an easy one so the problem is resolved. Glad I know how to test locally now also. Thank you for replying so quickly.
I'm also posting my question here. Maybe anyone has a pragmatic way to solve this:
Currently I've been messing around with automatically creating users in gitlab-ce, adding existing ssh-keys to them and afterwards, changing their identity to a different provider, in my case atlassian crowd. I tried to set it when doing a post request on user creation by adding { 'identities': [ { 'provider': 'crowd', 'external_uid': 'foobar' } ] } into my request, but while the user is correctly created, the identity setting gets ignored. The request actually looks like the following and is sent against http://localhost/api/v3/users
{
"email": "foo.bar#aol.com",
"password": "aol123aol123",
"username": "foo.bar",
"name": "Foo Bar",
"identities": [
{
"provider": "crowd",
"extern_uid": "fbar"
}
]
}
As I said, the user is created, but not the identity. Directly setting the identity through API, that is, setting a certain identity provide along with an id at the external system, seems not to be implemented. That's why I filed an issue at gitlab.com (https://gitlab.com/gitlab-org/gitlab-ce/issues/27693).
I'm looking now for an alternative to fix this. I'm working on a migration from different technologies and I want to automate the usermanagement first. As there a couple of them, it's not feasible to do this manually.
As a matter of fact, it is possible to set the identity of a user in the admin ui. Inspecting it through the browser when clicking on the create button showed, that it is a POST request against
http://localhost/admin/users/foo.bar/identities
the content is url-encoded:
utf8:✓
authenticity_token:47yRB038sLQQ7bBP4vYGdVcQzg/8js09h5mUkz5vNYSALAjRqIpAFjYube8VxUlEKChNcrjNmx7s0RW8tDWFqC==
identity[provider]:crowd
identity[extern_uid]:fbar
As you can see, it's not an API url, but the ui. What is unknown to me here is the authenticity_token. It's not the private access token of the admin. Is it a session token?
From a technology point I'm using python w/ requests to do all this.
To achieve this, you need sudo support offered by gitlab-ce's API.
I am generating new access token using this answer.
Using access token, I can send request to facebook's graph api.
For example, I want to pull details of https://www.facebook.com/custtap. Then, this url
https://graph.facebook.com/v2.5/custtap?fields=name,about,emails&access_token=ACCESS_TOKEN_GOES_HERE
This works fine, I get desired results. Similarly, it works fine for other pages that I don't have any access.
But, this way doesn't work for page(https://www.facebook.com/LatentView).
https://graph.facebook.com/v2.5/LatentView?fields=name,about,emails&access_token=ACCESS_TOKEN_GOES_HERE
This returns
{
"error": {
"message": "Unsupported get request. Please read the Graph API documentation at https://developers.facebook.com/docs/graph-api",
"type": "GraphMethodException",
"code": 100,
"fbtrace_id": "C6DYVxvWZ91"
}
}
The page is access-restricted (page settings) in some way – that can f.e. be based on age, location, for alcohol-related content.
Therefor you need to either use a user access token for a user that is allowed to see the page, or a page access token (which requires admin access to the page to get.)
Everything you need to know is documented here: https://developers.facebook.com/docs/facebook-login/access-tokens