If I have the following curl request:
curl --dump-header - -H "Content-Type: application/json" -u TEST:TEST -X POST --data '{"alert": "[\"CPU\", \"Server\", \"Heartbeat\", \"Ping\"]", "id": 11, "pattern": ".*\\.websys\\.tmcs", "product": "TMOL", "pub_date": "2014-08-05 12:15:17", "resource_uri": "/tool/api/v1/sys_team/11/", "sys_team": "WebSys#xxxxxx.com","group":"WebSys"}' http://localhost:8000/tool/api/v1/sys_team/
Is there anyway I can get access to the -u information (specifically the username)? I can't use request.user.username because I want to authenticate the user based on the group he/she is in so it defaults to Anonymous user because it isn't authenticated yet.
The command you wrote will send the TEST username and TEST password using the HTTP header Authorization.
Authorization: USERNAME THE_PASSWORD_USING_BASE64_ENCODING
You can read more about the Basic access authentication here: http://en.wikipedia.org/wiki/Basic_access_authentication
Related
I am trying to get the Indeed vacanties of my company via API with python. I am following https://developer.indeed.com/docs/authorization/3-legged-oauth and https://mathiashaentjens.medium.com/how-do-you-extract-data-using-the-indeed-api-and-build-your-own-indeed-campaign-reporting-8127252ef073.
I create Indeed API keys and recevive the Authorization Code. But i couldnt get Access Token. I send the same POST as documents via curl and python requests but i got this error;
{'error_description': 'Your request might include sensitive information passed in the URL query string. Parameters must be passed in the HTTP request body using the application/x-www-form-urlencoded format (See https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3). For increased security, we recommend that you periodically rotate your application secret at https://secure.indeed.com/account/apikeys.', 'error': 'invalid_request'}
My python code is like;
headers = {'content-type': 'application/x-www-form-urlencoded','accept':'application/json'}
payload = {'code':'XXXX', 'client_id':'XXXX', 'client_secret':'XXXX', 'redirect_uri': 'http://localhost', 'grant_type':'authorization_code'}
response = requests.post('https://apis.indeed.com/oauth/v2/tokens', params=urllib.parse.urlencode(payload), headers=headers)
response.json()
and via command line;
curl -X POST -H "Content-Length: 0" -H "Content-Type: application/x-www-form-urlencoded" -H "Accept: application/json" "https://apis.indeed.com/oauth/v2/tokens?code=XXXX&client_id=XXXX&client_secret=XXXX&redirect_uri=http://localhost&grant_type=authorization_code"
Is there anyone familiar with this error?
I am using flasgger to generate swagger UI for API's in flask.
I have an API endpoint http://localhost:5000/api/token which gives back token, if correct username and password is given, everything is fine, only problem is password is sent in clear text, I want to encrypt password while posting through swagger and decrypt it in flask.
curl generated is
curl -X POST "http://localhost:5000/api/token" -H "accept: application/json" -H "Content-Type: application/json" -d "{"password": "mypassword", "username": "myuser"}"
How can I encrypt password value in swagger or flasgger. I tried below but didn't see any change.
Token:
type: object
properties:
username:
type: string
description: 'enter your username'
example:"myuser"
password:
type: string
description: 'enter your password'
example: 'mypassword'
format: base64
Thanks in advance!
[API google GMB] Can not upload a photo using the media.upload API for Upload from bytes.
Hi I am trying to upload a photo from bytes using the google my business API following the steps describe in the next guide: guide upload from bytes.
For test I am using curl requests.
the step are:
Get the MediaItemDataRef (This step work without problem):
curl -X POST -v -H "Authorization: Bearer <access_token>"
"https://mybusiness.googleapis.com/v4/accounts//locations//media:startUpload"
I receive a "resourceName" variable.
Use the resourceName returned by the call made in the
previous step to upload the bytes:
curl -X POST -T ~/<patch_to_the_file.png> -v -H "Authorization:
Bearer <access_token>"
"https://mybusiness.googleapis.com/upload/v1/media/<resourceName>?uploadType=media"
Call Media.Create using the resourceName returned in Step 1:
curl -X POST
--data '{"mediaFormat":"PHOTO","locationAssociation"{"category":"FOOD_AND_DRINK"},"dataRef":
{"resourceName":"<resourceName>"}}'
-H "Authorization: Bearer <access_token>
-H "Content-Type: application/json"
"https://mybusiness.googleapis.com/v4/accounts/<id_account>/locations/<id_
locations>/media"
In the 3 step I receive the following error in the answers:
{
"error": {
"code": 400,
"message": "Request contains an invalid argument.",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.mybusiness.v4.ValidationError",
"errorDetails": [
{
"code": 1000,
"message": "Fetching image failed."
}
]
}
]
}
}
I had to try the same steps in Python and I have the same error, so I want to know what my error is in the request.
Thank you.
I had a similar phenomenon.
And I was able to solve the problem.
In my case, the posting cycle for the same store was about 18 seconds, but when I corrected it to a 60-second cycle, it was resolved.
I am interfacing with an API using requests and requests_oauthlib.
I successfully authenticate and access all the GET methods of the API, but get error 500 with POST methods. For example:
r = oauth.post("https://api.timelyapp.com/1.0/1/clients",
data={"client":{"name":"newclient", "color":"c697c0" }},
allow_redirects=False, headers={"Content-Type": "application/json"})
The issue is that I tested the same exact call with curl and it works correctly, here the curl code:
curl -v -X POST -H "Content-Type: application/json" -H "Authorization: Bearer XXXXXXXXXXXX" --data '{"client": { "name": "newclient", "color":"c697c0" }}' "https://api.timelyapp.com/1.0/1/clients"
how can I dig deeper in requests to compare its call with curl?
UPDATE:
Also, noticed that if I do not specify content type:
r = oauth.post("https://api.timelyapp.com/1.0/1/clients",
data={"client":{"name":"newclient", "color":"c697c0" }},
allow_redirects=True)
I get instead a 302 with redirection to the site homepage, where I fetch the content of the page. In any case the new client is not added.
You might want to try this instead:
data=json.dumps(payload)
From python-requests doc:
There are many times that you want to send data that is not
form-encoded. If you pass in a string instead of a dict, that data
will be posted directly.
I am using tastyPie 0.9.11 to create a RESTful API.
I got the API working ok, but then when I added APIKeyAuthentication I couldn't get the POST request to work.
I have set authentication/authorization in my resource meta as:
authentication = ApiKeyAuthentication()
authorization= Authorization()
and I have manually added an API key in the admin site for user admin, with key 1234567890.
When I do a GET it works ok (http://127.0.0.1:8000/api/v1/application/?format=json&username=admin&api_key=1234567890 )
However when I try to do a POST using curl:
curl --dump-header - -H "Authorization: ApiKey admin:1234567890" -H "Content-Type: application/json" -X POST --data '{"user": "/api/v1/user/1/", "title":"api test application"}' http://localhost:8000/api/v1/application/
I get a 401 not authorized error.
I am following the documentation by adding the Authorization header, but maybe there is something else I am doing wrong?
Specifying the ApiKey via header was added after v0.9.11. It will be in the v0.9.12 release.