Postman AWS Signature for SP-API not working - postman

I am trying out SP-API catalog items API from postman. Trying to signing request using AWS Signature provided in postman. But getting the following error.
Headers used
Getting the following error
{
"errors": [
{
"message": "Credential should be scoped to correct service: 'execute-api'. ",
"code": "InvalidSignature"
}
]
}

Try to set "Service name" to "execute-api"

You have entered wrong data in [Service Name]
Set execute-api in Service Name
amz-sp-api postman mayurpathak amazon

Set your your SecretKey = awsSecretAccessKey you recieved when you authorized the app.

Related

How to get value for Client_id and Client_Secret to call API from Postman

I am trying to call RingCentral API from Postman. This is my first attempt and so I am following what is provided by RingCentral documentation: https://developers.ringcentral.com/guide/messaging/sms/postman
I created a Sandbox account and an API app which uses following authorization:
However, when I call from the Postman, I am getting following error:
{
"error": "unauthorized_client",
"errors": [
{
"errorCode": "OAU-251",
"message": "Unauthorized for this grant type"
}
],
"error_description": "Unauthorized for this grant type"
}
Thank you.

Java - Getting "Not authorized to access the application ID" error in Google Workspace Marketplace API

I have a Google Workspace Marketplace app and want to determine which domains have installed or uninstalled it from my web app (written in Java, deployed on GAE).
I've enabled both GSuite Marketplace API and Google Workspace Marketplace SDK from the console. I'm using the same GCP project I've used to list my marketplace app while calling the relevant google service. But I keep getting the "Not authorized to access the application ID" 403 error. Here is the code:
GoogleCredential googleCredential = new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(jsonFactory)
.setServiceAccountPrivateKey(SA_PRIVATE_KEY)
.setServiceAccountId(SA_ID)
.setServiceAccountScopes(Collections.singletonList("https://www.googleapis.com/auth/appsmarketplace.license"))
.build();
GenericUrl url = new GenericUrl("https://appsmarket.googleapis.com/appsmarket/v2/licenseNotification/" + MY_APPLICATION_ID);
HttpRequestFactory httpRequestFactory = httpTransport.createRequestFactory(googleCredential);
HttpResponse httpResponse = httpRequestFactory.buildGetRequest(url).execute();
return httpResponse.parseAsString();
I tried using the default service account with no luck. The documentation doesn't explain much either. What am I missing? Can anyone point me in the right direction?
error:
{
"error": {
"code": 403,
"message": "Not authorized to access the application ID",
"errors": [
{
"message": "Not authorized to access the application ID",
"domain": "global",
"reason": "forbidden"
}
]
}
}

Code 403 : “The request is missing a valid API key.” PERMISSION_DENIED Service Account Key Google Cloud speech to text api in python"

I want to implement the Google Cloud speech to text using a service account. What i have try is i have set the environment variable to that json and send the post request to this url 'https://speech.googleapis.com/v1/speech:longrunningrecognize'.
Code:
req = requests.post(url, data={
"audio":{
"content":enc
},
"config":{
"audioChannelCount":2,
"enableSeparateRecognitionPerChannel":True,
"enableWordTimeOffsets":True,
"diarizationConfig":{
"enableSpeakerDiarization": True,
"minSpeakerCount": 1,
"maxSpeakerCount": 2
},
}})
Error:
403
{
"error": {
"code": 403,
"message": "The request is missing a valid API key.",
"status": "PERMISSION_DENIED"
}
}
The error message indicates that you are not authenticating correctly. The way to do this is to pass an authentication token as a Bearer Token header in your request.
The following documentation explains how to generate the required credentials and pass them with the request, this provides an overview of service accounts Service accounts overview
Creating a service account instructions Creating service accounts
Once you have created the service account you generate the credentials which are stored in json format, these are then passed as a Bearer Token

aws api-gateway-secure-pet-store example giving signature mismatch error

The sample project - api-gateway-secure-pet-store (an example of cognito, IAM, Lambda and `API Gateway) mentioned here gives following error:
When executing a login request, I receive the following credentials :
"credentials": {
"accessKey": "XXXXXXXXXXXX",
"secretKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"sessionToken": "FQoDYXdzEEUaDBzTjHqvxMWDMpGfniKuBFZQZHKgdyhTDBTfHplacB+y27s87iGuEvFO5yHbJG5AwxgPGTpxc3mpdfmW5Q2CA5w8BCIzGjXqAPB8iEMI95rZWXh73AZH4OKrPHSEyRMDscH73Yl2DdVOiPpSQGAFssaVytxIJPF2AESUohD/OdvpwQ+sRwm8/mm1/8iUgNjYch0xl80GYtoUysTkGohhtDktGcEN3ho+Dsq8Z2ei+LTH6ulq2tkPvxVSGw9KoN5OP20nCfehRSIy5WPxTuFm8ws76DjNs1xoTDdkVGW/8QOTgvutLLc1axd6HKmELLNQWUEOXNAxK+1Sf8YMPRGH1bp+ozXrGAJc/71OXhk5QISS3ikUT0RephMJY/PbG7E4DnvIGI82+InUCTT/YvFZM7xWIrwWDKJIcY5/+CI7Sos6+JiFj0doyh+sK0Muu3IZgBwmXdA6r7qWeI94+j2FUpWB7fUTCHzOQLotR2U62gxj0h8fiiqviznPcaLbnnH+e+pSOvTY4F8vgQw256O41QgxhRxHL4rLlvC5PwJ8Im1Pcgj224myQZVyK/2SX3eEfKXaQEn+vMDUTYdWhpOcPU1NVK8H1GG6/Srs2oEcaqQm7Mv6VQKSe5R7XWs3GCuwMQmkac7QoIG8VG48QvqEgBzyvS+ivUapW8h1pg9yqYNPzVwh8RTv3Tyl0wP0DIExN8AZX85CZv/k9v3QqHku5MgHh6Me6DnXKmr6F8a3XOEJJfHau+Rm/C6ENFG2aijaqKK5BQ==",
"expiration": 1462280810000
}
But when I call the Pets request with above credentials and below URL/JSON:
URL: https://XXXXXXX.execute-api.us-east-1.amazonaws.com/devTest/pets
JSON in Body:
{
"action": "com.amazonaws.apigatewaydemo.action.CreatePetDemoAction",
"body": {
"petId":"4",
"petType":"RabbitSumit",
"petName":"TabbitSumit",
"petAge":"41"
}
}
by entering above parameters , it does the following
{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been\n'POST\n/devTest/pets\n\ncontent-length:212\ncontent-type:application/x-www-form-urlencoded\nhost:XXXXXXXXX.execute-api.us-east-1.amazonaws.com\nx-amz-date:20160503T121516Z\nx-amz-security-token:FQoDYXdzEEUaDBzTjHqvxMWDMpGfniKuBFZQZHKgdyhTDBTfHplacB+y27s87iGuEvFO5yHbJG5AwxgPGTpxc3mpdfmW5Q2CA5w8BCIzGjXqAPB8iEMI95rZWXh73AZH4OKrPHSEyRMDscH73Yl2DdVOiPpSQGAFssaVytxIJPF2AESUohD/OdvpwQ+sRwm8/mm1/8iUgNjYch0xl80GYtoUysTkGohhtDktGcEN3ho+Dsq8Z2ei+LTH6ulq2tkPvxVSGw9KoN5OP20nCfehRSIy5WPxTuFm8ws76DjNs1xoTDdkVGW/8QOTgvutLLc1axd6HKmELLNQWUEOXNAxK+1Sf8YMPRGH1bp+ozXrGAJc/71OXhk5QISS3ikUT0RephMJY/PbG7E4DnvIGI82+InUCTT/YvFZM7xWIrwWDKJIcY5/+CI7Sos6+JiFj0doyh+sK0Muu3IZgBwmXdA6r7qWeI94+j2FUpWB7fUTCHzOQLotR2U62gxj0h8fiiqviznPcaLbnnH+e+pSOvTY4F8vgQw256O41QgxhRxHL4rLlvC5PwJ8Im1Pcgj224myQZVyK/2SX3eEfKXaQEn+vMDUTYdWhpOcPU1NVK8H1GG6/Srs2oEcaqQm7Mv6VQKSe5R7XWs3GCuwMQmkac7QoIG8VG48QvqEgBzyvS+ivUapW8h1pg9yqYNPzVwh8RTv3Tyl0wP0DIExN8AZX85CZv/k9v3QqHku5MgHh6Me6DnXKmr6F8a3XOEJJfHau+Rm/C6ENFG2aijaqKK5BQ==\n\ncontent-length;content-type;host;x-amz-date;x-amz-security-token\n82d7b00fc60e9684db97202b877091a3836e091224a5a8bf4567080e104e4459'\n\nThe String-to-Sign should have been\n'AWS4-HMAC-SHA256\n20160503T121516Z\n20160503/us-east-1/execute-api/aws4_request\nd6d9d29069c6575ec4510dfab1268f2ba1697a876a660c4564fe8398674f3c97'\n"}

Invalid input: domain clientuserinfo is not present

As per the google documentation we ended up creating a service account (since there’s no user intervention and it’s middleware invoking the google api) and associating with the google admin api; We’re able to get a token back which we’re sending to the google api but here’s the response we’re seeing:
GET https://www.googleapis.com/admin/directory/v1/customer/my_customer /devices/chromeos?access_token=y000000000898999(mock token digits)
Response: {
"error": {
"errors": [
{
"domain": "global",
"reason": "invalid",
"message": "Invalid Input: Domain ClientUserInfo is not present"
}
],
"code": 400,
"message": "Invalid Input: Domain ClientUserInfo is not present"
}
}
Any ideas? My thought is that it’s to do with the my_customer as the id.
Using my_customer as the id should work but in this case, since the service account is not related to a domain, you are getting the error.
Admin SDK should be access by the admin of the domain. So in this case if you are using a service account, you should impersonate the domain admin account in order to make a valid call on his behalf.
You can also try this method from the documentation, accessing it as the admin of the domain.