Is it possible to delete the message in the response?
{
"message": "PERMISSION_DENIED: The API targeted by this request is invalid for the given API key.",
"code": 403
}
I prefer not to expose information to users. In this particular case a 403 http error would be enough.
Related
I want to use the Speech-to-text API for an application made in nocode.
I get this error message:
There was a problem setting up your call.
Raw response for API
401 status code
{
"Mistake": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie, or other valid authentication credentials. See https://developers.google.com/identity/sign- in/web/devconsole-project.",
"status": "NOT AUTHENTICATED"
Thanks in advance
I may be able to transcribe an audio file to text.
Attempting to call google chat API in Postman on the developer's computer, we get the following response.
{
"error": {
"code": 403,
"message": "This API is not accessible for external HTTP caller.",
"status": "PERMISSION_DENIED"
}
}
We have authenticated using OAuth2 (apiKey/secret) with scope https://www.googleapis.com/auth/chat.messages.
We did like to use Postman to try out this API.
Is it possible to get around this error? If so, how?
I have followed the steps of this guide : https://developers.google.com/identity/protocols/risc. My goal is to receive tokens-revoked events and this is working ! When I go to my google account and remove my app then my "receiver endpoint" is triggered by the event.
1 - My first issue is kind of the same as described here : what-is-the-payload-for-the-google-risc-api-callback. I can't find any trace of the JWT token. The body of the received request in an empty object and there is no Authorization header. So where can I find the JWT ?
2 - I'm trying to trigger the event using the https://risc.googleapis.com/v1beta/stream:verify endpoint but this error is returned :
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
(I'm using the same token to make call on https://risc.googleapis.com/v1beta/stream/status, https://risc.googleapis.com/v1beta/stream:update and everything is working ...)
I'm using the Facebook Graph API to reply a direct message.
I have published my message issuing an HTTP POST request to /CONVERSATION_ID/messages with a valid access token.
But I receive the following error:
{
"error": {
"message": "(#3) Unknown method",
"type": "OAuthException",
"code": 3
}
}
The same test on the Graph API Explorer returned the same error.
Can anyone please help me out?
My Workplace (Facebook for business) GRAPH API application received a "(#3) Unknown method" error when it didn't have POST or DELETE permissions for the action it was attempting. Changing the integration/application permissions resolved the problem for me.
You don't need to add /messages to the API. Just call the API as https://graph.facebook.com/{message_id} to get the thread.
I've got a JSON REST API. There is a handshake that will give you a token that is valid for 15 minutes. All calls you do within those 15 minutes should work ok. After the 15 minutes I am returning an error object (includes code, message, success = false) but I was also wondering what HTTP Error Code I should return? And will using a HTTP error code mess up certain clients? (HTML5, iPhone, Android). What is considered best practice in this scenario?
You should return a 401 Unauthorized Status Code. You might additionally provide hypermedia to establish the token again
Think about what happens in a web app. You go to say a banking site. If not auth'd it will send you to the log in page. Then you log in and you are good to go for a time. Then it expires and the cycle repeats.
Just a thought.
according to the spec rfc6750 - "The OAuth 2.0 Authorization Framework: Bearer Token Usage", https://www.rfc-editor.org/rfc/rfc6750, p.8, section 3.1, resource server should return 401:
invalid_token
The access token provided is expired, revoked, malformed, or
invalid for other reasons. The resource SHOULD respond with
the HTTP 401 (Unauthorized) status code. The client MAY
request a new access token and retry the protected resource
request.
FWIW Facebook uses 400 with a custom JSON response. I personally would prefer 401 with custom JSON response.
Here is FB's response body:
{
"error": {
"message": "Error validating access token: Session has expired on Jul 17, 2014 9:00am. The current time is Jul 17, 2014 9:07am.",
"type": "OAuthException",
"code": 190,
"error_subcode": 463
}
}