I'm creating a "Developer Portal" to my org where a user will be able to self-register and create apps to consume public APIs. These public API are being marked by a custom role.
Everything is working 99% fine. The user can self register, create apps, generate keys, subscribe to API and etc... the 1% that's missing is this "assignment" of the "PublicAPI" role!
Looking around the web I found this article here which shows exactly what I intend to do, but it uses SOAP, and I would like to know if there's a way to use a REST request to do so?
You can achieve it via SCIM2 APIs where you can assign users to roles/groups. You can perform PATCH operation for group endpoint as described here [1].
Sample payload as below,
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "add",
"value": {
"members": [
{
"display": "user",
"$ref": "https://localhost:9443/scim2/Users/a39fe03c-8d57-4b4c-a69d-5160c2384bea",
"value": "a39fe03c-8d57-4b4c-a69d-ddddddd"
}
]
}
}
]
}
[1] https://docs.wso2.com/display/IS570/apidocs/SCIM2-endpoints/#!/operations#GroupsEndpoint#patchGroup
There is not REST API implementation out of the box for the functionalities you are requiring.
At the moment, what you are doing is invoking the Admin-service related to your function via a SOAP message. These Admin-Services are OSGI services that are invokable via SOAP requests.
If you need to access those via REST API, you have to create a JAX-RS based webapp (Not a complex task) which would consume the OSGi Service. So that you can access the Webapp via REST-API and the webapp will consume the OSGi Service and get the functionality done for you.
I wold highly recommend you to go ahead and create a webapp since it is not a complex task as it sounds.
You can find a web-app build for RegistryAdminService (where the webapp consume the OSGi service related to RegistryAdmin) in the link [1].
To a complete guide including a sample code on creating such a web-app, you can refer the following link [2].
[1] - https://github.com/abeykoon/Blog-Resources
[2] - https://wso2.com/library/articles/2016/10/article-exposing-wso2-identity-server-admin-services-the-rest-way/
Cheers!
Related
I am testing some workflow in azure on which I have some web apps api connecting to a SQL Database using a service principle. Everything works fine and the web app is able to connect to the database using Managed identity. To test this approach, I also disabled (in the server => Azure Active Directory) the access using username and password and setting the admin group to be able to connect to my server using MFA. All this works just fine.
Once implemented this, I realise that my postman is not able anymore to perform any action. And if I try to send a GET or POST request to the api, I get the error
{
"response": {
"code": "unauthorized",
"reason": "User is not authenticated."
},
"statusCode": "unauthorized"
}
Which is fully understandable as I removed the access using username and password and enable only Azure active directory.
Here is my question, and I hope you can help me with this.
How can I grant access to postman to query my service using a service principle and what is the best approach to achieve this?
Thank you very much for your help and please if you need more info just let me know
The familiar approach for this problem is performing "Get Azure AD tokens by using a service principal".
Performing provisioning a service principal in Azure Portal.
Get AD access tokens.
Use the service principal’s Azure AD access token to access the Databricks REST API
Check the below documentation for step by step procedure.
https://learn.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/service-prin-aad-token#main
I'm using App Scripts to connect to the Google's Content API. To authenticate via oAuth2 I'm setting the scopes in my appsscript.json file. I'm then calling ScriptApp.getOAuthToken() to get the necessary access token.
However, I'm getting a 403 response and the error as below:
Content API for Shopping has not been used in project XXXX before or it is disabled.
Enable it by visiting https://console.developers.google.com/apis/api/shoppingcontent.googleapis.com/overview?project=XXXX then retry.
If you enabled this API recently, wait a few minutes for the action to propagate to our
systems and retry
The issue is that the project ID in the error does not match the ID of the project where my service account sits. In fact the project doesn't seem to exist at all.
I've enabled a client ID for the sheet's script ID and added it to the redirect URI section but it appears to be going to the wrong place. I am struggling to understand why I would be redirected to this non-existent project.
The appsscript.json is as follows:
{
"timeZone": "Europe/London",
"dependencies": {
"libraries": [
{
"userSymbol": "OAuth2",
"version": "41",
"libraryId": "XXXX"
}
]
},
"exceptionLogging": "STACKDRIVER",
"runtimeVersion": "V8",
"oauthScopes": [
"https://www.googleapis.com/auth/content",
"https://www.googleapis.com/auth/script.external_request"
]
}
Switch the script from a Default Cloud Platform project to your Standard Cloud Platform project
Here are the instructions how to change to the standard project - depending on either you use the new or legacy editor.
After switching successfully to the standard project - enable the Content API for Shopping and any other APIs you want to use in the GCP console.
In case you use a service account with impersonation, you also need to assign the service account the necessary scopes in the admin console as described here.
I am having trouble testing Facebook API's Instagram webhooks
Here is what I've done :
My Facebook application is validated with manage_pages, instagram_manage_insights and instagram_basic permissions
My Facebook application is "Live"
I have subscribed my app to my Facebook page POSTing on subscribed_apps endpoint (explained here: https://developers.facebook.com/docs/instagram-api/guides/webhooks/#install-app ). I already use the "feed" field. GETing subscribed_apps endpoint give the following result:
# v6.0/{my-page-id}/subscribed_apps?fields=subscribed_fields
{
"data": [
{
"id": "{my-app-id}",
"subscribed_fields": [
"feed" // the missing "instagram" here seems normal as it is not handled by API
]
}
]
}
Using ngrok I am trying to test the webhook on my local machine. I correctly receive the "test" data (using app dashboard button) but nothing happen when I subscribe to the webhook
I don't understand what I am missing here. The feed webhook I also subscribed too, works perfectly.
UPDATE
I managed to recieve the "story_insights" hooks, so I guess my configuration is OK. But I still don’t get any incoming comment or mention. Are thesi features still available in new graph api versions ?
I have a custom page where I obtain Published API list using WSO2 Store Restful API
https://docs.wso2.com/display/AM220/apidocs/store/#!/operations#APICollection#apisGet
The problem is the returned result does not includes API Rating and Business Information whereas the Jaggery API that has been used by the default API Manager UI does include it. Is there any way to configure it so the REST API returns that data?
If I use the jaggery API instead, it is cookie based while I am using OAuth2 OIDC Service Provider of the IS. I cant obtain API that has visibility to only its own domain by passing access token to the Authorization header.
APIM Version: 2.2
Please Advice. Thanks!
There is no such a way which will change the output response of defined APIs.
If you want to do that, get source code of wso2 from github & edit the APIs & use the edited source to deploy your application. (But this will add lots of maintenance issue)
The quickest way is to call the get details of api.
It will return the business information object as well as below:
"businessInformation": {
"technicalOwner": "John Doe",
"technicalOwnerEmail": "architecture#pizzashack.com",
"businessOwner": "Jane Roe",
"businessOwnerEmail": "marketing#pizzashack.com"
},
Here you will get the heavy response as it returns the complete swagger definition as well.
I have created bna and deployed in composer rest server by enabling passport and multi-user, How to create participant, their identities via rest API that generated by composer rest server without importing cards via import wallets? and there is no proper documentation for this.
assuming you've done a /Wallet/Import of an identity that can issue other identities:
eg. REST Endpoint
/Wallets/Import
browse for file your exported admin card eg. netadmin.card and Import it. use the POST /wallet/{name}/setDefault REST method if you need to set this as the default id.
you would then do:
Add a participant (say a participant called trader1):
- eg. say 'Trader'
Post /Trader
{
"$class": "org.acme.trading.Trader",
"tradeId": "trader1",
"firstName": "John",
"lastName": "Doe"
}
Issue an identity mapped to that participant above (say jdoe):
Under /System;
POST /system/identities/issue:
{
"participant": "resource:org.acme.trading.Trader#trader1",
"userID": "jdoe",
"options": {}
}
You should get a business network card in your Downloads folder - from your REST server go to /Wallets
/POST /wallet/import
Import the wallet, giving it the userId#your-network parameter when prompted. Then set that as the default user (eg /POST wallet/{name}/setDefault ) if you want to use it in your browser.