We Keep Coding

eBay post-order api

Trying to learn the eBay post-order api using Postman. I have put together a simple check_eligibility call using a listing to see how it works. The PostMan http call follows.
POST /post-order/v2/inquiry/check_eligibility HTTP/1.1
Host: api.ebay.com
X-EBAY-API-IAF-TOKEN: TOKEN AgAAAA**AQAAAA**aAAAAA**0QqhYQ**........
Content-Type: application/json
X-EBAY-C-MARKETPLACE-ID: EBAY_US
Accept: application/json
{ /* CheckInquiryEligibilityRequest */
"itemId": 125119365456,
"transactionId": 0
}
No matter how I structure the call I get a 401 unauthorized return. I am using a Auth'n'Auth token which according to eBay documentation, https://developer.ebay.com/DevZone/post-order/concepts/MakingACall.html#example, is acceptable.
Any thoughts?
Thank you in advance.

KeyCloak /userinfo not returning user info, returns what appears to be a token

Here is the flow I am attempting in postman.
Get access token
{{server}}/auth/realms/{{realm}}/protocol/openid-connect/token
I get the access token. I then run the next query
{{server}}/auth/realms/{{realm}}/protocol/openid-connect/userinfo
I put these in the headers
Content-Type: application/x-www-form-urlencoded
Authorization: Bearer {{access_token}}
I get a random string in return
eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJnN0FHMmJXMmhmQzBLTHJ0S1NUV2V4eTBGWVhsYklybXVEdnF0aDF2MFpNIn0.eyJzdWIiOiIxOGI0OTJhMy0wOGFlLTQ2NjQtODBjNi1iZGQ5Nzk2ODdiMzQiLCJhdWQiOiJibGluZHNwb3QtYXV0aCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9CbGluZHNwb3QifQ.UNyZ2AifgqK9NAiSVwWMFT4_EEleMBztodPHu19NrzIt0DUteK4gfYlgAf-Yfk6w3ue3TyjpD93HFlM-1AG2bHgIyIxI01IbEB2ew9b8xgLiexLrQkgQHIWWWFxSOqQCBo0VPgY3yi0ib3sqeBAcxpvfOhtvQuEH0lHdPFXh8DTJQL18Q3TAhTRpknpwIQ5mpjhaeIW2HXpExrPp6-35r2riPifS_nFNaTqPTSWAFHBiqFEa2_PnQcC6f09jGQYYGkjHnetuAdcmxmhskb59YYlqvRpvezi-Af9IHNhCDad0zomMJK5ajIYUcaXWpAuQZMhPp1OvTB79Olc-YUUOIg

to get the user infos you have to make a get Request using this endpoint:{{keycloak_url}}/auth/realms/{{realm}}/protocol/openid-connect/userinfo,
in Authorization : bearen token

Userinfo specification doesn't specify Content-Type: application/x-www-form-urlencoded header - see https://openid.net/specs/openid-connect-core-1_0.html#UserInfoRequest
So use standard GET request {{server}}/auth/realms/{{realm}}/protocol/openid-connect/userinfo with Authorization: Bearer {{access_token}} header only.

To get userInfo as JSON response, make sure "User Info Signed Response Algorithm" is set to "unsigned" in your client settings in Keycloak.

identifying the proper syntax for using HTTP dataset in ADFv2

I am able to successfully use Postman to authenticate and subsequently get data housed within a sandbox but I cannot figure out how to specify the same data within ADFv2.
I'm expecting to retrieve, temporarily store and later use a bearer token that this API generates. This token is then used in the second step that actually downloads the data I want in JSON format.
For the Authentication step, Postman generates code that looks this:
POST /v1/oauth/token HTTP/1.1
Host: api.sandbox.COMPANY.com
Ocp-Apim-Subscription-Key: MYKEY
Content-Type: multipart/form-data; boundary=----
WebKitFormBoundaryALPHANUM
cache-control: no-cache
Postman-Token: MYTOKEN
Content-Disposition: form-data; name="key"
MYKEY
Content-Disposition: form-data; name="grant_type"
vapi_key
------WebKitFormBoundaryALPHANUM--
I've created a linked HTTP and REST connection in ADFv2 with the base URL of "https://api.sandbox.COMPANY.com" and using no authentication.
I cannot figure out how to translate the functional Postman connection to a way that ADFv2 will work. Thoughts?

You could check this example.
https://learn.microsoft.com/en-us/azure/data-factory/connector-http#dataset-properties

Scanning a rest api web service using acunetix

I have a request post the send in acunetix scanner , but don't know how to send it and how to specify the post method , because when i added the headers in the "custom headers" option in acunetix scanner i got the get method sendded instead of the post one .
This is my request to send:
POST /Test/new_date HTTP/1.1
Host: app-test-ext
Content-Type: application/json
Cache-Control: no-cache
{UserName:test01,Password:poper}

Any idea why I can't POST to this Django REST API?

I'm currently trying to get a POST request using multipart/form-data running to the Django REST framework. I've successfully run through some test requests via the interactive API screens, which work fine. I've then tried to convert these over to using a non-Session based auth strategy, and I've consistently got errors. The requests I've sent are of the form:
POST /api/logs/ HTTP/1.1
Host: host:8080
Connection: keep-alive
Content-Length: 258
Accept: application/json
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryTOhRsMbL8ak9EMQB
Authorization: Token -token-
------WebKitFormBoundaryx6ThtBDZxZNUCkKl
Content-Disposition: form-data; name="SubmittedAt"
2014-01-23T10:39:00
------WebKitFormBoundaryx6ThtBDZxZNUCkKl
Content-Disposition: form-data; name="Device"
CheeseDevice
------WebKitFormBoundaryx6ThtBDZxZNUCkKl--
Sadly, the result has been (for all the requests I've run):
{"Device": ["This field is required."], "SubmittedAt": ["This field is required."], "LogFile": ["This field is required."]}
Interestingly, I've been able to send chunks of JSON through to the endpoint, and they're accepted as expected, eg:
POST /api/logs/ HTTP/1.1
Content-Type: application/json
Host: host:8080
Connection: keep-alive
Content-Length: 35
Accept: application/json
Authorization: Token -token-
{
"Device": "CheeseDevice"
}
Returns:
{"SubmittedAt": ["This field is required."], "LogFile": ["This field is required."]}
As expected - it actually accepts the Device argument and only raises errors on the missing items. I'd switch to using JSON, but sadly cannot upload files with it...
Thanks in advance for any help!
Edit:
Further investigation (ie: writing a view method that returns the request data shows that request.DATA isn't getting populated, for some reason. Method I'm using to debug follows:
def test_create(self, request, pk=None):
return Response(request.DATA)
Edit 2:
Even further investigation (and dropping code chunks into the framework for debugging) indicates that the requests are getting caught up in _perform_form_overloading and never hitting the MultiPartParser. Not sure why this is occurring but I'll try and trace it further.

After delving down every level I could find...
Looks like the problem stems from the line endings - ie: the libs and request senders I've been using send the content through with "\n" (LF) endings, while the HTTP spec requires "\r\n" endings (CR,LF)
This hinges on the following code in the Django core, within http/multipartparser.py - in parse_boundary_stream:
header_end = chunk.find(b'\r\n\r\n')
For dev purposes (and because it's going to be way easier to patch at the Django end than in the clients...) I've switched the above line to:
header_end = chunk.replace("\r\n","\n").find(b'\n\n')
This updated code follows the recommendations in Section 19.3 of the HTTP/1.1 spec regarding Tolerant Applications and accepting LF instead of just CRLF - I'll try and get around to seeing if this is suitable for inclusion in the Django core.
Edit:
For reference, the patch is up on GitHub: https://github.com/tr00st/django/commit/9cf6075c113dd27e3743626ab0e18c6616488bd9

This could be due to malformed multipart post data.
Also possible that you don't have MultiPartParser installed, but I don't think that'll be it as you'd normally expect to see a 415 Unsupported Media Type response in that case.