We are developing an application and we are using google API shorter URL to reduce very long URL.
This was working fine until a week ago. The API started to return 403 Unauthorized.
The problem appeared when we switched API key. It was working fine when we were testing but failed in production.
We checked that the API keys are correct, and they are. We are testing request with postman. Credit card is also correct but we are still under the free plan, so nothing wrong with payment.
API key is not restricted, and registered for the for the Google Shorter API.
The dashboard is showing our requests but all are in error.
The request we made :
curl -X POST \
'https://www.googleapis.com/urlshortener/v1/url?key=TheApIKeyStaNDshEre' \
-H 'Accept: application/json' \
-H 'Accept-Encoding: gzip, deflate' \
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/json' \
-d '{
"longUrl": "http://example.com/foo/bar/log/url/with?params=true"
}'
Someting the team hasn't see is that the API key has been regerated AFTER the limit.
From google blog post :
Starting May 30, 2018, only projects that have accessed URL Shortener APIs before today can create short links.
We missed this part when they decided to regenerate the key, and now we are locked out.
So we'll go for an hot fix to switch to firebase.
Don't regenerate your keys or you will be locked out forever.
(sorry #Ricky, we missed the part, you were right)
Google is shutting down the service. This could be the reason if your code worked properly before.
https://developers.googleblog.com/2018/03/transitioning-google-url-shortener.html
Related
I have an Event Hub and I want to restrict who can and cannot publish and consume events. The publishing of events works as described here: https://learn.microsoft.com/en-us/rest/api/eventhub/get-azure-active-directory-token
I am able to publish events by supplying a JWT to my Event Hub:
https://${Hub-NameSpace}.servicebus.windows.net/${EventHub}/messages
Example:
curl --location --request POST 'https://${Hub-NameSpace}.servicebus.windows.net/${EventHub}/messages' \
--header 'Authorization: Bearer ${TOKEN}' \
--header 'Content-Type: application/atom+xml;type=entry;charset=utf-8' \
--data-raw '{"Data":"Data"}'
However, when I try and consume using the same URL (sending a GET instead of a POST), I receive the following:
<Error>
<Code>400</Code>
<Detail>The requested HTTP operation is not supported in an EventHub. TrackingId: SystemTracker:EventHub:, Timestamp:2022-07-15T00:04:56</Detail>
</Error>
Example:
curl --location --request GET 'https://${Hub-NameSpace}.servicebus.windows.net/${EventHub}/messages' \
--header 'Authorization: Bearer ${TOKEN}' \
--header 'Content-Type: application/atom+xml;type=entry;charset=utf-8'
I am aware that I can consume using the Shared Access Policy endpoints, but I was wondering if I could also do it using the Authentication Token from AAD.
I have a feeling that I should only need to provide the Consumer Group, but I cannot find any documentation on doing this.
In the previously linked article it states:
This article gives you an example of getting an Azure Active Directory (Azure AD) token that you can use to send events to and receive events from a Service Bus namespace.
However it shows no examples on receiving events.
Receiving events is not supported using the Event Hubs REST API.
In order to consume events, you'll need to either use the AMQP or Kafka protocols. The easiest path to do so is using one of the official SDKs. More information can be found in the Event Hubs Getting Started Guide.
I was hoping to see some examples on how to implement Dynamic client registration that generates client credentials for an OAuth2 flow on AWS.
Any references?
DCR generally works like this, but can vary quite a bit depending on the client scenario. Hopefully this gives you the general flavour of things:
STEP 1: GET A DCR ACCESS TOKEN TO USE FOR REGISTRATION
Typically this involves an initial OAuth flow with a dcr scope, to get a DCR access token, needed to register:
curl -X POST https://login.example.com/oauth/v2/token \
-H: "Content-Type: application/x-www-form-urlencoded" \
-H: "Authorization: some-credential" \
-d client_id=initial_client
-d scope=dcr
STEP 2: REGISTER AND GET A UNIQUE CLIENT
This involves a POST with a JSON request and response, simplified below:
curl -X POST https://login.example.com/oauth/v2/registration \
-H: "Authorization: dcr-access-token" \
-H: "Content-Type: application/json" \
-d grant_types=[client_credentials] \
-d scope='openid profile transactions'
The response then typically has quite a large payload, but in particular a unique client ID and secret are returned:
client_id: cj348034t534tu90
client_secret: h7890g723470fghfgh42rt
other-fields: ...
STEP 3: USE THE UNIQUE CLIENT
From that point onwards the client just uses the client ID and secret to get application level tokens:
curl -X POST https://login.example.com/oauth/v2/token \
-u "cj348034t534tu90:h7890g723470fghfgh42rt" \
-H: "Content-Type: application/x-www-form-urlencoded" \
-d scope='openid profile transactions'
DYNAMIC BUSINESS
DCR is quite a powerful concept and one scenario that showcases it is Open Banking, where approved merchants can automatically onboard and start calling bank APIs. In this case the initial DCR access token is retrieved based on Mutual TLS trust and other regulatory checks.
PROVIDERS
DCR features are provided by more advanced OAuth providers and I doubt it is supported by Amazon. Curity has plenty of resources on the design patterns though, so if you want more info, see these resources:
Curity Website - with a search for DCR
Introductory Video
In this link
https://cloud.google.com/ai-platform/prediction/docs/reference/rest/v1/projects.models/list, there is a "try this API" section.
I have given my project details and clicked on execute, it is not returning the versions or models in my project. it is only giving 200 as the response. I have given ML Engine Admin and ML engine developer as the roles to the IAM. what additional configuration should we do?
It may not have anything to do with your question,
I use "Vertex AI", not "AI Platform".
I was able to get a list of models below.
curl -X GET -H "Authorization: Bearer "$(gcloud auth application-default print-access-token) https://us-central1-aiplatform.googleapis.com/v1/projects/my-project/locations/us-central1/models
https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.models/list
(I thought you wouldn't get it back with code 200 if it was a permission issue.)
The issue is not with the permissions, because if it was it wouldn't return 200 (HTTP is OK). Moreover, the roles that you have assigned havethe sufficient permissions to use that service, which is ml.models.list.
I have tested the Try this API section and it also gave me the 200 response without any model(s) on the response body. I went ahead and called the API directly and it succeeded on giving me the models and versions. You can use the following command:
curl -X GET -H "Authorization: Bearer "$(gcloud auth application-default print-access-token) https://ml.googleapis.com/v1/projects/<YOUR-PROJECT>/models
It seems to be something with the call that the Try this API section is doing, however the API seems to be working as expected.
I tried to access Google's Datastore through their REST Api. It says that they allow authentication through the API-key. However it doesn't seems that I can get it to work any where. I copied the snippet generated from their Try this API page.
curl --request POST \
'https://datastore.googleapis.com/v1/projects/PROJECT_ID:runQuery?key=[YOUR_API_KEY]' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{"query":{"filter":{"compositeFilter":{"op":"AND","filters":[{"propertyFilter":{"property":{"name":"id"},"op":"EQUAL","value":{"stringValue":"ID"}}}]}},"kind":[{"name":"NAME"}]},"partitionId":{"namespaceId":"NAMESPACE_ID","projectId":"PROJECT_ID"}}' \
--compressed
But it keeps returning me an 401 error.
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
It looks like it require me to use OAuth instead, which is not what their documentation says. Anyone experienced something similar?
You are using an API key which is incorrect.
This link details which services support API Keys. Cloud Datastore is not one of them.
Using API Keys
You want to use an Access Token which is derived from Service Account credentials.
Review this document.
Using OAuth 2.0
The steps to generate an Access Token:
Load the service account credentials json file.
Extract the client_email, private_key and private_key_id.
Create a json payload.
Call the authorization URL: https://www.googleapis.com/oauth2/v4/token
This returns a json object. Extract the access_token.
Use the access_token instead of an API Key.
There are examples on the Internet in various languages. The link will get you started. The process appears complicated, and it is, but once you understand it, generating Access Tokens is easy and they can be reused until they expire (typically 60 minutes which you control).
This document on Google Cloud Storage authentication is the same for Cloud Datastore. The key is understanding "Authorization: Bearer" which is a header you need to include with your curl request.
Authentication
I am recently doing projects on openstack. I start it. I want to access openstack account through RESTful API. I read the API guide in the official website. The link is here http://developer.openstack.org/api-guide/quick-start/api-quick-start.html#authenticate.
I do the same way to do the authentication.
Here is my command:
curl -s -X POST https://url:5000/v2.0/tokens -H "Content-Type: application/json" -d '{"auth": {"tenantName": "MyTenantName", "passwordCredentials": {"username": "'"myAccountNme"'", "password": "mypassword"}}}'
But everytime I just get 401 (Unauthorized) response said The request you have made requires authentication. The error message is here.
What's wrong with my request? My username and password is correct, I can use it to access my account from dashboard.
Since you are using https, I think you get the error message because you do not specify a certificate. Use the --cert or --cacert option of curl. Something like this:
curl --cacert <your_crt_file> -X POST https://url:5000/v2.0/tokens -H "Content-Type: application/json" -d '{"auth": {"tenantName": "MyTenantName", "passwordCredentials": {"username": "'"myAccountNme"'", "password": "mypassword"}}}'