I have an IOT thing on my AWS account. Using python code I can easily get status and update device shadow via REST api but when I try to use postman to get or update device shadow it gives me an error saying "credential should be scoped to correct service".
I am 100% sure that credentials and permissions are correct because using python code I can make successful requests. I used this link https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-use-postman-to-call-api.html but its not giving me device updates.
Here is the screenshot for request.
Error message
I got this error when the Service Name was set to 'execute-api' (as indicated by the documentation you point to) instead of 'lambda'.
Related
Trying to figure out how to use Google's play-integrity api to verify nonces.
I've hit this roadblock and am unsure what other things I could try to debug and get more information out of this API. Below is a series of steps I've taken to get to the point I'm currently at.
What I've done:
Created a service account within the Google Cloud project with the grants:
Service Account User and Service Usage Consumer
Setup Google Auth Default Credentials
Set environment variable:GOOGLE_APPLICATION_CREDENTIALS by pulling down imported json from service account.
Where I'm at now:
Used google-api-client to build and call playintegrity, resulting in the response:
Code snippet:
response = service.v1().decodeIntegrityToken(
packageName='com.myapp.package',
body={
'integrityToken':'superLongString'
}
).execute()
raise HttpError(resp, content, uri=self.uri)
googleapiclient.errors.HttpError: <HttpError 400 when requesting
https://playintegrity.googleapis.com/v1/com.myapp.package:decodeIntegrityToken?alt=json
returned "Integrity token cannot be decoded due to invalid arguments.".
Details: "Integrity token cannot be decoded due to invalid arguments.">
What I'm trying to do:
I'm trying to better understand how to call decodeIntegrityToken with the right parameters or configurations to retrieve a 200. It is not immediately clear to me which of it is is and what the next steps to debug are.
Resources used:
https://developer.android.com/google/play/integrity/verdict#returned-payload-format
Decode integrity token using Google PlayIntegrity API
If you are receiving an INTEGRITY_INVALID_ARGUMENT check one of the following:
arguments in body_request are incorrect.
integrity_token, which is retrieved by google upon sending over a nonce. Note that this integrity_token needs to be correct or else it will still send the same error message above.
I am trying to get the list of userpools in aws cognito this error code arrises
Host URL: https://cognito-idp.us-east-1.amazonaws.com/ListUserPools?Version=2016-04-18
I am using postman it calculates aws signature correctly so no problem in that...
AWS ListUserPools : https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUserPools.html
Where to place that request syntax on the documentation link ????
You have to either use the AWS CLI or any of the AWS SDKs to make this call. You can't just do it using postman. Scroll down to the documentation link you have posted. Now select any of the SDKs that you want to develop using. Then follow the documentation for that language.
I'm doing PoC of some GSuite custom solution which needs to listen to changes on users resource. I've created a GSuite account, linked it (and verified) with mytestdomain.com. It's also verified in API console. Basically followed instructions from https://developers.google.com/admin-sdk/directory/v1/guides/push
and fulfilled all requirements from there.
Unfortunately when I try to register my web hook I'm getting following error:
Watch request denied by backend [403]
Errors [
Message[Watch request denied by backend] Location[ - ] Reason[watchDenied] Domain[push]
]
I stuck with it and don't know where too look for more details about that error.
I'm using a certificate generated by Let's encrypt, but tested it with https://www.ssllabs.com/ssltest/ and got rank A. How to check if Google API treats Let's Encrypt as trusted CA?
Problem wasn't anyhow related to Let's Encrypt certificates. They're working just fine with Google's push notifications. I've contacted with Google support and with their help I've established that sending a request with showDeleted parameter set to true was a root cause of above problem.
Support guy claimed that documentation was copied from list method and that parameter cannot be used with watch method and they're going to update docs of watch method in API reference. (However it's still there).
Here are the exact steps I just followed to setup a Lambda function behind and API Gateway.
1. Select blueprint
2. Add trigger
3. Configure
4. Create Role
5. Create Function
6. Congrats
7. Deploy API
However, when I visit the endpoint:
https://hq1hf4tmlf.execute-api.us-west-2.amazonaws.com/prod/myLambda
I get the following error:
{
"message": "Missing Authentication Token"
}
The error you are getting is because the API key isn't included when you invoke the API through the URL alone.
With the way you currently have it set up, you would need to use something like python's requests package to call the API and invoke the lambda:
import requests
CustomHeader = {'x-api-key': YOUR_API_KEY}
Response = requests.get(YOUR_API_URL, headers=CustomHeader)
Or, you could go back into your API's configuration (under Your API/Resources/API Call/Method Request) and disable use of your API key for that call, but is a very insecure option.
You may want to check if you have a web security service or web filtering proxy installed on your device that might be stripping off JWT/auth tokens from requests going out of your work/home network. I had the same problem where I was getting “Missing Authentication token” error while trying to create a lambda function on my work laptop. After struggling for few hours, I switched on to my personal laptop and was able to create the lambda function successfully in the first attempt. I then tried again on my work laptop with fiddler turned on and noticed that even though the auth credentials were setup properly in my outbound request, I was still getting “x-amzn-ErrorType: MissingAuthenticationTokenException” from AWS in the response. I turned off the web security proxy service on my work laptop and I was able to create Lambda functions successfully. Hope it helps.
We have been using Amazon SNS to send Android push notifications since April this year.
Pushes have sent with no problem, however there has never been any record of calls to the Cloud Messaging API in the Cloud Console (seems odd?).
Today I created a new API key for the Static Map service (unrelated) and renamed our Cloud Messaging API key (only the name, the key is the same). From this point no pushes have been sent, and trying to create a new platform application (or update the existing one) in AWS results in:
Invalid parameter: Attributes Reason: Platform credentials are invalid (Service: AmazonSNS; Status Code: 400; Error Code: InvalidParameter; Request ID:)
I have also tried manually making calls to the https://gcm-http.googleapis.com/gcm/send endpoint using the key which results in Unauthorized (401).
Interestingly, I can make calls to the above endpoint using the key I created today, however they fail on MismatchSenderId.
I can't see a lot of the previous options that the Cloud Console had (server / browser keys, etc) within the API Manager?
For those who are facing this in 2017, here goes a tip:
1 - Go to your firebase console (https://console.firebase.google.com/) click on your project (which you want to use for push notifications)
2 - Click on the "three dots" on the right side of your project name and click on "Settings"
3 - Click on "CLOUD MESSAGING" on the header tabs
4 - Copy the "Server Key" (this one is bigger than your API key)
5 - Paste on the "API Key" input of the AWS Form for "Create platform application"
PS: Note that this is valid only for GCM Push Notifications.
API Key management for GCM has been moved to Firebase Console.
You can create a new Firebase Project (or import an existing cloud project) and you should obtain a new Server Key for Cloud Messaging.
see the updated documentation:
https://developers.google.com/cloud-messaging/android/client#create-an-api-project
and the stack overflow question: Where can I find the API KEY for Firebase Cloud Messaging?
if you still have problems please contact:
https://firebase.google.com/support/contact/troubleshooting
I have been getting the same error when creating Amazon SNS platform application:
Invalid parameter: Attributes Reason: Platform credentials are invalid (Service: AmazonSNS; Status Code: 400; Error Code: InvalidParameter; Request ID:)
After reaching out to the Firebase support as suggested by Diego, this is the response I got from Google:
Hope you're doing well and thanks for reaching out to us.
I'm not really familiar with Amazon SNS and looks like their integration is still with GCM, not FCM. If your app implementation is still GCM, then you need to migrate with FCM in order to use the server key in the console. See the instructions here.
Also, Firebase has upgraded the server keys to a new version. We'd recommend to use the server key instead of the legacy server key.
I hope this helps. Let me know if you have any other concerns. Thank you.
This indicates that we'll have to change our app code. We were able to make this work for another app in out organization by creating a new firebase project and using the Legacy server key with Amazon SNS.
At some point we'll definitely upgrade to using FCM but at the moment we have a tight deadline.
Update:
So finally what worked for us is using the 'Server Key' under Project Settings --> Cloud Messaging . The app still uses the GCM implementation. Amazon SNS is happy with this key and generated a GCM platform push application. The pushes work !
Still confused about why the 'Legacy Server Key' does not work for one app but is ok for the other. But I am not digging into it any further.
For those starting a new project and wondering why it is still invalid, make sure the application Key restriction is set to Android apps. In my case, it was at only set to None and when I switched to Android apps, it worked after 5 to 10min after updating it. You'll need to add your package name and SHA-1 certificate fingerprint.