I'm trying send a request to
https://graph.facebook.com/{pageID}
It returns an error which tells me that I don't have an authorization token.
How can I generate an authorization token for these requests?
Related
I am trying to call this web api using postman. In order to use it you must apply for a personal token via email before (see here at the beginning of the page indicated as "Personal token request", you must send an email requesting a personal token).
So I have requested a personal token and once I have it I am trying to call above indicated method, this one.
So I configure postman as below screenshots show. I only fill in the Authorization (with my token) and the headers tabs. I indicate GET as verb and as url: https://api.esios.ree.es/indicators
Authorization:
Headers:
When I send the request I get error:
HTTP Token: Access denied.
UPDATED:
It doesn't work...
UPDATED - ATTEMPT #2
Finally I have solved it by setting authorization "No Auth" in Authorization tab and instead set Authorization token in the header tab.
I am looking to create an API using the Django REST Framework which will authenticate using a separate authentication server by means of its introspection endpoint. The authorization flow should look something like the following.
The client provides either user credentials or a refresh token to the token endpoint on our authentication server.
If the provided credentials or refresh token are valid, the authentication server responds with an access token and a refresh token.
The client then sends the access token to the API when requesting a resource.
The API verifies the provided access token using the introspection endpoint on our authentication server.
The authentication server responds letting the API know if the access token is valid.
If the access token is valid, the API responds to the client with the requested resources.
Step 4 is the part I'm after, and the Django OAuth Toolkit looks like it provides an option for exactly this. In the section about setting up a separate resource server it states that it allows the application to verify access tokens by use of an introspection endpoint.
So I followed the setup for the Django OAuth Toolkit, and pointed the RESOURCE_SERVER_INTROSPECTION_URL toward the introspection endpoint on our authentication server. Then I acquired an access token from our authentication server and provided it to the API as an Authorization header, but I get the following response.
Content-Type: application/json
WWW-Authenticate: Bearer realm="api",error="invalid_token",error_description="The access token is invalid."
Vary: Accept
Allow: GET, HEAD, OPTIONS
Content-Length: 58
{
"detail": "Authentication credentials were not provided."
}
If I don't provide a token I get the same response body, but no WWW-Authenticate header. The strange part is that the introspection endpoint never receives a POST request, which it should be sending to verify the access token.
So did I misread the documentation, or am I doing something wrong? Why isn't this working as I expect?
I have developed an api wgich is protected using token authentication. I m able to fetch the token once when logging in to the webapp. The token is stored in a cookie. Every call to the api contains the token. But what after the token expires?
I've been unable to figure that out. How should I request a new one? I know I can request a new token using the login credentials. But what if the token expires every 300 seconds?
And what is the ideal duration before it expires?
Have I kept it too short-lived?
Any help is appreciated.
I'm trying to test my web server's login with Postman. First, I send a GET request to my login url, and I get a CSRF token as a cookie. Then, I make a POST request to that login page, with my username, password, and CSRF token.
My problem is, when I do this in Postman, I get a 403 forbidden error when I try to make that POST request to login. I'm copying the CSRF token received and putting it as one of the POST parameters, and I'm using a valid username and password. Is there anything I'm overlooking here?
You need to set it as a header in the request, not in the body. X-CSRFToken is the key and the value is CSRF token from the cookie. This will work if you are using an API framework like Tastypie or Django Rest Framework.
If you are authenticating without an API layer you would need to actually attach the cookie or create one with the CSRF token. This post explains it.
Try installing the Postman Interceptor Extension on GoogleChrome. It worked for me.
Works for me :
Set in Postman Header :
KEY : Authorization
Value : Token "Your token"
I am attempting to refresh a LinkedIn user's access token given their current access token. This is the documentation that I am following: http://developer.linkedin.com/blog/tips-and-tricks-refreshing-access-token
The steps I follow:
Make a POST request to the requestToken endpoint (https://api.linkedin.com/uas/oauth/requestToken)
Make a POST request to the authenticate endpoint passing the request token as a parameter.
After this the response should be a newly refresh access token but I am receiving a 302 response instead.