Documentation here:
http://docs.amazonwebservices.com/AlexaWebInfoService/latest/
http://awis.amazonaws.com/?
Action=UrlInfo
&AWSAccessKeyId=[Your AWS Access Key ID]
&Signature=[signature calculated from request]
&SignatureMethod=[HmacSha1 or HmacSha256]
&SignatureVersion=2
&Timestamp=[timestamp used in signature]
&Url=[Valid URL]
&ResponseGroup=[Valid Response Group]
I don't understand this...
&Signature=[signature calculated from request]
&SignatureMethod=[HmacSha1 or HmacSha256]
How do you calculate the signature?
&AWSAccessKeyId=[Your AWS Access Key ID]
This does not work as well! There's no AWS secret key required here here, but it simple doesn't recognize the Access Key ID, in my account.
AWS was not able to authenticate the request: access credentials are missing
I can't do something as simple as:
http://awis.amazonaws.com/?Action=UrlInfo&AWSAccessKeyId=AKIAISCXZCPDLPUDDAVA&SignatureVersion=2&Url=http://www.google.com&ResponseGroup=TrafficData
Have you checked following things, its given in Documentation Under Authentication Errors Section:
If you get an authentication error then one of the following is probably true:
You are not signed up for the Alexa Web Information service. Even if you already have an Amazon Web Services account, you must separately sign up for the Alexa Web Information service at Amazon AWS.
Your credit card is invalid or expired.
You have not URL encoded your Timestamp and Signature values.
If you are seeing intermittent authorization errors, this is the most
likely problem. You should not see any "+" signs in your Signature, for example.
You are not generating the Signature correctly. Please see the code samples.
The clock on the computer making the requests is not set correctly.
Related
I'm following this tutorial here to attempt to authenticate using Token Based Authentication with Netsuite:
through postman using Netsuite's Postman environment, but I continue to receive "401 Invalid login attempt".
When I check the Login Audit Trail, I see that there is no role being assigned to my authentication attempts -- it's just blank. To me, this indicates that the token is not properly assigned to the User/Role, but I've walked through the directions several times and everything appears to be setup properly.
I've seen other similar posts about this, but those seem to boil down to the Netsuite Account ID formatting. However, my Netsuite Account ID is all numbers, so I don't think this is a factor.
This should work fine assuming you have created an integration and an access token. Configure Oauth 1.0 in postman with the following fields filled out correctly:
signature method (should be HMAC-256)
consumer key (from the integration you created in netsuite)
consumer secret (from the integration you created in netsuite)
access token (from the access token created in netsuite)
token secret (from the access token created in netsuite)
realm (your account id, if using a sandbox, make sure the realm looks like 1234567_SB1, with an _ and not a -)
You won't be able to complete TBA using postman because using netsuite TBA requires a callback URL that netsuite will redirect you to with the necessary credentials (access token and & token secret).
I'm having this exact same issue. I have custom code written in Salesforce APEX that is connecting to NetSuite just fine. We also have a Workato integration that is connecting to NetSuite just fine.
No matter what I do in Postman, I get a 401 Invalid Login response. I'm losing my mind...
I finally got this to work for me. Postman had a request header of "Connection"="keep-alive". Once I removed that it worked fine! Wow.. I've been trying to get this to work for weeks, looking at it every few days for an hour or two. What a frustrating error message "Invalid Login".
I need to export a list of groups in G Suite to compare with the source from a recent migration from another mail provider. I'm stuck, trying to get Postman desktop client to connect via api to the Directory API of our g suite instance.
Basically I'm an API noob and have no idea how to get the two to talk. I've setup an OAuth2 client ID and Secret, but not sure of what settings to use in Postman to get authentication up and running. Using Authorization code or Client ID as the option for "Grant Type", either way I get a 401 error.
The only field I haven't entered anything in is the "Callback URL" not sure where to get it from. Seeing mixed info in Google's documentation. Do I need a service account or just the OAuth ID and secret?
Closest I've gotten is: "Invalid parameter value for redirect_uri: Missing scheme: /" using the Authentication code grant type. Left blank but I'm almost sure that is referring to the callback url.
What am I missing here? Or where do I find the callback URL if that is all?
Here is a script that should handle authorization and export a CSV of all your groups.
https://github.com/jmathai-google/all-groups-in-customer
Trying to understand how to use Cognito and API Gateway to secure an API.
Here is what I understand so far from AWS documentation and the Cognito user interface:
Clients
www-public - public facing website
www-admin - administrators website
Resource Servers
Prices - for this simple example the API will provide secured access to this resource.
Scopes
prices.read
prices.write
Again, very simple permissions on the API. Public www users can read prices, administrators can write them.
API Gateway
GET /prices - accessible to authenticated users that can read prices.
POST /prices - only accessible to administrators
Users
Administrators - can update prices via the POST method.
Non-administrators - cannot update prices.
Based on this...
Each client will request the scopes it is interested in. So for the public www site it will request prices.read and for the administration site both prices.read and prices.write.
The API Gateway will use two Cognito Authorisers, one for each HTTP Verb. So the GET method must check the user can read prices and the POST method that they can write prices.
The bit I don't see is how to put all of this together. I can make the clients request scopes but how do they now connect to user permissions?
When the token is generated, where is the functionality that says "Ok, you requested these scopes, now I'm going to check if this user has this permission and give you the right token?"
I understand that scopes ultimately related to the claims that will be returned in the token.For example, requesting the profile scope means that the token will contain certain claims e.g. email, surname etc.
I think based on this that my permissions will ultimately end up being claims that are returned when specific scopes are asked for. The fact that the two clients differ in what they request means that the prices write claim an never be returned to the public www client. It would never issue a token if the prices.write claim was requested.
What I can't see is where this fits in Cognito. There is the option to put users into groups but that is pretty much it. Likewise, there is nothing (that I could see) to relate scopes to claims.
I'm coming from a .Net and Identity Server background. Certainly in the last version of Identity Server I looked at there was a handler method where you would work out which claims to put into a token. I guess this would map into one of the custom handler lambda functions in Cognito. From there this would need to query Cognito and work out what claims to issue?
The final piece of the puzzle is how the API Gateway checks the claims. Can this be done in API Gateway or does the token need to be inspected in the Lambda function I will write to handle the API Gateway request?
Certainly using Identity Server and .Net there was a client library you would use in the API to inspect the claims and redact permissions accordingly. Guessing there is something similar in a Node JS Lambda function?
A few assumptions there as I'm basically in the dark. I think the basics are there but not sure how to connect everything together.
Hoping someone has figured this out.
I'm doing PoC of some GSuite custom solution which needs to listen to changes on users resource. I've created a GSuite account, linked it (and verified) with mytestdomain.com. It's also verified in API console. Basically followed instructions from https://developers.google.com/admin-sdk/directory/v1/guides/push
and fulfilled all requirements from there.
Unfortunately when I try to register my web hook I'm getting following error:
Watch request denied by backend [403]
Errors [
Message[Watch request denied by backend] Location[ - ] Reason[watchDenied] Domain[push]
]
I stuck with it and don't know where too look for more details about that error.
I'm using a certificate generated by Let's encrypt, but tested it with https://www.ssllabs.com/ssltest/ and got rank A. How to check if Google API treats Let's Encrypt as trusted CA?
Problem wasn't anyhow related to Let's Encrypt certificates. They're working just fine with Google's push notifications. I've contacted with Google support and with their help I've established that sending a request with showDeleted parameter set to true was a root cause of above problem.
Support guy claimed that documentation was copied from list method and that parameter cannot be used with watch method and they're going to update docs of watch method in API reference. (However it's still there).
I am using amazon's itemlookup api to get the details of an book provided the ISBN has been given to it.
I have made an request to Amazon aws with URL as:
http://webservices.amazon.com/onca/xml?AWSAccessKeyId=access_key&Keywords=0439708184&Operation=ItemSearch&ResponseGroup=ItemAttributes%2COffers&SearchIndex=Books&Service=AWSECommerceService&Timestamp=2015-03-23T16%3A04%3A21Z&Version=2009-01-06&Signature=hashed_signature
And all I get from above request is :
<Message>Your request is missing required parameters. Required parameters include AssociateTag.</Message>
Later on, I have generated an AssociateTag for myself and passed it to the the query string but that did not help either. Instead, it gave me another message that "Signature does not match."
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message>
After adding the associate tag, my query string looks like as:
http://webservices.amazon.com/onca/xml?AWSAccessKeyId=access_key&Keywords=0439708184&Operation=ItemSearch&ResponseGroup=ItemAttributes%2COffers&SearchIndex=Books&Service=AWSECommerceService&Timestamp=2015-03-23T16%3A04%3A21Z&Version=2009-01-06&AssociateTag=hemant-20&Signature=hashed_signature
Am I missing anything basic here?