invalid_request could not parse claims parameter - banno-digital-toolkit

I am having a problem making a request to the Banno Plugin I do not have this issue when the "View More" section is clicked. I belive that I have found the issue but looks like I cannot reach out to banno directly so wanted to see if there is anyone that has seen this issue.
When reaching out to the auth "a/consumer/api/v0/oidc/auth" endpoint I have assigned claims to the payload
{"userinfo":{"address":null,"birthdate":null}}
But when reviewing the error request I get a invalid_request could not parse claims parameter request on the claim but the claim is no longer the claim I gave it and is injecting /a/consumer/api to the first json object like below:
{"userinfo":{"address":/a/consumer/api,"birthdate":null}}
When I use the Card Action to this external application it works as expected but while in the plugin card it fails due to the parsed claim.
Any feedback would be helpful?

Out of curiosity, are you URL encoding the characters claims payload?
The example you've given:
{"userinfo":{"address":null,"birthdate":null}}
...would look like this once it is encoded:
%7B%22userinfo%22%3A%7B%22address%22%3Anull%2C%22birthdate%22%3Anull%7D%7D

Related

iTunes Store Customer Reviews API XML Endpoint Broken

I used to use the XML endpoint because it provided review dates for each review called 'updated'. This is not contained in the JSON endpoint. However, the XML endpoint stopped working. I get the error seen below:
Web Server Error
Description: The host did not return the document correctly.
Has anyone experienced the same issue? Any workarounds? Do you anticipate this will ever be fixed by Apple? Do you think the JSON endpoint might be taken down any time soon?
XML Endpoint (Broken)
https://itunes.apple.com/us/rss/customerreviews/id=1145275343/mostrecent/xml
JSON Endpoint (Working)
https://itunes.apple.com/us/rss/customerreviews/id=1145275343/mostrecent/json
It appears the XML endpoint is up and running again. No more Web Server Error. Hopefully the endpoint stays up.

How can I tell whether a web service is "Restful" (as it claims to be)?

I am trying to work with a service that its creators describe as "restful"
To make a request to this service I have to post some Json e.g.
{
"#type" : "Something"
"$value" : 1
}
This is posted to a URL similar to this;
https://someSite.com/api/query/execute
No matter what the nature of the request, whether I am retrieving info, adding or updating it I must always use this URL (along with some header values to verify my credentials). The effects of posting to this service are determined by the JSON I send.
Depending on the nature of the call I will receive some JSON very similar to the sample above. This JSON never includes another URL (or part of one). It is always a "data object" i.e. a set of properties and their values. Sometimes I receive an empty response but know that the request has had an effect because I can view those effects through a website provided by the service provider
I have particular issues with ENUM values that I must send because I have no idea of the allowed values (they are always passed as strings)
No documentation has been provided for this service.
I am relatively new to RESTful services and JSON and would like to know whether this is truly a restful service, and if not why not?
Due to my lack of experience in this area I may have omitted some important information that would be required to properly answer this question. I will watch the comments closely and try to provide any additional clarification requested
know whether this is truly a restful service, and if not why not?
It isn't.
One of the main principles of REST is that "things" are identified by URLs. Having a single URL for all interaction with the API violates that principle.

WooCommerce api authentication error oauth_consumer_key parameter is missing

I try to fetch all product data list in json from WooCommerce API and type address bar http://www.batata.in/wc-api/v3/orders. But it give an error:
{"errors"[{"code":"woocommerce_api_authentication_error","message":"oauth_consumer_key parameter is missing"}]}
I tried all things but issue is not fixed. Rest API is on.
If anybody know any other way to find product list in json format from WooCommerce WordPress plugins, then please tell me.
I have faced the same problem. After some research, I have solved this issue. Kindly check that your site secure or not [http or https]. I missed the "s" for http.
Please note that you need to provide consumer key, nonce, signature with your rest api call. Following is the format which worked for me.
http://SomeURL.com/wc-api/v2/orders?oauth_consumer_key=########&oauth_timestamp=######&oauth_nonce=#############&oauth_signature_method=HMAC-SHA256&oauth_signature=##########################
For generating nonce and signature I recommend you use some wrapper available for your platform. I used php so got a nice library here.
https://github.com/woocommerce/wc-api-php
Important:- Even after following all above steps correct I got the same issue you faced. It kept giving me error "oauth_consumer_key parameter is missing" which actually was misleading. The issue I figured out was the basic http auth. I had http authentication in place so the curl request I used to fire was returning 401 unauthorized. If you are using php you will understand following line.
curl_setopt($this->ch, CURLOPT_USERPWD, "USERNAME:PASSWORD");
And it worked. So point here is you can try this or play around with your curl/socket or any client you are building and don't focus on the error message as it is misleading most of the time.
Sandipa Mukherjee's answer is right.
For http:// additional oauth parameters are required, because it's not safe.
My suggestion is to use the https:// server for wordpress.
Please refer to https://scriptstown.com/how-to-setup-cloudflare-ssl-and-configure-origin-certificate-for-apache/

how to reverse engineer an http API call using REST console

I'm trying to replicate a request I make on a website (ie zoominfo.com) using the same http POST parameters using chrome rest console, but it fails for some reason. I'm not sure if there is a missing field or it's not working because the origin of the request isn't valid.. can someone point me out in the right direction? Below is a detailed explanation of the experiment:
ORIGINAL CASE
basically if I go to zoominfo.com (registered and all) I see a form page that I need to fill:
if I hit enter.. the site makes an ajax call. If I open the chrome web dev tools, and open the network tab, I see the details of the ajax call:
notice the body of the POST has the name John Becker in it:
{"boardMember":{"value":"Include","isUsed":true},"workHistory":{"value":"CurrentAndPast","isUsed":true},"includePartialProfiles":{"value":true,"isUsed":true},"personName":{"value":"john%20becker","isUsed":true},"lastUpdated":{"value":0,"isUsed":true}}
the response is shown under the respones tag:
WHAT I'M TRYING TO DO
basically replicate what i've done above using a REST console (note: so there is nothing illegal here.. i'm just replacing a chrome browser action with a rest client action.. i'm not hacking anyone and i'm not getting information I can't get the normal way, but if someone feels otherwise.. please let me know)..
so I plug in the same parameters as above into the rest console:
now i'm not sure about authentication.. but just to be safe, i entered the same user name and pwd i have for the site into the REST console:
but then I keep on getting an error as a response to my rest console's request:
UPDATE: CORRECT ANSWER:
so according to JMTyler's answer.. I had to simply include criteria in the RAW body, and convert it to url encoding.. in addition to that, I had to explicitly set the encoding in the rest console body..
looking at the chrome inspector more closely, it turns out that I simply had to click on view source:
to get the url-encoded value that I needed to put in the RAW body in the rest console:
I also had to set encoding to gzip,deflate,sdch and things worked fine!
The form is posting all that JSON under the field criteria. You can see this in the screencap of the chrome dev console you posted.
Just start your raw body in rest console with criteria= and make sure the json has been url-encoded. That should do it.
No authentication is needed because none is passed through the headers in your screencap. Any cookies you have when you load the page normally will also be loaded through rest console, so you don't need to worry about explicitly setting them.
Reading your problems I'll make an educated guess:
zoominfo does not provide an RESTful API.
Rest-Console understands and uses HTTP Authentication, which is different from the authentication handler zoominfo implemented.
A possible way to work around may be:
Make a call to the login-page via rest console. you'll get back cookies and a lot more.
In subsequent requests to zoominfo be sure to include those cookies (likely holding some session information) in your request, therefore acting like a browser.

Contact API directly from URL in browser

I am trying to understand how POST and/or GET methods work in terms of the actual browser.
I am attempting to contact an API which requires API key, method you wish to use on their side, and an IP address at the minimum.
My original idea was to do something like this:
I feel like I'm on the right track, it does something and gets an error as opposed to telling me the page does not exist. I'm expecting either JSON or XML in response as the API supports both but instead I get this error:
This page contains the following errors:
error on line 1 at column 1: Document is empty
Below is a rendering of the page up to the first error.
Upon studying the documentation of the API more, I found something saying that methods are called using HTML form application/x-www-form-urlencoded and the resuource models are given as form elements.
I tried researching what that means to see what the problem was and found this site http://www.w3.org/TR/xforms11/ but I'm still unclear.
Ideas?
It seems to mean that the application is expecting a POST method but you're doing a request with a GET method (when you use the querystrings).
Since you can't just do browser requests using POST using the address bar, you may need to:
Construct a simple JS function that does a xmlhttprequest request using that method instead, and running it from the console;
Create a simple HTML page that automates the above process, allowing you do make POST calls;
Using CURL instead, which is a great tool for testing those kinds of requests.