Trestle Request unsuccessful. Incapsula incident WebApi error - json

I'm working with Trestle which is real estate MLS service to get property data etc. I have followed their WebApi docs but I'm getting this error whenever I hit their api it looks like their server thinks that request is from some BOT. Even they recommend using Postman to test api:
Its been 3 days and still cant find any fix. Any help?

You do not seem to be following this documentation correctly.
https://docs-trestle.corelogic.com/GettingStarted/WebAPI
At the moment you are entering the token URL (https://api-prod.corelogic.com/trestle/oidc/connect/token) in the main Postman request URL field. The documentation states that you should use the Get New Access Token button on the Authorization tab of a request. You are entering the token URL in the main Postman request URL field.
This is a default flow for oAuth 2.0 requests in Postman.
https://learning.postman.com/docs/postman/sending-api-requests/authorization/#oauth-20
Example:
This could be your request to retrieve data:
https://api-prod.corelogic.com/trestle/odata/$metadata
On the Authorization tab you should select oAuth 2.0; select Get New Access Token and you will see a view which gives you the functionality you are looking for.
When successful, you will get a pop-up which you need to accept in order to use the API.

Related

Google Apps Script return 405 for POST request

I have a problem with handling POST requests in Google Apps Script. I've created simple project with following functions:
function doGet(e){
return ContentService.createTextOutput("test").setMimeType(ContentService.MimeType.TEXT);
}
function doPost(e){
return ContentService.createTextOutput("test").setMimeType(ContentService.MimeType.TEXT);
}
When I try to send a GET request from postman I get correct response - as expected. However when I try to send POST request I get 405 Method not allowed and HTML error page in response. In deployment settings I set that it should execute as me and should be accessible to everyone.
What am I missing? How to make POST requests work with Google Apps Script?
EDIT:
So as Heiko Theißen wrote below there is 302 redirect at first.
As I can see Postman follows that redirect and sends POST once again to new URL but this request fails and I still don't know why unfortunately. I can see in security section that there is header Allow: HEAD, GET.
I cannot see any preflight request from Postman (as TheMaster suggested).
About reproducibility: I've pasted complete content of google apps script, and I mentioned that I am making request from postman. Here is link to current deployment of that script: https://script.google.com/macros/s/AKfycbyHdVpclM7pH1BB3IzwNjtcH07DF75H8ldqeLQCwQnX71lMs371g-UO-i8JaI5_zRqrDw/exec
Also here is screenshot from Postman - I'm just sending empty POST request without any custom headers. Tried also sending plain text or json as payload but results were the same each time.
So back to my original question: How can I receive POST request successfully in google apps script deployed as Web App?
I make it workable from postman by disabling the annotated option from settings.
If the preflight explanation given by TheMaster does not solve your problem, the following might help:
Requests to Google Apps Script always happen in two stages: The first request draws a redirection response to a generated URL, and the second request to that URL draws the response that you programmed (the text output "test").
When the first request is a POST request, the redirection response has status "302 Found", and the specification is ambiguous about what method the second request should have:
Note: For historical reasons, a user agent MAY change the request
method from POST to GET for the subsequent request. If this
behavior is undesired, the 307 (Temporary Redirect) status code
can be used instead.
Google Chrome makes the second request as a GET request (without repeating the POST payload, which the server already knows under the generated URL) and this works.
However, if your browser or Postman client does not change the method and makes the second request again as a POST (and your screenshot shows this is true), the server does not accept this and responds with "405 Method Not Allowed".
In other words: Google Apps Script expects the second request to be a GET request, but not all clients behave like that, because the specification is ambiguous at this point. Workarounds:
You can influence the behavior of Postman so that it does not preserve the POST method between the first and second request. See here.
Google Apps Script could avoid the ambiguity by responding to the first request with "303 See Other", but it does not. Perhaps create an issue for that?

Get a 3-Legged Token with Authorization Code Grant gives an Error AUTH-004

In our application we have a angular frontend app which has Autodesk login for BIM 360 document. After user is logged in frontend we are retrieving 3 legged authorization code from Autodesk and pass it to C# backend where we are using the code to get the access_token and refresh token.
We are using this to get the authorization code -
https://developer.api.autodesk.com/authentication/v1/authorize?response_type=code&client_id={client_Id}&redirect_uri={callbakcurl}&scope=data:read
Using this to get access_token from the code -
https://developer.api.autodesk.com/authentication/v1/gettoken
We are getting the below error -
{
"developerMessage": "The authorization code/refresh token is expired or invalid/redirect_uri must have the same value as in the authorization request.",
"errorCode": "AUTH-004",
"more info": "https://forge.autodesk.com/en/docs/oauth/v2/developers_guide/error_handling/"
}
We make sure that our redirect_url is correct/same to get the authorization code and get the access_token.
Can anyone help me with how long this authorization code is valid for?
A couple of things to check:
As #KingJ mentioned already, make sure that your redirect URL is url-encoded; same for the scopes, I believe the : symbol (and spaces if there are multiple scopes) should also be encoded
Note that the code you obtain from the first HTTP call is only valid for a very short amount of time (units of seconds); you should make the second HTTP call as soon as you have the code available, otherwise it'll expire
What is the body of the 2nd request? Are you setting all the params marked as required in the docs?

Not Found Error On Google Geolocation

When i have put the url below to my browser adress bar i get a 'not found' text.
https://www.googleapis.com/geolocation/v1/geolocate?key=API_‌​KEY
I have registered my app at console and get a api key for that application. I have even provide my credit card data at console and started my trial membership.
I am expecting that it returns me some json. But it doesn't. Why google is not recognize my api key and gives me not found page?
The URL https://www.googleapis.com/geolocation/v1/geolocate?key=API_‌​KEY is for sending POST requests. Since you are navigating it directly in your browser, it won't return any result.
You need to send a POST request with Request body to get the desired result.
Please refer to the Documentation page for Geolocation requests to get more information on creating your Request.

Integration of Spring Oauth2 implementation with the HTML front end using javascript

I am implementing spring oauth2 for securing my rest api. Basically i am limiting the use of rest api to particular users rather then limiting to every users.
I had implemented the backend and secured my api using spring oauth2.
I am following this steps:
1)Send the GET request with the five parameters.
localhost:8080/SpringRestSecurityOauth/oauth/token?grant_type=password&client_id=Awyi123nasdk89&client_secret=asdj39m32##$s&username=rahul#gmail&password=rahul#9831
2) Server validates the user with the help of spring security and return the json response with access code.
{
"access_token": "22cb0d50-5bb9-463d-8c4a-8ddd680f553f",
"token_type": "bearer",
"refresh_token": "7ac7940a-d29d-4a4c-9a47-25a2167c8c49",
"expires_in": 119
}
3)I access protected resources by passing this access token as a parameter, the request goes something like this:
localhost:8080/SpringRestSecurityOauth/api/users/?access_token=8c191a0f-ebe8-42cb-bc18-8e80f2c4238e
4) In case the token is expired, user needs to get a new token using its refreshing token that was accepted in step(2). A new access token request after expiration looks something like this:
localhost:8080/SpringRestSecurityOauth/oauth/token?grant_type=refresh_token&client_id=restapp&client_secret=restapp&refresh_token=7ac7940a-d29d-4a4c-9a47-25a2167c8c49
All the above step are working fine. Now i need to implement this on my client side. So that a particular client can access this call. I am using HTML/CSS as client side technology.
How client can get the access token? Should it be stored in the browser local storage? Or it should be generated every time the rest call is been made?
Any example would help me to proceed further.
I'm implementing my project like you. I use angularjs and get the access token from response json then store it into cookies.
This link provide sample code for you: http://www.baeldung.com/rest-api-spring-oauth2-angularjs. (See Frontend - Password Flow).
Because refresh token should keep secret and the client is html app, you should see this link http://www.baeldung.com/spring-security-oauth2-refresh-token-angular-js for handling refresh token.
For html client, after obtaining access token using refresh token when access token is expired, I use http-auth-interceptor ([http]://witoldsz.github.io/angular-http-auth/) to retry all rest requests failed because of expired access token.
I'm sorry that I have not enough reputation to post more than 2 links.

Getting a weird error hitting Google Apps Script from Node REST clients

I am setting up a simple Google App Script to get some data from a spreadsheet to an external app. When I open the url from my browser or curl I get the proper JSON response.
See for yourself, here is the url:
https://script.google.com/macros/s/AKfycbwUqrOsqQk4rk0lY97Wl4bRsHVk6_CMVPz3hGHeyc3H2ZCahCIY/exec
You should get a JSON response. I would like to have a node app make a request to that URL and parse the JSON response. I am attempting with two different clients, restler and request, and with both I get this error:
Error: 140735264762208:error:0607907F:digital envelope routines:EVP_PKEY_get1_RSA:expecting an rsa
key:../deps/openssl/openssl/crypto/evp/p_lib.c:288
Any recommendations?
I believe this is a known Node.js issue that there is already a fix in progress for - https://github.com/joyent/node/pull/4827