so I am trying to create API using Postman followed by the instruction given in Smartsheet API: https://smartsheet-platform.github.io/api-docs/.
I am able to access my smartsheet data using the GET, it shows me details of my columns and rows. So I continued with the tutorial, I started with the following code:
// Initialize the client
var client = require('smartsheet');
var smartsheet = client.createClient({
accessToken: '----',
logLevel: 'info'
});
and I get the the error saying
Cannot find module 'smartsheet'
I have the smartsheet api package download on my desktop, but I am not sure how I can make use of it. any help would be appreciated.
Thank you.
Postman is for testing individual API requests (GET, PUT, POST, DELETE, etc.). You can't use/call an SDK (or as you've referred to it, "the Smartsheet API package") from Postman.
Also -- you should never post your Access Token publicly, as anyone can use it to gain programmatic access to your Smartsheet data. I've edited your post to remove the Access Token value but would nonetheless recommend that you revoke that token immediately so that it's no longer valid. Then you can generate a new Access Token -- but don't share it publicly!
Related
I'm trying to use the reddit api in a practice app to practice parsing JSON in Swift, and I've registered to get an access token, but now I'm confused as to where to put it. In other APIs I've used, I'd just put the access token string (?) somewhere in the endpoint url and that would be it, but I can't see anything pertaining to that in the documentation. For example if I'm trying to access https://api.reddit.com/api/v1/top/, where would I add my access token?
In the OAuth documentation is says to use the url https://www.reddit.com/api/v1/authorize?client_id=CLIENT_ID&response_type=TYPE&
state=RANDOM_STRING&redirect_uri=URI&duration=DURATION&scope=SCOPE_STRING but that seems to need:
CLIENT_ID
RANDOM_STRING
URI
DURATION
SCOPE_STRING
I plugged in all the necessary values according to the documentation, and it redirected me to the front page of reddit (I gave https://www.reddit.com/ as my redirect uri)
In previous practice apps with other APIs, I would simply have a single url (that included my auth token) and I'd plug that url into my function that parses the data. Now that I've followed the OAuth directions, I still can't seem to find an endpoint url that I can use in my app.
I tried https://api.reddit.com/api/v1/top in my browser and it says {"message": "Unauthorized", "error": 401}, and I tried https://www.reddit.com/api/v1/myAccessToken where myAccessToken is the string they gave me when I registered. This leads me to a "page not found" on Reddit.
What do I need to do here to get a basic endpoint url that gives me the JSON data for, just for example, recent posts?
I am implementing spring oauth2 for securing my rest api. Basically i am limiting the use of rest api to particular users rather then limiting to every users.
I had implemented the backend and secured my api using spring oauth2.
I am following this steps:
1)Send the GET request with the five parameters.
localhost:8080/SpringRestSecurityOauth/oauth/token?grant_type=password&client_id=Awyi123nasdk89&client_secret=asdj39m32##$s&username=rahul#gmail&password=rahul#9831
2) Server validates the user with the help of spring security and return the json response with access code.
{
"access_token": "22cb0d50-5bb9-463d-8c4a-8ddd680f553f",
"token_type": "bearer",
"refresh_token": "7ac7940a-d29d-4a4c-9a47-25a2167c8c49",
"expires_in": 119
}
3)I access protected resources by passing this access token as a parameter, the request goes something like this:
localhost:8080/SpringRestSecurityOauth/api/users/?access_token=8c191a0f-ebe8-42cb-bc18-8e80f2c4238e
4) In case the token is expired, user needs to get a new token using its refreshing token that was accepted in step(2). A new access token request after expiration looks something like this:
localhost:8080/SpringRestSecurityOauth/oauth/token?grant_type=refresh_token&client_id=restapp&client_secret=restapp&refresh_token=7ac7940a-d29d-4a4c-9a47-25a2167c8c49
All the above step are working fine. Now i need to implement this on my client side. So that a particular client can access this call. I am using HTML/CSS as client side technology.
How client can get the access token? Should it be stored in the browser local storage? Or it should be generated every time the rest call is been made?
Any example would help me to proceed further.
I'm implementing my project like you. I use angularjs and get the access token from response json then store it into cookies.
This link provide sample code for you: http://www.baeldung.com/rest-api-spring-oauth2-angularjs. (See Frontend - Password Flow).
Because refresh token should keep secret and the client is html app, you should see this link http://www.baeldung.com/spring-security-oauth2-refresh-token-angular-js for handling refresh token.
For html client, after obtaining access token using refresh token when access token is expired, I use http-auth-interceptor ([http]://witoldsz.github.io/angular-http-auth/) to retry all rest requests failed because of expired access token.
I'm sorry that I have not enough reputation to post more than 2 links.
So what I'm trying to do is to fetch data from gmail API using unix's shell (curl).
I simply copied this from the json generator to be able to play with the json when I used with curl.
GET https://www.googleapis.com/gmail/v1/users/somebody%40gmail.com/messages?
maxResults=5&includeSpamTrash=false&key={YOUR_API_KEY}
Then I changed the API_KEY by what I was able to generate in my developer console. However, I cannot get the desired json when I put the link in my browser, or curl it in my shell. How do I generate the right key? Because I already generated from all of the choices in the Credentials.
Thanks!
What you generate in the Console is the Client ID and Client secret, which are used when you redirect your users to Google. Upon accepting, Google then redirects the user to the url you specify in the console with a code. This code is then finally used to retrieve the Access Token which you should use as {YOUR_API_KEY}.
Go to Google OAuth 2.0 Playground, and use the Gmail API v1 scopes, and retrieve the access token and use it in your shell.
Is it possible to get an existing token for a user using the "/tokens" resource?
Currently, if a token exists, a 409 is returned by the POST:
Request:
POST https://api.box.com/2.0/tokens
Body: {"email":"some-email-a-token-exist-for#email.com"}
Response:
{"type":"error","status":409,"code":"conflict","help_url":"http://developers.box.com/docs/#errors","message":"Token already exists","request_id":"1568559050e4a10f78f66"}
What I'd like to be able to do is make a GET request to retrieve the existing token.
Just so you know, the /tokens endpoint is still in Beta. Even though Box released the rest of the V2 API as GA in December, that endpoint is still being worked on. We're working with a few developers to make sure we get the "instant access" mechanism easily useable, but also secure.
Let us know at api (at) box.com if you'd like to be on our /tokens advisory group.
I'm playing around with AppScript and try to get an oAuth 2.0 access token.
Any sample out there how to get this working in AppScript?
I am working on a cleaner tutorialized version of this, but here is a simple Gist that should give you some sample code on how things would work -
https://gist.github.com/4079885
It still lacks logout, error handling and the refresh_token capability, but at least you should be able to log in and call a oAuth 2 protected Google API (in this case its a profile API).
You can see it in action here -
https://script.google.com/macros/s/AKfycby3gHf7vlIsfOOa9C27z9kVE79DybcuJHtEnNZqT5G8LumszQG3/exec
The key is to use oAuth 2 Web Server flow. Take a look at getAndStoreAccessToken function in the gist to get the key details.
I hope to have this published in the next few weeks but hopefully this will help in the mean time.
UPDATE - adding in info on redirect_uri
The client secret is tied to specific redirect URIs that the authorization code is returned to.
You need to set that at - https://code.google.com/apis/console/
The highlighted URI needs to match the published URI (ends in /exec). You get the published URI from the script editor under Publish -> Deploy as web app. Make sure you are saving new versions and publishing the new versions when you make changes (the published URI stays the same).
I've modified the example above to use the newish state token API and the CacheService instead of UserProperties, which is now deprecated. Using the state token API seems to make things a little more secure, as the callback url will stop accepting a state token after a timeout.
The same caveats apply. Your redirect URIs have to be added to your (script) project in the developer's console, meanwhile you have to yank the CLIENT_SECRET and CLIENT_ID from the console and paste them in. If you're working within a domain, there don't seem to be any guarantees on what URL will be returned by ScriptApp.getService().getUrl(), so I wound up basically having it get the address dynamically, then waiting for to fail on the the (second) redirect, and then hard-coded the resulting URI.
https://gist.github.com/mclaughta/2f4af6f14d6aeadb7611
Note that you can build an OAuth2 flow using this new API, but it's not a complete sample yet:
https://developers.google.com/apps-script/reference/script/script-app#newStateToken()
In particular, you should not pass 'state' directly to the /usercallback URL yourself, because the OAuth2 service provider is responsible for round-tripping the 'state' parameter. (Instead, you pass 'state' to the auth URL, and the service provider automatically attaches it to the callback URL.)