NetSuite RESTlet NLAuth using Postman - json

I'm new in NetSuite and I tried to make a REST request using Postman I've write in header the NLAuth authorization like the line above:
Authorization : NLAuth nlauth_account=0000000, nlauth_email=at#at.com, nlauth_signature=mypassworld,nlauth_role=3
And i follow the process of this tutorial: https://community.boomi.com/docs/DOC-2676#jive_content_id_To_call_the_getRecord_RESTlet
But I receive the following response:
{
"error": {
"code": "INVALID_LOGIN_ATTEMPT",
"message": "Invalid login attempt."
}
}

Use Postman's built-in Authorization tools to build the correct OAuth1 header: https://www.getpostman.com/docs/v6/postman/sending_api_requests/authorization

It's best practice to use OAuth so credentials are not exposed. NS uses OAuth 1.0.
Realm = NS Account number
Signature Method can be SHA1 or SHA256
Make sure the "Add params to header" is checked.
Always "Update Request" before sending in order to generate proper Nonce/Timestamp
Add the Content-Type = application/json to the headers
Body must be a valid JSON object.

I've used the following doc and it help me: If the URL above don't work click in this link.
URL https://system.xx.netsuite.com/app/help/helpcenter.nl?fid=section_1530099787.html

Related

How to pass JWT(JSON Web Tokens) for authorization via url/link to graphiql

I'd like to link my web application with graphiql so users can use graphiql without requiring to manually insert the token into the headers section.
How can I pass JWT(JSON Web Tokens) for authorization from my application to graphiql eg via URL, so it is getting set in the headers configuration?
I do know the option of creating a react wrapper app and injecting via fetchers, but would rather like to keep it simpler eg via url.
Thx in advance, I really appreciate your expertise!
Click on "REQUEST HEADERS" on GraphiQL as shown below:
Then, put "Authorization" header and "JWT" keyword with JWT Access Token in REQUEST HEADERS as shown below:
{
"Authorization": "JWT your_jwt_access_token_here"
}
Be careful, if you omit Double Quotes as shown below, there is an error:
{
Authorization: JWT your_jwt_access_token_here
}
Again be careful, if you use Single Quotes to make String type values on GraphiQL as shown below, there is an error:
{
'Authorization': 'JWT your_jwt_access_token_here'
}

REST API Posting two request simultaneously with different properties fails with 403 status code due to CSRF check

I'm sending two post requests using the REST API: http://localhost:8111/app/rest/buildQueue but my second request fails with
403 Forbidden: Responding with 403 status code due to failed CSRF check: no "Origin" header is present and no authentication provided with the request, consider adding "Origin: http://localhost:8111" header.
I'm wondering why is this happening since if I run the build in the UI and change the params ex. build1 has %version=2% and build2 has %version=3% it will run parallel with each other running on different available agents.
Here's my json request:
REST API endpoint: http://localhost:8111/app/rest/buildQueue
JSON body:
{
"branchName": "master",
"buildType": {
"id": "DockerBuild",
"projectId": "Test"
},
"properties": {
"property": [
{
"name": "DOCKER_IMAGE_NAME",
"value": "test-3"
},
{
"name": "SNAPSHOT_DEPENDENCY_VERSION",
"value": "0.6"
}
]
}
}
Am I missing a parameter to be able to run builds in parallel with each other?
When you face problems regarding CSRF protection in TeamCity (for example, you get the "Responding with 403 status code due to failed CSRF check" response from the server), you can follow these steps:
If you use a reverse proxy, make sure you correctly configure Host/Origin headers, as described above. In the meantime, you may want to add the public URL of your server to CORS-enabled origins.
You can temporary disable CSRF protection at all by setting the teamcity.csrf.origin.check.enabled=logOnly internal property.
Information about failed CSRF attempts are logged into TeamCity/logs/teamcity-auth.log files. For more detailed diagnostics of the requests, enable debug-auth logging preset.
Try pass in the request header -H 'Origin: http://localhost:8111'
Maybe this can be useful for someone, I got the same error with a single POST using Postman:
403 Forbidden: Responding with 403 status code due to failed CSRF check: no "Origin" header is present and no authentication provided with the request, consider adding "Origin: http://teamcity:20011" header.
So I followed the recommendation of the error message, and in Header I added "Origin" with the value "http://teamcity:20011" and that fixed the issue. BTW, in Authorization I selected "Bearer Token" and I pasted the token generated previously through TeamCity. This is the call:
http://teamcity:20011/app/rest/buildQueue
I was just testing how to trigger a build using the API and it worked successfully. Now the following step is to implement this call using JavaScript.
Request a CSRF header with the appropriate request:
https://teamcity/authenticationTest.html?csrf
and set it in the "X-TC-CSRF-TOKEN" header of your POST request
If you specify an Access Token to the request header like Authorization: Bearer ..., you don't need to specify a CSRF token, and what you should actually check is if you're not sending Cookies.
This is from the developer in JetBrains:
If you're using a token-based authentication, there should be no need to provide CSRF token header and obtain it with authenticationTest.html call.
In this scenario, it is expected that there are no session Cookies in the HTTP request (otherwise, TeamCity will try to find a token).
I.e. basically, you should be able to do the HTTP call in no-session way by providing the Authorization: Bearer {{token}} header only.
https://youtrack.jetbrains.com/issue/TW-69566/Flaky-builds-with-CSRF-Header-X-TC-CSRF-Token-does-not-match-CSRF-session-value#focus=Comments-27-4644138.0-0
Well, the error and the documentation don't seem to explain this, though...

rest api post method not working for basic auth in meanjs 0.5.0

I tried to check post method of meanjs (0.5.0) in postman with basic auth but it doesn't seem to be working. I am giving the correct credentials.
It show below error:
{
"message": "User is not authorized"
}
Any idea what can be done?
First you should check the policies file defined for that module in /module/your-module/server/policies/ and see if the roles/permissions are ok.
Then check if the credentials you're using belong to a user that has the correct roles.
I found in ./node_modules/passport-local/lib/strategy.js that _usernameField name is usernameOrEmail instead of username.
So I passed below json object with content header as "application/json" from postman and it got connected successfully:
{
"usernameOrEmail":"test",
"password":"test"
}

Using file as payload in Advanced REST Client

I'm trying to work with the Advanced REST Client of Google.
I installed the extension, and I can work with it.
Now I wanted to use a JSON-file as input for my payload.
The JSON-file looks as follows :
{"UserName":"", "UserPassword":"","SetDebug":true}
The Content-Type is set to application/json.
But when I try to send the request I get the following error:
{
"Message": "The request entity's media type 'multipart/form-data' is not supported for this resource."
}
What am I doing wrong? Can anyone help me?
The ARC seems to override your Content-Type selection sometimes, changing it to multipart-form-data. If you select Files for the body and pick a file, it shows a message saying:
The Content-Type header will finally be changed to "multipart/form-data" during the request.
When you submit the request, it does exactly that: changes the Content-Type header. You can confirm this by looking in the Request Headers part of the output display.
I don't know if there's any way to stop it doing this :(-

How can I access auth-only Twitter API methods from a web application

I have a web application for iPhone, which will ultimately run within a PhoneGap application - but for now I'm running it in Safari.
The application needs to access tweets from Twitter friends, including private tweets. So I've implemented OAuth using the Scribe library. I successfully bounce users to Twitter, have them authenticate, then bounce back.
At this point the web app has oAuth credentials (key and token) which it persists locally. From here on I'd like it to user the Twitter statuses/user_timeline.json method to grab tweets for a particular user. I have the application using JSONP requests to do this with unprotected tweets successfully; when it accesses the timeline of a private Twitter feed, an HTTP basic authentication dialog appears in the app.
I believe that I need to provide the OAuth credentials to Twitter, so that my web application can identify and authenticate itself. Twitter recommends doing so through the addition of an HTTP Authorization header, but as I'm using JSONP for the request I don't think this is an option for me. Am I right in assuming this?
My options therefore appear to either be putting the oAuth credentials as query-string parameters (which Twitter recommends against, but documentation suggests still supports); or proxying all the Tweets through an intermediate server. I'd rather avoid the latter.
I access the Twitter API using URLs of the form
http://api.twitter.com/1/statuses/user_timeline.json?user_id=29191439&oauth_nonce=XXXXXXXXXXX&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1272323042&oauth_consumer_key=XXXXXXXXXX&oauth_signature=XXXXXXXXXX&oauth_version=1.0
When user_id is a public user, this works fine. When user_id is a private user, I get that HTTP Basic Auth dialog. Any idea what I'm doing wrong? I'm hoping it's something embarrassingly simple like "forgetting an important parameter"...
The oAuth stanza needs to be exact, as per http://dev.twitter.com/pages/auth#auth-request - I ended up building an Authorization: header that I could first check with curl.
I built it using the really helpful interactive request checker at http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
Here's a friends API request for a protected user:
curl -v -H 'Authorization: OAuth realm="https://api.twitter.com/1/friends/ids.json", oauth_consumer_key="XXXXXXXXXXXXXXXX", oauth_token="XXXXXXXXXXXXXXXX", oauth_nonce="XXXXXXXXXXXXXXXX", oauth_timestamp="1300728665", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_signature="XXXXXXXXXXXXXXXX%3D"' https://api.twitter.com/1/friends/ids.json?user_id=254723679
It's worth re-iterating that as you've tried to do, instead of setting the Authorization header via e.g. jquery's beforeSend function, that for cross-domain JSONP requests (which can't add HTTP headers) you can make oAuth requests by putting all the relevant key/value pairs in the GET request. This should hopefully help out various other questioners, e.g
Set Headers with jQuery.ajax and JSONP?
Modify HTTP Headers for a JSONP request
Using only JQuery to update Twitter (OAuth)
Your request looks like it has a couple of problems; it's missing the user's oauth_token plus the oauth_signature doesn't look like it has been base64 encoded (because it's missing a hex encoded = or ==, %3 or %3D%3D respectively).
Here's my GET equivalent using oAuth encoded querystring params, which you can use in a cross-domain JSONP call:
https://api.twitter.com/1/friends/ids.json?user_id=254723679&realm=https://api.twitter.com/1/friends/ids.json&oauth_consumer_key=XXXXXXXXXXXXXXXX&oauth_token=XXXXXXXXXXXXXXXX&oauth_nonce=XXXXXXXXXXXXXXXX&oauth_timestamp=1300728665&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=XXXXXXXXXXXXXXXX%3D
I was struggling with similar problem of making JSONP requests from Jquery, the above answer helped just to add what I did to achieve my solution.
I am doing server to server oauth and then I send oauth token, secret, consumer key and secret (this is temporary solution by the time we put a proxy to protect consumer secret). You can replace this to token acquiring code at client.
Oauth.js and Sha1.js download link!
Once signature is generated.
Now there are 2 problems:
JSONP header cannot be edited
Signed arguments which needs to be sent as part of oauth have problem with callback=? (a regular way of using JSONP).
As above answer says 1 cannot be done.
Also, callback=? won't work as the parameter list has to be signed and while sending the request to remote server Jquery replace callback=? to some name like callback=Jquery1232453234. So a named handler has to be used.
function my_twitter_resp_handler(data){
console.log(JSON.stringify(data));
}
and getJSON did not work with named function handler, so I used
var accessor = {
consumerSecret: XXXXXXXXXXXXXXXXXXXXXX,
tokenSecret : XXXXXXXXXXXXXXXXXXXXXX
};
var message = { action: "https://api.twitter.com/1/statuses/home_timeline.json",
method: "GET",
parameters: []
};
message.parameters.push(['realm', "https://api.twitter.com/1/statuses/home_timeline.json"]);
message.parameters.push(['oauth_version', '1.0']);
message.parameters.push(['oauth_signature_method', 'HMAC-SHA1']);
message.parameters.push(['oauth_consumer_key', XXXXXXXXXXXXXXXX]);
message.parameters.push(['oauth_token', XXXXXXXXXXXXXXX]);
message.parameters.push(['callback', 'my_twitter_resp_handler']);
OAuth.completeRequest(message, accessor);
var parameterMap = OAuth.getParameterMap(message.parameters);
Create url with base url and key value pairs from parameterMap
jQuery.ajax({
url: url,
dataType: "jsonp",
type: "GET",
});