I´m trying to access the Keyrock API like in the URL : https://keyrock.docs.apiary.io/#reference/keyrock-api/authentication/create-token-with-password-method.
For example, to create a token with user and password, POST https://keyrock/v1/auth/tokens like in this web https://keyrock.docs.apiary.io
With Postman I can do a POST but the OPTIONS request doesn`t work, returning in te Reponse "POST,GET,HEAD,DELETE".
The problem is that when I try to do a POST request in a web app to the API, the browser automatically do an OPTIONS request first, and the KeyRock can manage the OPTIONS requests because only allows POST, GET, HEAD and DELETE method.
How can I configure the fiware-idm GE to solve this?
(I think that the problem can be for the CORS configuration)
Related
I'm working with Trestle which is real estate MLS service to get property data etc. I have followed their WebApi docs but I'm getting this error whenever I hit their api it looks like their server thinks that request is from some BOT. Even they recommend using Postman to test api:
Its been 3 days and still cant find any fix. Any help?
You do not seem to be following this documentation correctly.
https://docs-trestle.corelogic.com/GettingStarted/WebAPI
At the moment you are entering the token URL (https://api-prod.corelogic.com/trestle/oidc/connect/token) in the main Postman request URL field. The documentation states that you should use the Get New Access Token button on the Authorization tab of a request. You are entering the token URL in the main Postman request URL field.
This is a default flow for oAuth 2.0 requests in Postman.
https://learning.postman.com/docs/postman/sending-api-requests/authorization/#oauth-20
Example:
This could be your request to retrieve data:
https://api-prod.corelogic.com/trestle/odata/$metadata
On the Authorization tab you should select oAuth 2.0; select Get New Access Token and you will see a view which gives you the functionality you are looking for.
When successful, you will get a pop-up which you need to accept in order to use the API.
I have been using POSTMAN for sometime now for sending HTTP requests like GET, POST, PUT for RESTful Webservices. Recently came across a situation, when sending a request to my REST API through browser, I got a message that
No Access Control Allow Origin Header is present on the Requested resource.
The solution was ofcourse to add such an header to the API.
However strangely, When I sent the the same request through POSTMAN I was able to get back the response.
So I want to know how is sending a request through POSTMAN different from sending a request through browser.
I went through this question: CORS with POSTMAN, but it really doesn't provide an answer in detail.
From Cross-Origin XMLHttpRequest in Chrome Develop Extensions documentation:
Regular web pages can use the XMLHttpRequest object to send and receive data from remote servers, but they're limited by the same origin policy. Extensions aren't so limited. An extension can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions.
Basically browser extensions have more privileges than web content. In the case of Chrome extensions, there is an option to enable cross-origin access.
I am trying to make twitter api requests in my browser (I wan to look at the JSON before writing code to parse it in my android app) but every request is returning:
{"errors":[{"message":"Bad Authentication data","code":215}]}
So how do I properly authenticate the request?
I've been using OAuth.io for a while to do proper authenticated requests: they specifically have a feature called Request API or something like that: check their Documentation this might help you I hope.
I am trying to develop a chrome extension in which I need to use 3rd party Oauth2 authentication. The third party service I want to use, only supports POST requests. But it seems that the launchWebAuthFlow method in the Chrome Identity API, only supports sending GET requests, as all the query parameters are sent in the URL itself. Is this correct? If yes, how should I do authentication?
UPDATE : The API I want to connect is that of Pocket
Partially you're right about POST requirements. But it is only used to initialize Oauth flow.
According to the documentation:
1) You must make a POST request to obtain a request token from Pocket auth service
2) Redirect user to the auth page: https://getpocket.com/auth/authorize?request_token=YOUR_REQUEST_TOKEN&redirect_uri=YOUR_REDIRECT_URI
Which means that you have to make a simple XHR to retrieve request token and then you can use chrome.identity.launchWebAuthFlow function to begin Oauth flow.
Did you try launchWebAuthFlow? You may find that it works. Once authenticated, you can exercise the API via POST, using XMLHttpRequest. (launchWebAuthFlow only handles the authentication, not the API itself.)
I have a question where my client is on http://web-dev.test.com and my MVC Services are on http://webdev01.test.com . So i am trying to use ajax GET and POST json requests from my client to mvc services but it is giving me cross domain error. Can anyone explain me what the problem is? and how I could resolve this?
Thankyou
From the documentation:
Due to browser security restrictions, most "Ajax" requests are subject to the same origin policy; the request can not successfully retrieve data from a different domain, subdomain, or protocol.
Script and JSONP requests are not subject to the same origin policy restrictions.
Making it a JSONP request, if possible, should not cause you those issues. Otherwise I'm afraid you are not going to be able to successfully complete your request.
You have two options using JSONP or CORS
For CORS you set http headers for your service so that you client will have access to it, eg
Access-Control-Allow-Origin: http://web-dev.test.com