I'm running into a problem with I think is an access token expiring in the middle of an upload. For example, if I currently have a valid (just refreshed) access token, then run:
curl -vS --limit-rate 30K 'https://api.box.com/2.0/files/content' -H 'Authorization: Bearer VALID_ACCESS_TOKEN' -F filename=#/tmp/example.zip -F folder_id=12345
Which takes more than an hour to upload, I eventually get this in the end:
< HTTP/1.1 401 Unauthorized
...
< WWW-Authenticate: Bearer realm="Service", error="invalid_token", error_description="The access token provided is invalid."
...
* HTTP error before end of send, stop sending
The files I tested are big, but still within the 250MB upload limit.
Does anyone have any ideas what to do about this problem?
This is by design.
Currently the only workaround is to enforce (client-side) that your uploads don't take longer than 1 hour from when you fetched your last access token.
This admittedly doesn't accomodate your use case very well. We plan to eventually support chunked uploads, which will help with remedying that problem.
Related
I am writing a Dynamo script to extract the properties out of all of the models in my modelset in BIM 360. Some of the files (notably the ones with more objects) will give me a pre-signed propertiesUrl value that looks like this:
https://bim360-nucleus-production-us-east-1-temporary-index.s3.amazonaws.com/36174d28-fbd6-4146-a3af-3f3a7bb8ec52/index/v2/indexes/5JAa5g6Nk-t5KQsgFe5OJA/properties.ldjson.gz?X-Amz-Expires=60&X-Amz-Security-Token={{token_value}}-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential={{Credential_value}}/20220509/us-east-1/s3/aws4_request&X-Amz-Date=20220509T223945Z&X-Amz-SignedHeaders=host&X-Amz-Signature={{Amz_Signature_Value}}
This pre-signed URL has been troublesome because it will expire within 60 seconds of being issued and Dynamo is having trouble making the requests on time, or because I will get a network transport error when using the DynaWeb package (only 1/3 requests are made successfully):
Dynaweb Network Transport Error
When I try using Dynamo's OOTB node "Web Request", it will give me values that contain characters that aren't even close to what the response should be.
Dynamo Web Request OOTB Response
Is there a way to circumvent the need for a pre-signed url for the "propertiesUrl" endpoint? I can't find anything in the API in how to download the properties from the indices besides what is detailed here (which shows how to get properties with a Bearer token, but not how to opt out of a pre-signed url format):
https://forge.autodesk.com/en/docs/acc/v1/reference/http/index-v2-index-properties-get/
curl -v 'https://developer.api.autodesk.com/construction/index/v2/projects/cd743656-f130-48bd-96e6-948175313637/indexes/da39a3ee5e6b4b0d/properties' -H 'Authorization: Bearer <token>'
I am working on an online shop using 3dcart, i want to connect the store to an inventory management store called ChannelGrabber. Channel Grabber has provided me with a public and private key with some bits of their API.
$ curl -v -X POST -d "grant_type=client_credentials&client_id=f836e7675c46adbc33d98e32c06dfc6f&client_secret=2f4e72f89bda7f15062a2ba9d107adb5" https://api.orderhub.io/accessToken
> POST /accessToken HTTP/1.1
> User-Agent: curl/7.35.0
> Host: api.orderhub.io
> Accept: */*
> Content-Length: 119
> Content-Type: application/x-www-form-urlencoded
>
< ...response headers...
{
"access_token": "aVSyKhKNPi5XXJqlIMCNfeZwSfvTvasTcWyX2lv2",
"token_type": "Bearer",
"expires_in": 3600
}
$ curl -v -X GET -H "Authorization: Bearer aVSyKhKNPi5XXJqlIMCNfeZwSfvTvasTcWyX2lv2" https://api.orderhub.io/ping
> GET /ping HTTP/1.1
> User-Agent: curl/7.35.0
> Host: api.orderhub.io
> Accept: */*
> Authorization: Bearer aVSyKhKNPi5XXJqlIMCNfeZwSfvTvasTcWyX2lv2
>
< ...response headers...
pong
3d cart have provided the following git project has an example of how to connect up to their clients API. https://github.com/3dcart/REST-API-Client/tree/master/3dCartRestAPIClient.
My issue is that i have basically no idea on how to go about connecting the 2 services up. What language to use other then using Json but i'm not even sure that is possible, I'm only still a student and still quite new to the world of programming so i don't want to have to say i can't do this project and i would quite like to learn how to do this.
Can anyone point me in the right direction?
I was asking myself a similar question some time ago. I am already familiar with basic requesting of rest apis using python. I want to connect the apis of an online sales tool called pipedrive and a tool for generating invoices and bills called billomat. both come with a sophisticated rest api and I know how to get data from them or create new data into them.
If I now create a python script on my local computer I can imagine what I'd have to code to pull eg customer data from pipedrive and create this customers data into billomat. The thing now is that this process is completely manual.
To have the process be completely automatic, I came to the following conclusion:
Use webhooks in pipedrive to send out data when certain events are happening
the data can only be sent to a url which generally should also be a rest api
this url cannot be billomat directly because it wont unterstand or know what to do with the data
thats why I decided to code a litte api myself and host it on my private webserver
this api receives data from pipedrive, processes it, eg maps field names from a customers record to the corresponding field names in billomat, and then sends the prepared data over to billomat in a format that it expects and understands
I know this does not directly answer the OPs question, but would be my suggestion for a fully automatic solution in case you cannot alter the behaviour of at least one of the two apis you'd like to connect.
REST (Representational state transfer) is a way of interfacing your data. The idea is that the action should be defined by the HTTP request method (GET, PUT, POST etc.), while the URL should have no verb/action, just kind of data.
JSON is just the way of communication between server and client. It's like 2 people deciding to speak the same language.
Now, in your client, you can make requests to as many services as you need, and interpret the results. This can be achieved in virtually any programming language. You will find a lot of libraries for both handling HTTP request and parsing JSON responses.
As for the right direction. Pick a programming language you are more familiar with (if it's hard to decide I would recommend python which is fairly easy to start with) and look for libraries for sending HTTP request and parsing json strings.
First, thanks you for your replies.
I try to make an REST API with nodeJS, and i think, oAuth2 is the best way to authenticates users against my system.
Users are stored in LDAP, and api keys will be keep on MySQL engine. Client account code will be also store in MySQL.
All process is OK, users are authenticated, API token has been saved in MySQL but when i try to use this token, passport refuse to authenticated my request and return :
Error: Can't set headers after they are sent.
at ServerResponse.OutgoingMessage.setHeader (http.js:691:11)
at ServerResponse.res.setHeader (/home/lolostates/Developpement/nodejs/oauth2/test/node_modules/express/node_modules/connect/lib/patch.js:62:20)
at ServerResponse.res.header (/home/lolostates/Developpement/nodejs/oauth2/test/node_modules/express/lib/response.js:280:8)
at ServerResponse.res.json (/home/lolostates/Developpement/nodejs/oauth2/test/node_modules/express/lib/response.js:135:8)
at exports.info (/home/lolostates/Developpement/nodejs/oauth2/test/user.js:13:9)
at callbacks (/home/lolostates/Developpement/nodejs/oauth2/test/node_modules/express/lib/router/index.js:272:11)
at complete (/home/lolostates/Developpement/nodejs/oauth2/test/node_modules/passport/lib/passport/middleware/authenticate.js:218:13)
at /home/lolostates/Developpement/nodejs/oauth2/test/node_modules/passport/lib/passport/middleware/authenticate.js:200:15
at pass (/home/lolostates/Developpement/nodejs/oauth2/test/node_modules/passport/lib/passport/index.js:399:14)
at Passport.transformAuthInfo (/home/lolostates/Developpement/nodejs/oauth2/test/node_modules/passport/lib/passport/index.js:415:5)
Request are send by curl:
curl -H "Authorization: Bearer NoulKM889Aksf60rQONcUJwMuZHI3PDqzeXfkX3Li2BohsxNVsOrd2LLdvJAGZuE168IukUCPbviazhvBjt7VDfLFUMJRIY1fa95kGXQQKzE7etFhocsnYvbLSixbHRmCwXNx5FKj6v83Ci9f9xLqRinEKwaAUIjs03hhq8dCWIp7S0Cbi5jdkxlzwfpZxuShoAZYaFInlf4ymG5oyzQe0WJ2POXOaMarGLO7NkjyIMJXWh7s0Y" http://localhost:3000/api/userinfo
I use passport-http-bearer, oAuth2orize, and all example functions presented in OAuth2orize examples.
Could you please explain me why ?
It appears that you attempted to set a response header after the response was sent back. Check to make sure you didn't call res.end() (or a similar method) before you tried to set the headers.
I want to interrogate a shared folder without having to log the user in, from reading the documentation, this should be fine to do, but if run the example within my command line:
curl https://api.box.com/2.0/shared_items \
-H "Authorization: BoxAuth api_key=YOUR_API_KEY&shared_link=https%3A%2F%2Fwww.box.com%2Fs%2F8tqjqtoky18sbnoz264c"
Using my API key it works fine, however, within my app or just within a web browser, if I use:
https://api.box.com/2.0/shared_items -H "Authorization: BoxAuth api_key=YOUR_API_KEY&shared_link=https%3A%2F%2Fwww.box.com%2Fs%2F8tqjqtoky18sbnoz264c"
again with my API key, I get 401 Unauthorized error.
What am I doing wrong? Is it an encoding issue? as it looks like the end part of the string needs to be encoded, however the rest of it doesn't, I have tried to make sure that the C# code I am using does not encode the string, and I think it is not, but it still fails with 401.
It looks like the shared link from the example that you're using (the one ending with 8tqjqtoky18sbnoz264c) is no longer a valid URL. You should go into the Box web app and create a new shared link to test with, and that should work.
I've seen others with the same issue ... I get the following json error message back whenever I attempt to disable a user or update their title. Has anyone had luck with this?
I have no problems with the POST method to add an email_alias, or with the PUT method to move a users folder from one owner to another. I've tried it in perl and in curl (see below example session) So I'm relatively confident that :
I have a valid, OAuth2 bearer token
I have properly formed content and URLs
So, I'm trying to post to:
PUT /2.0/users/XXXXXXXXXX HTTP/1.1
Authorization: Bearer TOKEN
Response:
HTTP/1.1 400 Bad Request
{"type":"error","status":400,"code":"invalid_request_parameters","help_url":"http:\/\/developers.box.com\/docs\/#errors","message":"Invalid input parameters in request","request_id":"1682580609514902d69b5fd"}
Update: below is a trace from curl showing the request body:
0000: PUT /2.0/users/USERID HTTP/1.1
00a2: Authorization: Bearer TOKEN
011f:
=> Send data, 23 bytes (0x17)
0000: {"status" : "inactive"}
<= Recv header, 26 bytes (0x1a)
0000: HTTP/1.1 400 Bad Request
<= Recv data, 207 bytes (0xcf)
0000: {"type":"error","status":400,"code":"invalid_request_parameters"
0040: ,"help_url":"http:\/\/developers.box.com\/docs\/#errors","messag
0080: e":"Invalid input parameters in request","request_id":"718513715
00c0: 514916f1109c2"}
Found the answer to the 4xx errors on PUTs : the OAuth2 settings for the application in box needed to have "Manage Enterprise" checked ... my app has been around since the pre-OAuth2 days, wasnt aware of this flag.
After checking it, i get 200 response ... some PUT operations still dont effectively change the attribute, but they return a 2xx response, so, one hurdle cleared.