Is it possible to get an existing token for a user using the "/tokens" resource?
Currently, if a token exists, a 409 is returned by the POST:
Request:
POST https://api.box.com/2.0/tokens
Body: {"email":"some-email-a-token-exist-for#email.com"}
Response:
{"type":"error","status":409,"code":"conflict","help_url":"http://developers.box.com/docs/#errors","message":"Token already exists","request_id":"1568559050e4a10f78f66"}
What I'd like to be able to do is make a GET request to retrieve the existing token.
Just so you know, the /tokens endpoint is still in Beta. Even though Box released the rest of the V2 API as GA in December, that endpoint is still being worked on. We're working with a few developers to make sure we get the "instant access" mechanism easily useable, but also secure.
Let us know at api (at) box.com if you'd like to be on our /tokens advisory group.
Related
so I am trying to create API using Postman followed by the instruction given in Smartsheet API: https://smartsheet-platform.github.io/api-docs/.
I am able to access my smartsheet data using the GET, it shows me details of my columns and rows. So I continued with the tutorial, I started with the following code:
// Initialize the client
var client = require('smartsheet');
var smartsheet = client.createClient({
accessToken: '----',
logLevel: 'info'
});
and I get the the error saying
Cannot find module 'smartsheet'
I have the smartsheet api package download on my desktop, but I am not sure how I can make use of it. any help would be appreciated.
Thank you.
Postman is for testing individual API requests (GET, PUT, POST, DELETE, etc.). You can't use/call an SDK (or as you've referred to it, "the Smartsheet API package") from Postman.
Also -- you should never post your Access Token publicly, as anyone can use it to gain programmatic access to your Smartsheet data. I've edited your post to remove the Access Token value but would nonetheless recommend that you revoke that token immediately so that it's no longer valid. Then you can generate a new Access Token -- but don't share it publicly!
I'm trying to use the reddit api in a practice app to practice parsing JSON in Swift, and I've registered to get an access token, but now I'm confused as to where to put it. In other APIs I've used, I'd just put the access token string (?) somewhere in the endpoint url and that would be it, but I can't see anything pertaining to that in the documentation. For example if I'm trying to access https://api.reddit.com/api/v1/top/, where would I add my access token?
In the OAuth documentation is says to use the url https://www.reddit.com/api/v1/authorize?client_id=CLIENT_ID&response_type=TYPE&
state=RANDOM_STRING&redirect_uri=URI&duration=DURATION&scope=SCOPE_STRING but that seems to need:
CLIENT_ID
RANDOM_STRING
URI
DURATION
SCOPE_STRING
I plugged in all the necessary values according to the documentation, and it redirected me to the front page of reddit (I gave https://www.reddit.com/ as my redirect uri)
In previous practice apps with other APIs, I would simply have a single url (that included my auth token) and I'd plug that url into my function that parses the data. Now that I've followed the OAuth directions, I still can't seem to find an endpoint url that I can use in my app.
I tried https://api.reddit.com/api/v1/top in my browser and it says {"message": "Unauthorized", "error": 401}, and I tried https://www.reddit.com/api/v1/myAccessToken where myAccessToken is the string they gave me when I registered. This leads me to a "page not found" on Reddit.
What do I need to do here to get a basic endpoint url that gives me the JSON data for, just for example, recent posts?
Hey
I work for a marketing agency and I've developped a small script in Google AppScripts that pulls data from my customers' Analytics accounts and formats it into a Google Slides presentation.
How it works:
Our customers give us access to their Analytics views, and using Analytics API I get the id of each view shared with us on our main account and use these ids to make requests to the API.
The script works perfectly fine for almost every view, but recently I've had issues with some Analytics accounts.
Basically I get a 401 response code, despite having manager access to the given property.
The method I use to make requests to the API is Analytics.Data.Ga.get, and here is what the result looks like :
[18-10-23 06:57:02:128 PDT] {totalsForAllResults={ga:users=0}, totalResults=0,
columnHeaders=[{columnType=DIMENSION, dataType=STRING, name=ga:userGender},
{columnType=METRIC, dataType=INTEGER, name=ga:users}],
profileInfo={profileName=Toutes les données du site Web, accountId=xxxxxx,
profileId=xxxxxx, tableId=ga:xxxxxx,
webPropertyId=UA-xxxxxx-x, internalWebPropertyId=xxxxxx}, itemsPerPage=1000,
kind=analytics#gaData, query={end-date=2018-09-30, max-results=1000,
start-index=1, ids=ga:174758787, start-date=2018-07-01, metrics=[ga:users],
dimensions=ga:userGender}, containsSampledData=false,
id=https://www.googleapis.com/analytics/v3/data/ga?ids=ga:xxxxxx&dimensions=ga:userGender&metrics=ga:users&start-date=2018-07-01&end-date=2018-09-30, selfLink=https://www.googleapis.com/analytics/v3/data/ga?ids=ga:xxxxxx&dimensions=ga:userGender&metrics=ga:users&start-date=2018-07-01&end-date=2018-09-30}
When I go to that link "id" link, here's what I get :
{"error":
{
"errors":[
{
"domain":"global",
"reason":"required",
"message":"Login Required",
"locationType":"header",
"location":"Authorization"
}
],
"code":401,
"message":"Login Required"
}
}
I gathered this has to do with the OAuth2 protocol, which I never had to worry about since it's usually automatically handled by AppScripts.
I've looked around pretty much everywhere trying to fix the problem myself, but I can't seem to wrap my head around the OAuth 2 protocol, and the way it works in this very case.
I've already created credentials for my script, so I have access to my client id and client secret for this project.
My assumption is that the tokens for the problematic accounts have expired, and I need to refresh them somehow and give them the right scope. I just have no idea how to do that.
I would be very thankful if anyone could enlighten me on this one :)
Have a nice day!!
Fixed the problem, turns out it has nothing to do with the OAuth2 protocol. The demographics reports were simply turned off in Analytics for these accounts, which is why I wasn't getting any response from my query.
If anyone is wondering, the error 401 in the REST request is because no token or key is passed at the end (using "?key=..." or "access_token=..."), so it's like some anonymous person tried to access the data.
If you wonder how to get the acess token, you can get it token using Query Explorer. After running a query, select "Include current access_token in the Query URI (will expire in ~60 minutes)."
Anyway, this can be closed.
I am trying to develop a chrome extension in which I need to use 3rd party Oauth2 authentication. The third party service I want to use, only supports POST requests. But it seems that the launchWebAuthFlow method in the Chrome Identity API, only supports sending GET requests, as all the query parameters are sent in the URL itself. Is this correct? If yes, how should I do authentication?
UPDATE : The API I want to connect is that of Pocket
Partially you're right about POST requirements. But it is only used to initialize Oauth flow.
According to the documentation:
1) You must make a POST request to obtain a request token from Pocket auth service
2) Redirect user to the auth page: https://getpocket.com/auth/authorize?request_token=YOUR_REQUEST_TOKEN&redirect_uri=YOUR_REDIRECT_URI
Which means that you have to make a simple XHR to retrieve request token and then you can use chrome.identity.launchWebAuthFlow function to begin Oauth flow.
Did you try launchWebAuthFlow? You may find that it works. Once authenticated, you can exercise the API via POST, using XMLHttpRequest. (launchWebAuthFlow only handles the authentication, not the API itself.)
The answer posted here https://stackoverflow.com/a/10486729/1919484 references an 'instant mode' box.com api authentication option that 'gets you an authentication token via the /tokens V2 API endpoint, but limits you to accessing a single folder in the user's account.'
I've googled around for such a thing but I can't find any more info about it. It seems like exactly what I need for an app I'm working on.
Can anyone shed any light on whether such a thing is still in the works, or if it has been canceled or replaced?
Many thanks in advance.
Instant Mode is a beta feature that we're still testing/iterating on. It's not ready for production applications at this time, but you can email us at API at box.com with your use case so we can let you know when it's ready.