I am trying to make an API call to get order metrics from the amazon seller central page from Postman App. I have followed all the steps in the documentation.
I self authorized my app using the refresh token found on the Developer Central page. I am able to generate the access token using the refresh token. When making a request to the api to get order metrics, the query parameters are :
marketplaceIds : A21TJRUUN4KGV (India)
interval : 2021-01-01T00:00:00-07:00--2021-09-04T00:00:00-07:00
granularity : Day
The AWS signature for this request has my access key and secret key derived from when I created the IAM User. The region is eu-west-1 and service name is execute-api.
In the headers I have passed
x-amz-access-token: Atza|IwExxxxxxx
user agent:PostmanRuntime/7.26.8
Host: sellingpartnerapi-eu.amazon.com
x-amz-date : calculated when request is sent
After sending the request I get this response:
{
"errors": [
{
"message": "Access to requested resource is denied.",
"code": "Unauthorized",
"details": ""
}
]
}
403 Forbidden: Request is legal but server is refusing to respond. Authenticating will make no difference.
I have logged case with Seller Central support but it has been over a month and they haven't replied. Please tell me what should I add or remove or check to make this request work.
https://docs.amazonaws.cn/en_us/IAM/latest/UserGuide/id_credentials_temp_request.html
Following this gave me temporary access token, access secret key and session token. Using that in the AWS signature for getting orders gave the desired output.
Related
I'm trying to write a web app on our website which gets a User's MS Team channels and then posts a message to a channel of their choosing using MS Teams Graph API.
I'm about to get an access token using the OAuth API, and I'm passing access token (AAD token) to the /me/joinedTeams endpoint, it's giving me the below error:
{
"error": {
"code": "ResourceNotFound",
"message": "Resource not found.",
"innerError": {
"date": "2021-05-14T20:57:03",
"request-id": "30d80d9a-66f4-47ff-ab11-dacb7f817806",
"client-request-id": "30d80d9a-66f4-47ff-ab11-dacb7f817806"
}
}
}
Screenshot of my Graph Explorer results
UPDATE:
I have gotten my account converted to a Work account, and added the permissions. Now I am getting this response/error:
Screenshot of new Graph Explorer results
It's better for you to share how to get an access token using the OAuth API. In this issue , it seems your signed-in user is a personal Microsoft account, that's not supported to access the /me/joinedTeams endpoint. Doc of this API.
There are some notes here:
When using Graph Explorer, access token is here after login. You don't need to add bearer token in Request headers.
You have to sign in with a work or school account, and you need to consent one of the required permissions in "modify permissions(Preview)".
I'm trying to get an embed token for power bi embedded.
I'm using 'App owns data' embed scenario.
I first get the access token of Azure AD and use it as Bearer token when calling embed token
Here is my Postman request details:
https://api.powerbi.com/v1.0/myorg/groups/{groyupid}/dashboards/{dashboardid}/GenerateToken
Request body
{accessLevel:"View"}
In authorization section I added the access token.
I received a 403 Forbidden response.
Here how I get the access token
I noticed that there is also another url to get token : https://login.microsoftonline.com/common/oauth2/token
What is the difference between the one with tenant id in the url
Then permissions for the AAD PowerBI application
Update
Thanks for the help I get another 404 not found error now
{
"error": {
"code": "PowerBIEntityNotFound",
"pbi.error": {
"code": "PowerBIEntityNotFound",
"parameters": {},
"details": [],
"exceptionCulprit": 1
}
}
}
For information I have added permission in PBI admin portal to pbireportingGroup an Azure security group that I created. ( as mentionned in docs )
Then I added to this group the AAD as member
Is that what should I do ?
403 means that your access token doesn't have the required permissions.
And you need to add the master account and service principal as the owner of the group / workspace (it may take 15 minutes to take effect).
UPDATE:
Now that you are using client credential flow, you should set application permissions:
And the resource in the request body should be https://analysis.windows.net/powerbi/api/.
Besides, you need to add the service principal as the admin of this workspace in Azure AD. (enter the name of your Azure AD app, and it will recognize its client id)
I am trying to follow this Get access without a user to get access token. I am getting access token using API request https://login.microsoftonline.com/<-tenant-id->/oauth2/token. When i used step 5 for above given link i got the following error :
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure. Invalid audience.",
"innerError": {
"request-id": "e9e9820e-2a3f-411a-bc77-760c9369fc8f",
"date": "2020-01-02T06:17:41"
}
}
}
I have registered app with the following permission : Calendars.Read, Calendars.ReadWrite, Sites.Read.All, User.Read, User.Read.All and have generated secret key and registered redirect url as :
User.Read.All.
My questions are:
1. Have i done anything wrong while creating app?
2. Why step 4 is not working of the link?
3. Did i get wrong access access using the above given api request?
In step 5, it calls the Microsoft Graph - Get a user, so make sure your app has the User.Read.All Application permission in Microsoft Graph(must be application permission, not delegated permission), after adding the permission, it appears like below(Note: don't forget to click the Grant admin consent button)
In the doc you provided, it uses the v2.0 endpoint /oauth2/v2.0/token, but you use the v1.0 endpoint /oauth2/token in your question.
So please change the request URL to /oauth2/v2.0/token, then use the one below.
Request URL:
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Request body:
client_id=xxxxxxxxxxxxxxx
&scope=https://graph.microsoft.com/.default
&client_secret=xxxxxxxxxxxxxxxx
&grant_type=client_credentials
You can get the token in the postman.
Then use the token to call the Get a user API:
GET https://graph.microsoft.com/v1.0/users/<object-id of the user>
I'm currently trying to achieve in Node.js a direct login to Calendar/Users using Microsoft Graph.
What I've done so far are the following:
Login on the account and make sure that it currently has a calendar (the email is registered under #outlook.com).
Go to azure portal and create a new AAD name "Calendar Api" web API with return
URL http://localhost:3000
AAD -> App Registration -> Name: Test, reply url: localhost:3000, Required Permissions for Microsoft Graph (Users Read/Write, Calendars Read/Write), Windows AAD (offline_access), Grant Permissions, Generated a new secret key with no expiry date.
Went to Postman and started to generate a new token based on the following URL:
https://login.microsoftonline.com/{APP_ID_URI}.onmicrosoft.com/oauth2/v2.0/token
grant_type : client_credentials
client_id : {app_id}
client_secret : {app_secret}
scope : https://graph.microsoft.com/.default
And I a 200 OK with a token.
Upon inspecting the token:
"aud": "https://graph.microsoft.com",
"roles": [
"User.ReadWrite.All",
"Calendars.Read",
"Calendars.ReadWrite"
],
GET ON -> https://graph.microsoft.com/v1.0/users/ with Authorization Bearer and the above token will return a code status 200 along with the user account I've used in step 1.
GET ON -> https://graph.microsoft.com/v1.0/calendars/ with Authorization Bearer and the above token returns "Resource not found for the segment 'calendars'."
GET ON ->
https://graph.microsoft.com/v1.0/users/{user_id}/calendars OR /calendar OR /calendarView:
"code": "OrganizationFromTenantGuidNotFound",
"message": "The tenant for tenant guid '104fdcd9-76d1-4122-89a0-30cb00722de2' does not exist."
I don't really have a code because I am using POSTMAN to test the API first.
I would expect to get a list of events or a list of calendars instead of an error.
After some digging I found out what the problem was, so here is the full solution to this question.
You need a microsoft office 365 account with subscription, can get this by applying for one on office 365 develop.
Upon creating one, follow the instructions and add the apps to it.
Go to Azure Portal and log in with your office 365 account.
Create an app under AAD -> App registration
Follow step 4 and 5 of this question.
Try to access https://graph.microsoft.com/v1.0/users/{user_id}/calendars.
We would like to automatically create a project ID and install our ULAPPH Cloud Desktop application using the App Engine Admin API (REST) and Golang.
https://cloud.google.com/appengine/docs/admin-api/?hl=en_US&_ga=1.265860687.1935695756.1490699302
https://ulapph-public-1.appspot.com/articles?TYPE=ARTICLE&DOC_ID=3&SID=TDSARTL-3
We were able to get a token but when we tried to create a project ID, we get the error below.
[Response OK] Successful connection to Appengine Admin API.
[Token] { "access_token" : "TOKEN_HERE", "expires_in" : 3599, "token_type" : "Bearer" }
[Response Code] 403
[Response Body] { "error": { "code": 403, "message": "Operation not allowed", "status": "PERMISSION_DENIED", "details": [ { "#type": "type.googleapis.com/google.rpc.ResourceInfo", "resourceType": "gae.api", "description": "The \"appengine.applications.create\" permission is required." } ] } }
We are just using the REST API calls. Request for token was successful as you can see above and the scope is ok as well. Now, when we posted the request to create application, we are having the error that says "appengine.application.create" permission required.
How do we specify the permission?
What are the possible reasons why we are getting that error? Do we missed to send a field in JSON or in query?
As per below link, we just need to pass the json containing the id and location. We also just need to pass the token in the Authorization header. The same logic I have used successfully in accessing Youtube, Drive APIs etc so not sure what needs to be done since I have followed the docs available.
I have also posted the same issue in Google Groups and now waiting for their reply.
It seems you've given no details about how you set up the account you're using to authorize the request. You'll need to make sure the appengine.applications.create permission is given to the account you're using, as mentioned in the error text. You can use the Google Identity and Access Management (IAM) API for this.
(by the way, I'd given this answer in the original thread, although you didn't reply or seem to take action on it. check it out! this is likely the solution you need!)