I'm trying to build a functionality where user can export contacts from salesforce. I used REST API and the below api to get contacts from user account. I'm able to access contacts from my account but if I login as different user(account which is not used to create the API key) then I'm not able to use the below API, I'm getting 403 forbidden error, am I doing something wrong?
services/data/v20.0/query/?q=SELECT+name,email+from+Contact
I tried to search for document related to this but unfortunately I couldn't able to find one. Can somebody please help me on this?
Related
I am writing an .Net Core application with Angular Frontend.
Now users are authenticated with Azure Active Directory, which is configured over the Azure Portal.
The users are succesfully authenticated, but as a developer, I still do not now, which user has authenticated.
There are lots of exmaples how to retrieve the information about the user, which is done with
https://graph.microsoft.com/v1.0/me. But when I call this, I am getting an 401 Unauthorized response. So there must be a way to get a Token or something like that.
I am having an client-ID, tenant-ID as well as an AppServiceAuthSession Cookie. Can anyone provide an code example?
For your requirement, you can go to Resource Explorer find your app and then locate "config" --> "authsettings". Edit the additionalLoginParams in json as:
"additionalLoginParams": [
"response_type=code id_token",
"resource=<the client id of your app in azure ad>"
],
Apart from this, you also need to edit the redirect uri of your app like:
https://yourapp.azurewebsites.net/.auth/login/aad/callback
After that, you can get the access token by request https://yourapp.azurewebsites.net/.auth/me. You can use the access token to request graph api https://graph.microsoft.com/v1.0/me. By the way, maybe there are some information in the response of https://yourapp.azurewebsites.net/.auth/me. If the information is enough, you do not need to use access token request the graph api.
You are getting 401 Unauthorized response as you don't have right token to access the API https://graph.microsoft.com/v1.0/me. The right approach is to use MSAL libraries to get token for your application(by authenticating) and use it for API.
Please find step-by-step tutorial using .Net core here and code sample here.
Please find step-by-step tutorial using Angular here and code sample here.
The solution was to add an secret to the application and then call https://xyz.azurewebsites.net/.auth/me.
Hey I am a beginner in React and Graph.
To explain, I have to create a little web site in React using Microsoft Graph to get Active Directory data ( like all the users and their information of the company which uses AAD ).
I am actually a little lost of how I can get this list of users.
Can you help me ?
Once logged into your app that have proper access right to read all users data, you should be able to retrieve users with a http get on that url
GET https://graph.microsoft.com/v1.0/users
Don't forget to add bearer token in your HTTP headers.
To get users in azure AD, you can call the List Users GET HTTP request.
GET https://graph.microsoft.com/v1.0/users
To get the number of users returned you can use the $top query parameter to specify the page size of the result set. See docs here.
https://learn.microsoft.com/en-us/graph/query-parameters#top-parameter
GET https://graph.microsoft.com/v1.0/users?$top=200
I'm getting below error when i'm trying to access google pubsub via python library.
HttpError 403 when requesting
https://monitoring.googleapis.com/v3/projects/xxxx/timeSeries?filter=metric.type%3D%22pubsub.googleapis.com%2Fsubscription%2Fnum_undelivered_messages%22+AND+resource.label.subscription_id%3Dtest&interval.endTime=2018-08-28T13%3A11%3A58.256545Z&alt=json&interval.startTime=2018-08-28T13%3A10%3A58.256533Z returned "The caller does not have permission"
Below is the scenario which i'm trying:
I'm trying to fetch "number of undelivered messages" from the subscriber.
I'm using python library to access the google cloud.
I'm using to secret json file to access the google.
I created a service account called "monitoring" and gave monitoring admin, pubsub admin roles, monitoring read roles.
I have given below scopes for the authorization.
https://www.googleapis.com/auth/cloud-platform
https://www.googleapis.com/auth/pubsub
https://www.googleapis.com/auth/monitoring
https://www.googleapis.com/auth/monitoring.read
By this script I can get topics list but when I try to fetch monitoring details it is throwing error.
Can somebody help me what I'm missing here?
I had the same access issues. Your account needs access to the role "Monitoring Viewer".
I get JSON response {"errorCode": "USER_DOES_NOT_BELONG_TO_SPECIFIED_ACCOUNT", "message": "The specified User is not a member of the specified Account."} when we deployed application on a new SF sandbox with a different DocuSign account. Obviously I have changed the user/password and integration key for the new account. And after I make token request I get access token back, but I can not make post request due to above.
Can you guys help me understand why is this?
Users who want to send documents need a DocuSign account. It sounds like you've changed the username and password credentials however it is still pointing to the previous account hence the error. To resolve you need to update the integration to point to the new account.
It seems there is a problem in pulling the Page insights data I'm admin of using my App access token.
I have been able to fetch my user and post related data but I'm geeting an 'OAuth Exception' (Invalid query) when I try to find my page insights.
The same query works wonderfully when I try accessing insights using the 'User Access Token' generated by Graph API.
As I want to generate an extended token and then pullung page-insights, that's why I'm try accessing data using App Access token.
Please let me know what's wrong.
Page insights simply aren't supposed to work with the app access token; you need to use a page access token, or a user access token from a page admin that has granted permission.
Go get yourself an extended page access token, as described here: https://developers.facebook.com/docs/facebook-login/access-tokens/expiration-and-extension
Those do not have a default expiry. (Although they may become invalid for other reasons, f.e. if the password of the user account that was used to request it gets changed.)