I am working on a WordPress site that uses a gravity form. The gravity form has 20 questions, after a user fills it out they press submit and then a page loads saying the form has been submitted. The form submits to an AWS API that checks the form and returns a percent correct to the gravity form inside the admin panel. I am trying to get that result to display on the website so that the user can see. I don't know how to get the response. When i try to access the AWS endpoint through curl or postman, I get forbidden errors. I am using the endpoint and the API key listed in the gravity forms settings
This is the latest curl I tried:(I changed the base64 code for this example)
curl -X GET \
https://reproductivehealth.adrianmiddletonfwd.co.uk/wp-json/gf/v2/entries \
-H 'Authorization: Basic WRThbTpaWlVZcEtoVlFQdndDMTVybktDZZz=' \
-H 'Content-Type: application/json'
I get this error:
{"code":"rest_forbidden","message":"Sorry, you are not allowed to do that.","data":{"status":401}}
I've also tried to create a post using the API endpoint and API key provided within the form settings. I dont know what else to try, I just need to get that result.
Related
I'm trying to download a file provided by a Wordpress plugin Pinpoint World. This plugin uses admin-ajax.php to retrieve that file in admin UI.
I want to periodically download it for backup. How can I download it using curl? It looks like it needs to authenticate the request using cookies (as the browser does while inspecting the requests). Anyway I can simulate that using curl in bash?
The following results in 400 Bad Request:
curl "https://${HOST}/wp-admin/admin-ajax.php" \
--data-raw 'action=dopbsp_reservations_get&type=xls&calendar_id=1&start_date=&end_date=&start_hour=00%3A00&end_hour=23%3A59&status_pending=false&status_approved=false&status_rejected=false&status_canceled=false&status_expired=false&payment_methods=&search=&page=1&per_page=25&order=ASC&order_by=check_in' \
-o /tmp/output.xls
Basic authentication (using --user) didn't work either.
How can I authenticate to wordpress' admin-ajax, using bash?
You can just pass the cookie from your authenticated logged-in user on your curl request
First, login to your wordpress site on your browser.
Then hit F12 and go to application tab, then cookies
then copy the cookies that looks like wordpress_logged_in_xxxxxxxxxxxx
then you can use it on your curl request
example to run basic test,
create a simple ajax request which return a user object if your request is authenticated. otherwise, it will return null
add_action( 'wp_ajax_sample_duh', 'sample_duh');
add_action( 'wp_ajax_nopriv_sample_duh', 'sample_duh');
function sample_duh() {
wp_send_json([
'user' => wp_get_current_user()
]);
}
run your curl request with the cookies you copied from the browser.
e.g.
curl -X POST --cookie "wordpress_logged_in_xxxxxxxxxxxxxx=xxxxxxxxxxx" http://mydomain.me/wp-admin/admin-ajax.php?action=sample_duh
You should get the user object in your response if you have a valid cookie,
then use the same cookie with your actual curl request
Using the plugin, dropbox media importer in a wordpress app. I add the client key and secret after creating a personal dropbox app with full dropbox permission, I attempt to authorize the request but it returns an error that says invalided client_id or secret. When I try to do the curl request with the client_id & secret I get the same response.
Request:
curl -X POST https://api.dropboxapi.com/2/auth/token/from_oauth1 \
--header "Authorization: Basic <REDACTED>" \
--header "Content-Type: application/json" \
--data "{\"oauth1_token\": \"qievr8hamyg6ndck\",\"oauth1_token_secret\": \"qomoftv0472git7\"}"
Response:
{"error_summary": "invalid_oauth1_token_info/", "error": {".tag": "invalid_oauth1_token_info"}
The /2/auth/token/from_oauth1 endpoint you're attempting to use is only for exchanging existing OAuth 1 access tokens (e.g., as previously retrieved for use with the now-retired Dropbox API v1) for OAuth 2 access tokens.
If you're just integrating now, you wouldn't have any OAuth 1 access tokens, and so shouldn't be using this endpoint. (Accordingly, it's indicating that the oauth1_token and oauth1_token_secret values you're supplying are incorrect; the ones you're using are just copied from the documentation, but you would need to supply your real values.)
Instead, you should implement the Dropbox OAuth 2 app authorization flow. You can find more information in the documentation and guide.
We have a WordPress custom build and have integrated the Vimeo API to pull videos through to the website.
The setup is working but the API calls are taking 20 seconds. We have tested using Postman and they only take 1-2 seconds.
Is there a solution to this?
Use the fields parameter on your requests to tell the API to only return the metadata needed for your application. Because Vimeo API responses can be quite large, especially when retrieving a list of videos, the fields parameter can significantly reduce the size of the response, and subsequently increase response time.
For example, let's say you're making a request to get the last 10 videos you uploaded. The request would look like this:
curl -X GET https://api.vimeo.com/me/videos?page=1&per_page=10
-H 'Accept: application/vnd.vimeo.*+json;version=3.4'
-H 'Authorization: bearer [token]'
The response would return the full and complete video objects for 10 videos, which can be quite large. However if you only need some of the metadata in the response, such as the video's name, description, and its link on vimeo.com, then the same request with the fields param will look like this:
curl -X GET https://api.vimeo.com/me/videos?page=1&per_page=10&fields=uri,name,description,link
-H 'Accept: application/vnd.vimeo.*+json;version=3.4'
-H 'Authorization: bearer [token]'
The fields parameter is documented here: https://developer.vimeo.com/api/common-formats#json-filter
I am writing an application in which I would like to use Firebase for the authentication of any sort of back end calls. Is there a way for me to get a token through a CLI or curl for local testing without having to spin up a front end to get the token?
As a resume (to me and maybe others) from #James-Poag answer, use:
curl 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=[API_KEY]' \
-H 'Content-Type: application/json' \
--data-binary '{"email":"[user#example.com]","password":"[PASSWORD]","returnSecureToken":true}'
Where:
email (string): The email the user is signing in with.
password (string): The password for the account.
returnSecureToken (boolean): Whether or not to return an ID and refresh token. Should always be true.
The property idToken from response payload is the parameter you're looking for.
Well i have made a front end one page html to generate dummy firebase ID token for your application, in case anyone needs it
Firebase Token Generator
They changed the link - see REST API.
curl 'https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=[API_KEY]' \
-H 'Content-Type: application/json' \
--data-binary '{"email":"[user#example.com]","password":"[PASSWORD]","returnSecureToken":true}'
In the example above, you would replace [API_KEY] with the Web API Key
of your Firebase project, [user#example.com] with the user's email and
[PASSWORD] with the user's password.
I'm following Clarifai's guide to make a cURL request and get the tags related to the image.
In the guide it says that I can do either this:
curl "https://api.clarifai.com/v1/tag/?url=https://samples.clarifai.com/metro-north.jpg" \
-H "Authorization: Bearer {access_token}"
or this:
curl "https://api.clarifai.com/v1/tag/" \
-X POST --data-urlencode "url=https://samples.clarifai.com/metro-north.jpg" \
-H "Authorization: Bearer {access_token}"
So what I do is that I type in the access token that I get when I create a new application and I change the link of "samples.clarifai.com" for a random link of a random image, but every time I want to do this I get the following message on terminal:
{"status_code": "TOKEN_INVALID", "status_msg": "Token is not valid. Please use valid tokens for a application in your account."}
Any idea why I keep getting this eben though my access token is right?
Thanks!
Just so there can have an official answer for this but Marcus Müller is totally right.
You should be sure to remove the braces with the Bearer access token. But you still want to be sure everything else is fine. This does assume though that you have generated a proper access token either by the Developer Documentation or within your Applications page once you have logged in.