Working example: https://api.linkedin.com/v2/organizations?q=vanityName&vanityName=apple
Basically this is working for any other company, except if it has a & in the name, for example:
cannot use this vanity name (doesn't seem to be a url encode problem on the client side):
johnson-&-johnson or johnson-%26-johnson
The error is always the same:
serviceCode: 100
status: 403
message: Unpermitted fields present in PARAMETER: Data Processing Exception while processing fields [/-johnson]
This is not a permission problem, its working with any other vanity name.
In the response the uri seems to be messed up: https://api.linkedin.com/v2/organizations?-johnson=&q=vanityName&vanityName=johnson-
It should equal the request which is https://api.linkedin.com/v2/organizations?q=vanityName&vanityName=johnson-%26-johnson.
Also documentation doesn't seem to mention this use case.
Some other examples that work
https://api.linkedin.com/v2/organizations?q=vanityName&vanityName=johnson-controls-middle-east-africa
https://api.linkedin.com/v2/organizations?q=vanityName&vanityName=lowe's-home-improvement
Related
I am using
PUT https://api.linkedin.com/v2/eventSubscriptions/(developerApplication:urn:li:developerApplication:{developer application ID},user:urn:li:user:{member ID},entity:urn:li:organization:{organization ID},eventType:ORGANIZATION_SOCIAL_ACTION_NOTIFICATIONS)
Linkedin API with all the parameters intact. Each URN is encoded as urn:li:organization:12345 is encoded to urn%3Ali%3Aorganization%3A12345 but still getting a 403 Response.
I think you forget to add this in headers :
X-Restli-Protocol-Version:2.0.0
The application id is actually a numeric field in the url when you visit your application settings, put that value instead of the client id.
So it turns out that there's a lot of missing/incorrect information in the documentation. Since I'm working in go, here's how I finally got the url formatted correctly:
fmt.Sprintf(
"https://api.linkedin.com/v2/eventSubscriptions/(developerApplication:%s,user:%s,entity:%s,eventType:ORGANIZATION_SOCIAL_ACTION_NOTIFICATIONS)",
url.QueryEscape(fmt.Sprintf("urn:li:developerApplication:%s", appId)),
url.QueryEscape(fmt.Sprintf("urn:li:person:%s", userId)),
url.QueryEscape(fmt.Sprintf("urn:li:organization:%s", organizationID)),
)
The breakdown:
The URNs, and only the URNs, need to be urlencoded.
Not the surrounding parentheses
Not the commas
Not the colons preceding the URNs (developerApplication:, user:, and entity:)
Your PUT request needs to include the X-Restli-Protocol-Version header and Authorization header
If, for some reason, you use the /rest/eventSubscriptions/ url instead of /v2/eventSubscriptions/, you also need to include the LinkedIn-Version header
The appId is not your app's client id, but instead the numeric id you see in the app settings url in the linkedin developer portal (i.e. https://www.linkedin.com/developers/apps/<appId>/auth)
The URN structure in the docs is wrong: you need to use urn:li:person:<userId>, not urn:li:user:<userId>
A.S/ probably for another SE.com site: why "referer" is spelt with only r at Google's?
Anyway, here we go again with another occurrence of RefererNotAllowedMapError.
I couldn't find my answer in the existing Q&As.
Hypothesis:
I have a local website that includes a GMap.
It displays and works
fine provided I remove all restrictions on that key, from the Google
API console.
But the browser will receive a Google Maps JavaScript
API error: RefererNotAllowedMapError whenever I add a referrer
restriction, which seems to match the refering URL.
The referrer, where the map is being called form, is:
https://app.developr.online.local/projects?p=name-asc-0-20-1&a=createProject
Below is my GAPI KEY security configuration:
Below is the corresponding console output:
To be noted:
If I add a trailing asterisk when declaring the referer, validating that entry will clear it anyway. To me it means: "that's ok, we're covering trailing /* already.".
My question: what pattern should I enter as a referrer (2 r's) to have it recognised by GAPI security layer?
I've tried a few things, I didn't get a cigar.
Thank you.
Hi I am attempting to initiate a query to my backend on Kinvey which is backed by a MongoDB. They require passing URL parameters as such:
?query={"firstName":"James"}
I have tried every imaginable way of setting up these parameters in PAW but either get a success response with no filtering of the data or an error message of URL not supported when I try using a Raw Query String.
I have ran the query using their (Kinvey) backend API interface and it works fine in filtering the results so the problem definitely lies within PAW. I am currently using version 3.0.9. Any suggestions or is this just a bug that needs to be fixed?
Thanks!
I've just tried this setup in Paw and I have a few recommendations:
Paw will URL-encode the chars { and " as you can see if you open the HTTP preview in the bottom panel
Trying to send a similar query via Chrome (to test with another app to make sure Paw behaves correctly), I see that the query is URL encoded (try this query https://echo.paw.cloud/?query={"firstName":"James"} you'll see that the browser actually URL-encodes the characters { and " when sending. So the behavior is the same with Paw.
I don't think these two chars ({ and ") are valid HTTP if they are not URL-encoded, so I'm sure your server is expecting them encoded anyway
Testing this exact query in Paw, works for me, so please try these exact steps: go to URL Params, in the first column enter query and {"firstName":"James"} in the second column. Then using the HTTP preview mentioned above, make sure Paw is sending the request you're expecting.
Lastly, it's more like a tip, but as your value is JSON, I recommend that you use the JSON dynamic value to generate the JSON. It will be visually better for you, and will make sure you send valid JSON. For that, right click on the value field, and select Values > JSON. Here's some example:
I am writing a new endpoint in my HTTP service that is built on the Play framework, and am returning a custom status code for a particular error (442 in this case). When I test the endpoint with cURL, I receive the error code as expected:
...
< HTTP/1.1 442 Client Error (442)
....
And the same with Postman REST Client:
What I would like to do is customize the "Client Error" text, such that the response would actually read something like:
442 Forced Password Reset
Is this possible, or is it in the spec somewhere that any custom status codes of the 4xx class are to be interpreted by all clients simply as "Client Error"?
(I have been looking through the relevant Play documentation on Statuses but don't see any option to customize the text—only the status code integer itself.)
Looking through the source code it didn't take me long to find the following:
Play just stores the status code in the RepsonseHeader, not the string
Play uses Netty, and turns the status code into a HttpResponseStatus using valueOf, which is basically just a case statement over the status codes, with defaults based on the range if it isn't standard.
Although you could define a new Netty HttpResponseStatus with the reason phrase you want, there isn't any way to add it to the valueOf method (it's static).
So, there isn't any really good solution without rewriting some parts of Play!.
You might be able to use some sort of post-filter to modify the response and change the reason phrase, but I don't know how that would work, or even if it is possible to write those kinds of filters in Play!.
Finally, the reason phrase isn't really that important, as clients generally don't (and shouldn't) actually parse it.
Let's say you want to get list of users by calling GET to api/users, but currently the table was truncated so there are no users. What is the proper response for this scenario: 404 or 204?
I'd say, neither.
Why not 404 (Not Found) ?
The 404 status code should be reserved for situations, in which a resource is not found. In this case, your resource is a collection of users. This collection exists but it's currently empty. Personally, I'd be very confused as an author of a client for your application if I got a 200 one day and a 404 the next day just because someone happened to remove a couple of users. What am I supposed to do? Is my URL wrong? Did someone change the API and neglect to leave a redirection.
Why not 204 (No Content) ?
Here's an excerpt from the description of the 204 status code by w3c
The server has fulfilled the request but does not need to return an entity-body, and might want to return updated metainformation.
While this may seem reasonable in this case, I think it would also confuse clients. A 204 is supposed to indicate that some operation was executed successfully and no data needs to be returned. This is perfect as a response to a DELETE request or perhaps firing some script that does not need to return data. In case of api/users, you usually expect to receive a representation of your collection of users. Sending a response body one time and not sending it the other time is inconsistent and potentially misleading.
Why I'd use a 200 (OK)
For reasons mentioned above (consistency), I would return a representation of an empty collection. Let's assume you're using XML. A normal response body for a non-empty collection of users could look like this:
<users>
<user>
<id>1</id>
<name>Tom</name>
</user>
<user>
<id>2</id>
<name>IMB</name>
</user>
</users>
and if the list is empty, you could just respond with something like this (while still using a 200):
<users/>
Either way, a client receives a response body that follows a certain, well-known format. There's no unnecessary confusion and status code checking. Also, no status code definition is violated. Everybody's happy.
You can do the same with JSON or HTML or whatever format you're using.
I'd answer one of two codes depending on runtime situation:
404 (Not Found)
This answer is pretty correct if you have no table. Not just empty table but NO USER TABLE. It confirms exact idea - no resource. Further options are to provide more details WHY your table is absent, there is couple of more detailed codes but 404 is pretty good to refer to situation where you really have no table.
200 (OK)
All cases where you have table but it is empty or your request processor filtered out all results. This means 'your request is correct, everything is OK but you do not match any data just because either we have no data or we have no data which matches your request. This should be different from security denial answer. I also vote to return 200 in situation where you have some data and in general you are allowed to access table but have no access to all data which match your request (data was filtered out because of object level security but in general you are allowed to request).
If you are expecting list of user object, the best solution is returning an empty list ([]) with 200 OK than using a 404 or a 204 response.
definitely returns 200.
404 means resource not found. But the resource exists. And also, if the response has 404 status. How can you know users list empty or filled?
'/users' if is empty should return '200'.
'/users/1' if the id is not found. should return 404.
It must 200 OK with empty list.
Why: Empty table means the table exists but does not have any records.
404 Not Found means requested end point does not exist.