I am not able to get the JSON Data for the below API Request.
Getting Authentication problem.
https://api.test.sabre.com/v1/shop/flights?origin=JFK&destination=LAX&departuredate=2018-07-07&returndate=2018-07-09&onlineitinerariesonly=N&limit=10&offset=1&eticketsonly=N&sortby=totalfare&order=asc&sortby2=departuretime&order2=asc&pointofsalecountry=US
{"status":"NotProcessed","type":"Validation","errorCode":"ERR.2SG.SEC.MISSING_CREDENTIALS","timeStamp":"2018-04-10T12:11:35.221-05:00","message":"Authentication data is missing"}
You would need to manipulate your headers to contain the credentials on your request with a plugin like tampermonkey for chrome
Related
I am executing an ASP.net Web API which is finally redirecting to a Web URL. I am doing this via Postman. The scenario is slimier to authentication API which is finally redirect to a Login UI.
When I execute the API nothing is happening. It is not even hitting the API it self. When I execute the same API URL via Browser it is working fine.
Why this is not happening and is there any setting in Postman which enables this? Is there any API test tool which covers this scenario?
Edit : Note that these APIs are SAML SSO related APIs. But when we disregard the SAML factor, this is kind of normal web API, which finally redirects to a web page.
Thanks in advance.
Darshani
Asp.net Web API function should return JSON data and for Authentication you should use Bearer Token.
There can be multiple reasons for this:-
First thing, is that if we are setting the valid authentication token in the header so that API is accessible.
Second, if your site is hosted on some domain then check which email id you are login into your Postman.
As it happened to me, for my project I need to login to Postman with 'domain.com' to access API.
We have planned to implement authentication in our API using OAUTH. For this purpose I read so many articles on web to explore it. After read these articles what I am understanding is
Send credentials to authorization server and after successful
authentication it will send you the access token.
Use this access token for further calling of your api methods.
To authenticate our api user needs to pass the following parameters.
Authorization Token
Employee ID
What I am thinking is to pass these values via request headers. Problem is that these request headers can easily be viewed in browser console and someone can misused it easily. Please suggest Is this the right way to authenticate api or we used something else for this purpose?
I just manually implemented a facebook oauth2 flow into my webapp. After receiving the correct access_token and trying to call the graph api for user data I got a 400 BAD REQUEST as response.
GET https://graph.facebook.com/me?accessToken=MY_CORRECT_TOKEN&fields=id,name,email
When I use exactly the same call within the dev tools provided on facebook it succeeds, but when I try using any other http client it doesnt work.
I already tried it with curl, apache commons and some other http clients.
Is there someone able to help me with this?
Thanks in advance
The format of your API call is incorrect. Try the following instead:
GET https://graph.facebook.com/me?access_token=MY_CORRECT_TOKEN&fields=id,name,email
The accessToken in your URL should actually be access_token.
For people landing here with the same error message but different problem, you can also check, if you have both IPv4 and IPv6 connections, that both IPs (v4 and v6) are authorized in Facebook OAuth parameters (on developer.facebook.com). That solved my problem.
In my case, my "permanent" access token expired.
I'm developing an API using ASP.Net WebAPI, and authorizing clients with an access token. I want to know which source is more standard to put the access token? Headers, Uri or Body?
For example in Instagram API, clients should pass access token in uri as a query string. But I think in Twitter API the request must include an Authorization header.
Let me know if there is an standard rule.
Security related information such as an API Token go in the Authorization header. That is what it is designed for.
Putting api keys in the URI increases the chances of the API keys getting stored in the log file and it makes public caching far less effective.
As the title says,I want to build a App that run in browser with a Single Html page.but how to implement the Authentication.and my solution is:
the server-side is all the RESTful APIs,which can used by multiple Platform,web ,mobile side ,etc.and every API that need auth will be get a token to parse,if the API does not get a token return 401.
cuz my first practise is in the browser,so I need to request for the token to get login,and when the app needs to request the auth-APIs,I will put the token in the header for requesting...
and my questions is : does it safe enough? any other better solution?
No it's not safe enough if the token is accessible through javascript for the same reason that you should set your cookies to http only and restrict to ssl.
If a hacker can inject javascript into your app, it can steal the token and use it from their machine.
For that reason I suggest you use a secure, http only cookie instead of the token when using a website.
If your API is going to be accessed from a native mobile app then you could add a token to each url.
Having a custom header in the http request might cause issues with certain proxies which might not pass all headers through.
A cookie is nothing more than a standardised http header so you might as well reuse that.
What you could also consider using is OAuth if you're going to allow 3rd party apps access to parts of your API.
There is no reason why you could not use cookies for browser based clients and an ApiKey query parameter for other clients.