Linkedin has a whole slew of fields to pull them with their API. But they say they want you to apply for something before you can request the fields (see a screenshot below). My question is, can I query those fields during development to test my app? Now Linkein returns error, if I try to request them. And Linkedin doesn't say anything about it in their API docs.
InternalOAuthError: Failed to obtain request token
Here is a screenshot.
I still don't know the answer whether I can test the behavior during development.
However, with trial and error method I found what permissions generate error in Linkedin. Lol thing is that you can request fields from those permissions just fine (no error throws), but cannot request permissions.
Fields from forbidden permissions (do not throw even if permissions are omitted in a request):
['languages', 'date-of-birth', 'phone-numbers', 'im-accounts'],
Forbidden permissions that throw:
['r_fullprofile', 'r_contactinfo'],
Related
We are programmatically calling the PageSpeed Insights API for an internal list of websites. The majority of the time it works fine, but at seemingly random times we are getting the error "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential..." When the error occurs we log the url that was used for the request as well as the error. As a result I can copy the exact url that generated the error and paste it into a browser (or Postman), https://www.googleapis.com/pagespeedonline/v5/runPagespeed?url=https://www.xyzsite.com/&strategy=mobile&locale=en&key={validAPIkey} for instance, and get a valid response. The fact that the same API key is being used for all requests I know it's valid so I have no idea what might be causing this error. Has anyone else run into this? Does anyone have any idea what might be causing this error to occur on a seemingly random basis?
I also experience the same issue. As on page 5 to 10 API are called with same API key and credentials. Token is also not expired but it generate 401 randonly on different API. See attached image
I m creating a code in which based on query string the URL is changing when no values are supplied in URL everything is working fine but as i supply values to URL it shows Error HTTP Error 403.0 - ModSecurity Action
Kindly suggest some solution
also the same is working fine in local problem occurs when i upload my webpage to server
I know this is an old thread, but posting the answer so that it can be helpful for others. ModSecurity is an open source, cross-platform web application firewall (WAF) module.
https://modsecurity.org/about.html
So whenever you see the 403 (ModSecurity Action), this means that the mod security firewall has blocked the request. The probable cause could be vulnerable data present in the posted data, or the it could be because of the URL posted as parameter or it could be JavaScript.
In above case, the ModSecurity might have deemed the input as SQL Injection attack and hence may have blocked it. If you look into the logs of the firewall it may give you the detailed explanation.
In my case, I was passing URL as query parameter in the request hence it was returning 403.
I set up my own hosted phabricator, everything is working fine (Diffusion repo etc)
I ran into problem after I installed arcanist on my dev box and run 'arc install-certificate', got exception as following:
rying to connect to server...
LOGIN TO PHABRICATOR
Open this page in your browser and login to Phabricator if necessary:
http:///conduit/login/
Then paste the API Token on that page below.
Paste API Token from that page: cli-e644viducdcccrge4i7zo5nfa66d
Usage Exception: The token "cli-e644viducdcccrge4i7zo5nfa66d" is not a valid API Token. The server returned this response when trying to use it as a token: ERR-CONDUIT-CORE: Attempting to access attached data on PhabricatorUser (via getAwayUntil()), but the data is not actually attached. Before accessing attachable data on an object, you must load and attach it.
I am wondering what's might go wrong? Thank you very much for your insights!
I've seen this problem occur many times with our users. In every case so far, the problem has been that users have set up the phabricator uri incorrectly.
Suggestion:
Check your project .arcconfig or your global .arcrc files (if you're doing this outside a project).
Verify that the URI to your Phabricator site is correct. The typical issue I've seen is accessing using http:// rather than https://
I have created a webservice in a ASP.net. All the access to the respective website is done through HTTPS. The service which I have added is only one among many others.
I am trying to access just for test purposes this service through Javascript (Ajax, json). The final target is actually Android.
I am getting the following message:
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.
The main problem here is inconsistency: while my webservice in inaccessible, another previously written webservice is accessible. Another apparent inconsistency is that even if I tried a compromise solution by adding the needed methods to the accessible webservice, these methods themselves incur a 401 error.
So, my question is related to both "Why doesn't my webservice work" and "How is this supposed to work", with more emphasis on the latter.
Thank you.
Never mind !
Since I was oblivious to the depths of the code I was changing on our server, I did not know that the 401 error message is sent due to the way the code is organised. To access other services, I had to authenticate first through the authentication webservice.
I am building a RESTful protocol for Dynamic Carpooling applications, for my Computer Science thesis.
In the Protocol I also have to formally specify the HTTP status code for each operation. I've got this "privacy related" problem. Suppose the following:
GET /api/persons/angela/location
Retrieves the current position of user "angela".
It is obvious that not everybody should be able to obtain a result. Only angela itself and a possible driver that is going to pick her should be able to know it.
I can not decide whether to return a 404 Not Found or a 401 Forbidden here.
Any hints? What would be the best one and why?
According to Wikipedia (and RFC 2616), a 401 code is used when a page exists but requires authentication; 403 is for a page where authenticating won't change anything. (In the wild, 403 usually means the permissions on something are wrong, whereas a 401 will prompt the user for a username/password). 404 is for where the document simply doesn't exist.
In your case, it seems like 401 is the most appropriate code, since there is some way of authenticating the users who DO have access to the page.
If authorization credentials are provided in the request and the requester does not have permissions to access this resource then you should return 403.
If no authorization credentials are provided in the request then you should return 401.
Definitely NOT 404. 404 is just Not Found.
401 is access denied.
403 is forbidden.
I would go with 401
To me I will use 400 Bad request.
Because my application will not go unaccessable resources in programmatically.
Filtering users permission and hide unaccessable resources is good user experience in my opinion.
If my server got unaccessable request which means some person trying to do something.
That is why I choose 400 - Bad request in my applications.