Connecting to WooCommerce API, HTTP have no problems.
When I change the permalinks from http to https then try to connect using the https url I get:
{
"code": "woocommerce_rest_cannot_view",
"message": "Sorry, you cannot list resources.",
"data": {
"status": 401
}
}
I have an SSL cert, so I'm not sure why it won't work?
Please help,
Many thanks!
EDIT:
Request: HTTP
HTTPS
According to WooCommerce REST API documentation:
Occasionally some servers may not parse the Authorization header
correctly (if you see a “Consumer key is missing” error when
authenticating over SSL, you have a server issue). In this case, you
may provide the consumer key/secret as query string parameters
instead.
Check that orders parameters are in the same order as examples, no space. Or I would use basic HTTPS authentication, that's how I comunicate using https:
https://localhost/wp-json/wc/v1/orders?consumer_key=ck_xxxxxxxxxxxxxx&consumer_secret=xxxxxxxxxxxxxxx
Related
Firebase fails to redirect any HTTP POST requests to HTTPS POST. EX:
POST / HTTP/1.1
Host: apis.mydomain.com
is redirected by Firebase NGINX to
GET / HTTP/1.1
Host: apis.mydomain.com
if you are explicit about https, then NGINX works properly: POST -> POST
So, when the request hits Firebase hosting, and redirects your request to a firebase function that can be accessed by an https endpoint, the method has the possibility of collapsing into a GET from a POST method.
Looking closer at the headers, inside the Firebase Cloud Function, the protocol always expresses as http, instead of https.
I'm assuming this is an internal issue that I cannot modify, however, this is an issue for what I am doing, and this definitely is a problem given I cannot modify the NGINX that is handling my http(s) requests.
If you redirect with a 301 or 302 status code, the POST is downgraded to GET.
You need to use a 307 status to maintain POST across the redirect. See this document for details.
On Nginx, you will need to use a return statement. For example:
return 307 https://$host$request_uri;
I have registered and done email verification. Then, I try the most baisc API trying to shorten a testing link. The following is my HTTP packet.
POST /v4/shorten HTTP/1.1
Host: api-ssl.bitly.com
Content-Type: application/json
Authorization: Bearer my-generic-access-token
Cache-Control: no-cache
{
"group_guid": "shorten_link_testing",
"domain": "mytesting.site.com",
"long_url": "http://mytesting.site.com/"
}
And the following is the return from bit.ly:
{
"message": "FORBIDDEN",
"resource": "bitlinks",
"description": "You are currently forbidden to access this resource."
}
I am using Postman to test, so I am quite sure it is not the problem of my code. And the message format meets that in the documentation of bit.ly, so at least the connection is success. As far as I know, bit.ly should have 10,000 quota for free shorten link per month for every account, right? What have I missed so that I am banned from the shorten link service?
The group_guid param needs to reference the id of a group associated with your bitly account. Hit this api endpoint with your generic access token to get a list of the groups/guids bitly has associated with your account:
GET https://api-ssl.bitly.com/v4/groups.
Apparently the domain param is optional, because your account may have a default domain associated with it. It worked for me after removing the domain param altogether.
https://groups.google.com/forum/#!topic/bitly-api/9RywN3ETLkg
Hope this helps!!
I have been looking around for these issues. Currently, my solution is by removing body group_guid and getting a response 201 (created). I hope my information helps.
I'm using VueJS with vue-request for http requests. I'm trying to subscribe an user to a Mailchimp list but Mailchimp uses BasicAuth, so I'm doing as such:
scope.$http.post('https://us15.api.mailchimp.com/3.0/lists/listid/members',
{...mydata...}, {headers: {Authorization: 'Basic myencodedAPIkey'}})
But I get an error from the API: 401 Unauthorized - Your request did not include an API key.
So I check the Network log on Chrome and the Authorization is on my headers like this: **Access-Control-Request-Headers: authorization** but it should be like **Authorization: myencodedAPIkey**
On the Console the error appears as:
XMLHttpRequest cannot load
https://us15.api.mailchimp.com/3.0/lists/listid/members. Response
to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://127.0.0.1:8000' is therefore not allowed
access. The response had HTTP status code 401.
When I use Postman it works just fine as the header is correctly sent.
This problem seems to have been solved here with setting the header on every request
https://laracasts.com/discuss/channels/vue/how-to-solve-the-allow-control-allow-cross-in-the-vuejs-header-request-setting?page=2
and here through setting it once
Vue-Request not sending Authorization Header
You are getting CORS error, when you are trying to request from one host to another, and the 'another' part does not allow it to happen. To prevent this error you can use webpack proxy configuration, so this way you do not have cross origin request, but I don't know how you will deal with this in production environment if your api does not allow cross origin requests.
In a project I'm working on, our devServer configuration is as follow
proxy: {
'/api': {
target: 'http://localhost:8080/'
}
},
with this, any request happening on /api/any/url will be redirect to localhost:8080/api/any/url
I setup an API Gateway in AWS that uses custom authorizers to implement an OAuth2 flow. It works fine. When the user is not authorized they get a 401 Authorized response. That is correct as well, but I would like to add a header that gives the client the endpoint where it can get the token. Something like AuthorizeUrl: url
How can I add this header to my response?
Unfortunately this isn't possible but it's on our backlog. I know it doesn't really make sense when the client gets a 401 but you can't tell them how to authorize.
I don't have an ETA to provide but I'll add a +1 to the feature request.
AWS added this functionality last year.
Refer to this
To do it manually:
Go to 'Response Headers' in API Gateway Console.
Choose Unauthorized (401)
Below 'Response Headers' add AuthorizeUrl and url
Save and deploy API to some stage.
To add this to Cloudformation, refer to this similar answer.
You can also add this to swagger, by adding this snippet(yaml):
x-amazon-apigateway-gateway-responses:
UNAUTHORIZED:
statusCode: 401
responseParameters:
gatewayresponse.header.AuthorizeUrl:"url"
responseTemplates:
application/json: "{\"message\":$context.error.messageString}"
In the API Gateway console go to the "Method Response" interface. You can add HTTP Status 401. In "Response Headers" add your custom "AuthorizeUrl" header. Then in the "Integration Response" interface you can add the value you'd like for that header.
I'm having problem with wordpress json Api When login the user. Currently I'm Using Wordpress version 4.5.1 with listed below plugin:
Here are the step I follow:
1) Generate nonce
http://example.org/api/get_nonce/?controller=user&method=generate_auth_cookie
Below is Response:
{"status":"ok","controller":"user","method":"generate_auth_cookie","nonce":"4d080ff7b8"}
2) Generate Auth Cookie
http://example.org/api/user/generate_auth_cookie/?nonce=+4d080ff7b8&username=example&password=example
Below is Response:
{"status":"error","error":"SSL is not enabled. Either use _https_ or provide 'insecure' var as insecure=cool to confirm you want to use http protocol."}
Why I'm Getting this error?
It seems that JSON API User and JSON API Auth plugins allow by default only connections over https.
In order to turn off this setting, you should send an extra parameter in the request:
insecure=cool
So try the following request:
http://example.org/api/user/generate_auth_cookie/?nonce=+4d080ff7b8&username=example&password=example&insecure=cool