Origin of tokens in Google trends API call - http

When I download a CSV from a Google trends query (e.g. here), I see a HTTP GET request to
https://www.google.com/trends/api/widgetdata/multiline/csv
with params
req:{"time":"2012-02-18 2017-02-18","resolution":"WEEK","locale":"en-GB","comparisonItem":[{"geo":{},"complexKeywordsRestriction":{"keyword":[{"type":"BROAD","value":"trump"}]}}],"requestOptions":{"property":"","backend":"IZG","category":0}}
token:APP6_UEAAAAAWKm9N57FxjXrnfxhxhe5SEax6DyR97sY
tz:-120
The req and tz params make sense, but I am unsure how the token is generated. Can someone explain to me where this comes from? Do I need to use oauth2 packages to create these tokens?

This token is generated for result widgets, each widget will have its own token.
Where is this token come from?
When page https://trends.google.com/trends/explore?q=trump is opened, an Ajax GET request is sent to https://trends.google.com/trends/api/explore, with query parameters:
In the response of this Ajax request, there is a widgets field which contains all result widget data. Each widget will have a unique token:
When Download CSV operation is triggered (on specific widget, GET request to https://trends.google.com/trends/api/widgetdata/multiline/csv), the token information of that widget is extracted and delivered as query parameter:
Please note the token in the response and the token in the download csv request is identical (for the same widget).
How is the token generated?
Theoretically, all random and unique string can be used as token to protect widget. Google may have its own algorithm.

Related

How to pass dynamic headers to the Http Request in jMeter?

There is a initial request going to the server which should retrieve the CSRF token and use that token id in post request header.
if that does not happen any POST requests to the server will return that error.
In the above screen shot, where token is the request to get the CSRF token Id, If I run the test this will generate one dynamic random token ID. But I need to pass the generated token ID in the post request through Header Manager. How can it possible. If yes, Can any one suggest some way to do that.
I resolved it by using User defined variables and Regular Expression Extractor to pass the parameters from one request sampler to another.
In the firs request add a postprocesor of the request. if the response is un json format user json Extractor, in json Extractor define a variable that read the token
In the second request add a header Manager an refer varaible declare in json Extractor in the following way in value cell, ${variable}

how do i resend a request after processing it inside my apigee endpoint

I have a endpoint called get user data which accepts a token
I need to read this token in my apigee and send it to tokenVarificationExtUrl
which gets back to me with
a) valid 200
b) userid attached with that token
now what i have to do is i need to read the response header and then conditionally check it for 200 success and then extract the userid from the response.
Once its extracted i need to attach it with another request; which i need to send to getUserData external url
which will get back to me with required user details.
I am successful of extracting data and doing conditional check. I am seeking help for
how do i send another request to getUserData external url.
You need to use a few policies in your proxy.
For example
For checking a header and throwing an error, you may want to use rasie fault policy conditionally
For making an API call to external end-point you can use service callout policy or a standard target
For exrtacting response data from json or xml payload you can use json path of xpath policies
and so on.
I suppose you may want to take a look at a few sample proxies with these functions to be able to design your own.
Check this link out. http://apigee.com/docs/content/using-sample-api-proxies

Linkedin API access token generation error

i am trying to generate access token to collect linkedin data. I followed the instructions provided in the linkedin API documentaion. I created an app in developers page and got the following:
Application Details
• Company:
Fresher
• Application Name:
xxxxxxxxxx
• API Key:
75pcum6zb2cael
• Secret Key:
xxxxxxxxxxxxxxxx
• OAuth User Token:
xxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
• OAuth User Secret:
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx
Using the API Key i generated the authorization_code with the URL:
https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=75pcum6zb2cael&state=DCEEFWF45453sdffef424&redirect_uri=https://www.google.com
but when i finally tried to generate the access token using the below URL, i got an error response :
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=AUTHORIZATION_CODE&redirect_uri=https://www.google.com&client_id=75pcum6zb2cael&client_secret=xxxxxxxxxxxxxxxx
{"error_description":"missing required parameters, includes an invalid
parameter value, parameter more than once. : Unable to retrieve access
token : appId or redirect uri does not match authorization code or
authorization code expired","error":"invalid_request"}
Even after multilple validations, the same error messages appears.
please help. thanks.
finally, i got the access token. The authorization code expires in 20 seconds, so the access token URL must be called immediately after generating the authorization code.
Well, I went through the same problem and here is the process which i went through to fix it.
STEP#1: Authentication:
Firstly, the authentication API is to be hit to fetch the authentication token.
For this, a URL with Encoded parameters is to be hit as a GET request.
Example: https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=[your_client_id]&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flinkedin%2Fcallback&scope=r_emailaddress
Please note that here, the parameters are to be encoded programatically.
My non-encoded callback URL is: http://localhost:8080/linkedin/callback
Therefore, my encoded URL is: http%3A%2F%2Flocalhost%3A8080%2Flinkedin%2Fcallback
Once you hit this as a GET request, you will receive a callback with a code and an optional state parameter.
STEP#2: Getting Access Token:
There are three pre-requisites to this call:
The call must be POST
It must have a header Content-Type with value application/x-www-form-urlencoded
The data must be sent in request body.
The value of redirect_url MUST BE SAME as in the previous call.
In my case, it was: http://localhost:8080/linkedin/callback
Now the trick here is, that the call in (STEP#1 Authentication) was a GET request. Therefore, the redirect_url had to be programatically encoded.
Since the second call for is POST and is also application/x-www-form-urlencoded encoded, therefore the request body parameters do not have to be explicitly encoded. So, in this case, the redirect_uri would be sent as-is (http://localhost:8080/linkedin/callback)
Here is a snapshot of my Access Token API via postman:
My problem was in redirect_uri which contained url with query parameters (like redirect_uri=encodeURIComponent(http://example.com/callback?query=string)).
If redirect url is completely different linkedin will show you an error before showing you login form, but if redirect_url matches what you specified in linkedin app and contains extra query parameters, you'll not get an error, so once login form is submitted you'll get an invalid code and as a result error as above.
This error may be scopes related.
On the details of your application when selecting scopes there is this message:
Selecting both r_basicprofile and r_fullprofile is redundant.
r_basicprofile will be selected if neither r_basicprofile nor
r_fullprofile is checked.
If you are selecting both r_basicprofile and r_fullprofile just uncheck r_basicprofile or remove it from your Authorization Code Request.
I had the same problem, in my case I was using different redirect_uri for authorization and for access token. I had "proxy": "localhost:3001" in my package.json, and it overriden my request_uri.
So my suggestion: make sure the hosts and redirect_uri are all the same for two requests (both backend and server side).

Withings API No Response on request_token

I have setup everything as described in the steps in answer to the post withings api authentication.
However, when i copy and paste the final URL generated in Step 2 (Send request to the URL:), I get no response on my browser and the screen remains empty.
Is there any reason for why it might be happening ?
OAUTH TOKEN and OAUTH SECRET - will I get two of them appended to callback url ?
Each paramter string was supposed to be URL encoded in signature i.e URLEncoder.encode("key=value","UTF-8")
I have used temboo API to get the user tokens.
They have two steps Initial oauth and final oauth.

Is there a default http request header to identify the user making a request?

In the data model behind my RESTful API there are several entities with the CreatedBy/ModifiedBy fields. The only access to this data is through my API, and as such, the fields should be populated with the user id of the user making the request to my API.
I have considered either adding these fields to the models exposed by my API or expecting a request header containing the user id on all PUT/POST/DELETE requests. I would be interested in any opinions as to which approach is best, or any other approach.
I like the idea of providing it in the header since it is necessary for every request and I am wondering if there is a standard request header to contain the information, or a common x-header.
I have seen the from request header; however, it seems to be defined as the email address of the user making the request and I need to pass the user id.
In our current implementation, we use the authorization header to authenticate the calling application with the API, and not for a specific user.
Which header would you use to pass information to identify the user making a request?
You can extend the Authorization header to add your own parameters. Both the Digest and OAuth authorization schemes support parameters. The Basic scheme already have the user credentials readable. Something like:
Authorization: OAuth realm="Photos",
oauth_consumer_key="dpf43f3p2l4k3l03",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="137131200",
oauth_nonce="wIjqoS",
oauth_callback="http%3A%2F%2Fprinter.example.com%2Fready",
oauth_signature="74KNZJeDHnMBp0EMJ9ZHt%2FXKycU%3D",
xoauth_user_guid="alganet"
Yahoo! does something similar with their OAuth implementation, but in another context.
http://developer.yahoo.com/oauth/guide/oauth-accesstoken.html.
However, if these fields are shown or exposed somehow in your public API, they belong to RESTful resources and should be represented always in the body, not the headers. If you GET the username in the message body, you should POST the username using the message body as well.
Assuming you can use HttpClient
HttpClient client = HttpClientManager.getNewClient();
HttpMethod get = new GetMethod(...);
get.addRequestHeader("x-newHeader", "value");
more here
OR using URLConnection using setRequestParameter

Resources