can I create scopes programmatically in WSO2 APIM?
I have a requirement where user can create new roles via UI and associate some permissions with the new role..User will not use WSO2 web interface ; rather he will use the inhouse web application
For this, I have to programmatically create Scopes and associate API's with it. Also manually map scopes to roles.
How can I create scopes via WSO2 APIM Programmatically?
What all the operations possible with scopes programmatically?
If it's not possible, how can I handle such requirements via WSO2?
You can use Publisher REST APIs for this.
First, you need to get the swagger definition of the API.
curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
https://127.0.0.1:9443/api/am/publisher/v0.10/apis/890a4f4d-09eb-4877-a323-57f6ce2ed79b/swagger
The swagger you'll get will be like this.
{
"swagger":"2.0",
"paths":{
"/menu":{
"get":{
"x-auth-type":"Application & Application User",
"x-throttling-tier":"Unlimited",
"description":"Return a list of available menu items",
"parameters":[
],
"responses":{
"200":{
"headers":{
},
"schema":{
"title":"Menu",
"properties":{
"list":{
"items":{
"$ref":"#/definitions/MenuItem"
},
"type":"array"
}
},
"type":"object"
},
"description":"OK."
}
}
}
}
},
"schemes":[
"https"
],
"produces":[
"application/json"
],
"definitions":{
"MenuItem":{
"title":"Pizza menu Item",
"properties":{
"price":{
"type":"string"
},
"description":{
"type":"string"
},
"name":{
"type":"string"
},
"image":{
"type":"string"
}
},
"required":[
"name"
]
}
},
"consumes":[
"application/json"
],
"info":{
"title":"PizzaShackAPI",
"description":"This document describe a RESTFul API for Pizza Shack online pizza delivery store.\n",
"license":{
"name":"Apache 2.0",
"url":"http://www.apache.org/licenses/LICENSE-2.0.html"
},
"contact":{
"email":"architecture#pizzashack.com",
"name":"John Doe",
"url":"http://www.pizzashack.com"
},
"version":"1.0.0"
}
}
Now you can add a new scope and attach it to a resource of the API by updating the swagger file you got.
A new scope is added like this.
"x-wso2-security":{
"apim":{
"x-wso2-scopes":[
{
"description":"New scope",
"name":"new_scope",
"roles":"admin",
"key":"new_scope"
}
]
}
}
It can be attached to an existing resource like this.
"x-scope":"new_scope"
Then the complete swagger will look like this.
{
"swagger":"2.0",
"x-wso2-security":{
"apim":{
"x-wso2-scopes":[
{
"description":"New scope",
"name":"new_scope",
"roles":"admin",
"key":"new_scope"
}
]
}
},
"paths":{
"/menu":{
"get":{
"x-auth-type":"Application & Application User",
"x-throttling-tier":"Unlimited",
"x-scope":"new_scope",
"description":"Return a list of available menu items",
"parameters":[
],
"responses":{
"200":{
"headers":{
},
"schema":{
"title":"Menu",
"properties":{
"list":{
"items":{
"$ref":"#/definitions/MenuItem"
},
"type":"array"
}
},
"type":"object"
},
"description":"OK."
}
}
}
}
},
"schemes":[
"https"
],
"produces":[
"application/json"
],
"definitions":{
"MenuItem":{
"title":"Pizza menu Item",
"properties":{
"price":{
"type":"string"
},
"description":{
"type":"string"
},
"name":{
"type":"string"
},
"image":{
"type":"string"
}
},
"required":[
"name"
]
}
},
"consumes":[
"application/json"
],
"info":{
"title":"PizzaShackAPI",
"description":"This document describe a RESTFul API for Pizza Shack online pizza delivery store.\n",
"license":{
"name":"Apache 2.0",
"url":"http://www.apache.org/licenses/LICENSE-2.0.html"
},
"contact":{
"email":"architecture#pizzashack.com",
"name":"John Doe",
"url":"http://www.pizzashack.com"
},
"version":"1.0.0"
}
}
If you have this swagger in a file named 'swagger.json', you can update the swagger of your API like this.
curl -k -H "Authorization: Bearer b7108a70-3537-34f1-acbb-1c53b99d64dc"
-F "apiDefinition=#swagger.json;filename=swagger.json" -X PUT https://127.0.0.1:9443/api/am/publisher/v0.10/apis/2c5f05b2-0277-42b2-92c5-862750563661/swagger
This will update your API with new scope.
Related
I am trying to setup an own App in Integromat
What is required for my App is an URL (and later a Bearer Token) to be entered manually by the user who wants to use my App.
I have the Apps Base:
{
"baseUrl": "{{connection.url}}",
"log": {
"sanitize": ["request.headers.authorization"]
}
}
a Connection:
Parameters:
[
{
"name": "url",
"label": "url",
"type": "text",
"required": true,
"value":"https://my-server"
}
]
and the Scenario:
{
"url": "/api/endpoint",
"method": "GET",
"qs": {},
"headers": "{{connection.headers}}",
"response": {
"output": "{{body}}"
}
}
When i execute, the scenario from my App. The URL seems not to be correctly taken over from the one configured inside the connection parametrs.
Can someone help?
Everything was right. I had to delete the old Connection and create a new one.
I'm attempting to complete a multipart upload using Linkedin V2 Vector Assets and i've noticed that when registering the upload, the metadata field comes back blank in the response.
Here's the request to register the upload https://api.linkedin.com/v2/assets?action=registerUpload
{
"registerUploadRequest":{
"owner":"urn:li:organization:71736744",
"recipes":["urn:li:digitalmediaRecipe:feedshare-video"],
"serviceRelationships":[
{"identifier":"urn:li:userGeneratedContent","relationshipType":"OWNER"}
],
"supportedUploadMechanism":["MULTIPART_UPLOAD"],
"fileSize":50866165
}
and here is the response (removed all but one partUploadRequests object to make the response easier to read)
{
"value": {
"uploadMechanism": {
"com.linkedin.digitalmedia.uploading.MultipartUpload": {
"partUploadRequests": [
{
"headers": {
"Content-Type": "application/octet-stream"
},
"byteRange": { "lastByte": 4194303, "firstByte": 0 },
"url": "https://www.linkedin.com/dms-uploads/C5605AQFnYcNsf7K5Yw/uploadedVideo?sau=aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2FtYnJ5L2FtYnJ5LXZpZGVvLz94LWxpLWFtYnJ5LWVwPUFRRmp4SlBwRndkUUNnQUFBWGhjYkgwNzNuZmpacTRFM3AxUkpidTMxTlAxems3WmdoUHN1Ymp1TjVGTXVDRGFOaGczVnpHWXNpLW5OYWh2NlkxWkU5UDVIdktsQ2JxbGhhOUt1SElJSnBXTjI0TkEyWDIzM1ZiaS1aNW4yTmlXWWQyX1VlN1J2d0FEdkMwSG51ckNMY1ljMkdrczhKclFlZHRYNlZNN2dvTFJad2hpT0pxcFNZM29mXzdTTmRhZjZzQlNMS3FwaTJyWF9LYTRqTk9OcnBhTFpCam1KR3ZENEV3ZFd0VHEzNm44aEFQbDhCMmc3cVpOd3Q0Ny1TT1ZvcHRoT0dWcTB0cHAxU2VkbkY2aVNVQ3J6RVlwVHdzNDZTQlViME5HbGxITHo4a1ZNOGJxYkJjMDVCc054MDQ2ZDktZWdGb2RFa3ZKRmxsU0NRWFV2ZzdQb3VFaVNodkZtSHRYVHhLLWlkbnpKWjlQN1Q2b1ROQWJhWE5iR2g2QUdBQmQ3VVdjNkdGb01YaWFiazBhRlA4UzNpUXNlM05ISFNVdkFBdk1nSnV2a0xxWV9oYU1VTXdoeXFRT0w1a0NLM1NSd2RXTnpKSHZLMkhfY0ZqclYzcnB4VXJZckkxbUZ2QVl2Y3dUcVYyaDhWWHRpY1luNTA0am1jUjN3U0M5RVVQZEo2RFZEd1RJRmFvOTJYcmszbTFNS2pSRlFZMV94enVHZVk4SERKWTQwbDQySVRJNXlCLUp3b2V3Vjl3RGduOTZycmhoY1pLa0VOck5vdUZ4eDdodlBTNkZUVXcweXJWM3BaOUF5X2NtaHBXTVpwOVRFY0pJcGY3elFrQTF3ZFcyR3VIcEtGLUF4MldTZTdlR1pCOTdHaU5vLW9XamhkV2stR2MzNFh5UjFwckZsTF9sSFFUWU40S2pNLUI2Y2poZHFJV2xVTll6Z1lVaXdwNld2UEYwVFRObW5kQVgtTTBlX1VsaGFOQ190SDFEcG9Kem5IZExoN3IxMGk5VWE4MGpsZ3pDQzBsT3JKSkxuSEcwNm9jVzNJSzctT3NSZGhBSEFNdTBuWDNRdlhfSFoxWXpfNXgza3dyZzBPOVlmN2xIUFFiVW1lYllReUlJaGdxOEE1blpxVUxzeUpvZElLWk5WdUdlcjVuN21jTFV4TzRtNlBUczVtc3pHS0x4Z3o4b2FDdVNiWWliYzh2NkpxQktiN2RmejdnQWRFVVpfNnRLenVxUm11bGk5OGZVSVpOR3hfc3R1Mk9nVDYzYXRoQmZnRHQ0dGpnVi1BOWlaVXdtYWNLckxwVE5wNUdHZlBxZjhLaE1MZC1BVXotSVNoX19jRUlzM2laSXlpeC1pNlFpeGZyRmpxQnYwaDhwOGZpeXZ0Q2Job0xjU1g4aWNjX0lSX28xQXR0UmZB&pn=1&m=616825227&app=86804616&sync=0&v=beta&ut=1nBLJxAvwH5FI1",
"urlExpiresAt": 1616544717116
} ...
],
"metadata": ""
}
},
"asset": "urn:li:digitalmediaAsset:C5605AQFnYcNsf7K5Yw",
"mediaArtifact": "urn:li:digitalmediaMediaArtifact:(urn:li:digitalmediaAsset:C5605AQFnYcNsf7K5Yw,urn:li:digitalmediaMediaArtifactClass:uploadedVideo)"
}
}
The api documentation explains that I need to use the metadata value from the register upload response to complete the upload
I attempt making the request anyway without a value for the metadata field to https://api.linkedin.com/v2/assets?action=completeMultiPartUpload (removed all but one partUploadResponses object to make the response easier to read)
{
"completeMultipartUploadRequest": {
"mediaArtifact": "urn:li:digitalmediaMediaArtifact:(urn:li:digitalmediaAsset:C5605AQFnYcNsf7K5Yw,urn:li:digitalmediaMediaArtifactClass:uploadedVideo)",
"metadata": "",
"partUploadResponses": [
{
"headers": {
"ETag": "/ambry-video/signedId/AQGpSasdC3ezCgAAAXhcbTobXlB6_ujllr8BPUUAX4o9OgbHCxiRKoG9woM85dnGrxbUbd-5IXyMKO7syqyZXLgHFd8GQJkiMvvp1eHI9N32iJqMG-l_aFgSeXMbcqkFFcjuT22djM93dmKs_RBb58kppS3CadOPHSt5_tApCxAq0wgTfYQng3OkV_uVRdjIYftyfnHW3nF2vWz4hZBoX-YhmF6gDhXtN9dNTnU4QpHB7sGCecpjYgT8ypV-u5isvFrujHl3tl4.bin"
},
"httpStatusCode": 200
} ....
]
}
}
This comes back as a 200OK without any response body which is expected.
After that I check the upload status and which comes back with a code of SERVER_ERROR and I'm not able to create a post with the asset id of the uploaded asset.
Response from checking asset status https://api.linkedin.com/v2/assets/C5605AQFnYcNsf7K5Yw
{
"recipes": [
{
"recipe": "urn:li:digitalmediaRecipe:feedshare-video",
"status": "SERVER_ERROR"
}
],
"serviceRelationships": [
{
"relationshipType": "OWNER",
"identifier": "urn:li:userGeneratedContent"
}
],
"mediaTypeFamily": "VIDEO",
"created": 1616458317042,
"id": "C5605AQFnYcNsf7K5Yw",
"lastModified": 1616458454711,
"status": "ALLOWED"
}
Request to create a UGC post with the asset https://api.linkedin.com/v2/assets
{
"author": "urn:li:organization:71736744",
"lifecycleState": "PUBLISHED",
"specificContent": {
"com.linkedin.ugc.ShareContent": {
"media": [
{
"media": "urn:li:digitalmediaAsset:C5605AQFnYcNsf7K5Yw",
"status": "READY",
"title": {
"attributes": [],
"text": "Sample Video Create"
}
}
],
"shareCommentary": {
"attributes": [],
"text": "Some share text"
},
"shareMediaCategory": "VIDEO"
}
},
"visibility": {
"com.linkedin.ugc.MemberNetworkVisibility": "PUBLIC"
}
Response to the request
{
"serviceErrorCode": 0,
"message": "Resource assets does not exist",
"status": 404}
The only thing I can think of is since I don't have a metadata value when completing the upload I'm not able to use the video asset in UGC posts. Anyone encountered a problem similar to this?
Further Investigations
On further investigation the example from the API docs doesn't return a metadata field either. So this is what I think might be happening
I'm not uploading the file chunks correctly and the metadata field isn't required for completing the upload.
The API has a bug in it which prevents it from returning the metadata field when registering a multipart upload.
Figured it out, when using the slice method to break your file up into chunks it needs to be file.slice(firstByte, lastByte + 1)
It also seems that the metadata value from the register upload request isn't need to complete the upload.
I'm using LinkedIn API to upload media to my Linkedin personal profile. I start with registring my image and I get a successful response.
REQUEST
{
"registerUploadRequest":{
"owner":"urn:li:person:xxx",
"recipes":[
"urn:li:digitalmediaRecipe:feedshare-image"
],
"serviceRelationships":[
{
"identifier":"urn:li:userGeneratedContent",
"relationshipType":"OWNER"
}
],
"supportedUploadMechanism":[
"SYNCHRONOUS_UPLOAD"
]
}
}
RESPONSE
{
"value": {
"uploadMechanism": {
"com.linkedin.digitalmedia.uploading.MediaUploadHttpRequest": {
"headers": {
"media-type-family": "STILLIMAGE"
},
"uploadUrl": "xxxx"
}
},
"mediaArtifact": "urn:li:digitalmediaMediaArtifact:(urn:li:digitalmediaAsset:xxx,urn:li:digitalmediaMediaArtifactClass:feedshare-uploadedImage)",
"asset": "urn:li:digitalmediaAsset:xxx"
}
}
Next step I uploaded my image using curl with a valid access token and the uploadUrl
I get a 201 HTTP response but I see nothing in my LinkedIn profile.
also when I check the status of my upload it shows me a success message.
{"recipes":[{"recipe":"urn:li:digitalmediaRecipe:feedshare-image","status":"AVAILABLE"}],"serviceRelationships":[{"relationshipType":"OWNER","identifier":"urn:li:userGeneratedContent"}],"mediaTypeFamily":"STILLIMAGE","created":1606729082880,"id":"C4D22AQE6h5xe3HYYiQ","lastModified":1606729322981,"status":"ALLOWED"}
So why I can't see my upload in the Linkedin timeline, please? I tried with both image and video but nothing is shown in my newsfeed.
Also, I checked my access token and it contains necessary permission: r_liteprofile, w_member_social
Uploading an asset does not make it available on your profile.
Assets API only uploads the image/video and stores it on LinkedIn platform. You can however use this asset to create a UGC Post to see it on your personal/company profile.
To do that, you'll have to use the ugcPosts API. ie call POST https://api.linkedin.com/v2/ugcPosts with
"media": "urn:li:digitalmediaAsset:XXX", from the Assets API response in the payload.
Example:
{
"author": "urn:li:organization:5590506",
"lifecycleState": "PUBLISHED",
"specificContent": {
"com.linkedin.ugc.ShareContent": {
"media": [
{
"media": "urn:li:digitalmediaAsset:XXX", // from the Assets API response
"status": "READY",
"title": {
"attributes": [],
"text": "Sample Video Create"
}
}
],
"shareCommentary": {
"attributes": [],
"text": "Some share text"
},
"shareMediaCategory": "VIDEO"
}
},
"targetAudience": {
"targetedEntities": [
{
"locations": [
"urn:li:country:us",
"urn:li:country:gb"
],
"seniorities": [
"urn:li:seniority:3"
]
}
]
},
"visibility": {
"com.linkedin.ugc.MemberNetworkVisibility": "PUBLIC"
}
}
Reference: https://learn.microsoft.com/en-us/linkedin/marketing/integrations/community-management/shares/ugc-post-api#sample-request
I'm trying to migrate my app from LinkedIn API v1 to v2. I'm currently looking at sharing images (natively) to my personal LinkedIn profile.
I'm following the official docs here: https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/share-on-linkedin#create-an-image-share
To register the image I made the following POST request: to https://api.linkedin.com/v2/assets?action=registerUpload
{
"registerUploadRequest": {
"recipes": [
"urn:li:digitalmediaRecipe:feedshare-image"
],
"owner": "urn:li:person:9PyfTxBTFY",
"serviceRelationships": [
{
"relationshipType": "OWNER",
"identifier": "urn:li:userGeneratedContent"
}
]
}
}
I got the success response:
{
"value": {
"uploadMechanism": {
"com.linkedin.digitalmedia.uploading.MediaUploadHttpRequest": {
"headers": {},
"uploadUrl": "https://api.linkedin.com/mediaUpload/C4D22AQEGOHxBzKUXvw/feedshare-uploadedImage/0?ca=vector_feedshare&cn=uploads&m=AQLhYJm0KOaTCgAAAWhSDplI-Lzlfh7lOsd8D5qBcz0aJ2bf1fwIfnh8ow&app=5212106&sync=0&v=beta&ut=0rKn179ebIA8A1"
}
},
"mediaArtifact": "urn:li:digitalmediaMediaArtifact:(urn:li:digitalmediaAsset:C4D22AQEGOHxBzKUXvw,urn:li:digitalmediaMediaArtifactClass:feedshare-uploadedImage)",
"asset": "urn:li:digitalmediaAsset:C4D22AQEGOHxBzKUXvw"
}
}
I successfully uploaded an image as binary using the returned uploadUrl:
curl -i --upload-file PATH_TO_FILE --header "Authorization: Bearer TOKEN" 'https://api.linkedin.com/mediaUpload/C4D22AQEGOHxBzKUXvw/feedshare-uploadedImage/0?ca=vector_feedshare&cn=uploads&m=AQLhYJm0KOaTCgAAAWhSDplI-Lzlfh7lOsd8D5qBcz0aJ2bf1fwIfnh8ow&app=5212106&sync=0&v=beta&ut=0rKn179ebIA8A1'
To confirm that the image is ready for use, I checked the status of the asset with the GET https://api.linkedin.com/v2/assets/C4D22AQEGOHxBzKUXvw which returned
{
"serviceRelationships": [
{
"identifier": "urn:li:userGeneratedContent",
"relationshipType": "OWNER"
}
],
"recipes": [
{
"recipe": "urn:li:digitalmediaRecipe:feedshare-image",
"status": "AVAILABLE"
}
],
"mediaTypeFamily": "STILLIMAGE",
"created": 1547564914979,
"lastModified": 1547564994321,
"id": "C4D22AQEGOHxBzKUXvw",
"status": "ALLOWED"
}
Based on the docs, I can now simply reference the asset URN in the UGC post.
This is the test image post I'm trying to share using the https://api.linkedin.com/v2/ugcPosts endpoint
{
"author": "urn:li:person:9PyfTxBTFY",
"lifecycleState": "PUBLISHED",
"specificContent": {
"com.linkedin.ugc.ShareContent": {
"shareCommentary": {
"text": "Testing LinkedIn image shares"
},
"shareMediaCategory": "IMAGE",
"media": [
{
"status": "READY",
"description": {
"text": "Some text"
},
"media": "urn:li:digitalmediaAsset:C4D22AQEGOHxBzKUXvw",
"title": {
"text": "Some title"
}
}
]
}
},
"visibility": {
"com.linkedin.ugc.MemberNetworkVisibility": "PUBLIC"
}
}
But I keep getting the error:
{
"message": "Attempting to associate a ugc with an asset that's not owned by the author",
"status": 400
}
The above request works perfectly when trying to share a status update or a link attachment.
I haven't tried it with videos yet (similar approach) since I assume I will face the same problem. I haven't tried sharing as an organization either since I need to be accepted to the LinkedIn Marketing Developer Program first.
I can confirm that this has been fixed by the LinkedIn Developer Team. Follow the same steps as above and it should work perfectly, as long as the authenticated user has granted the w_member_social permission.
On the last request I now get 201 Created response with the header X-RestLi-Id containing the link to the new post urn:li:share:6494126499975700480.
https://www.linkedin.com/feed/update/urn:li:share:6494126499975700480
P.S. If you're re-trying an old request / registered upload, it won't work, so make sure you try it with a new asset. I believe the bug was when registering uploads.
I have a basic auth secured API but after filling in the authentication credentials, it does not apply to request header. I saw"ERROR Server not found or an error occurred " at swagger editor and "401 Unauthorized" on fiddler.
User Name and Pwd : odata and qtkr47PTM3pmzLyEHNrW4DXhhgyjMfM3CKUZfXdn0tk=
Here is my swagger json
{
"swagger": "2.0",
"info": {
"version": "1.0.0",
"title": "Basic Auth Example",
"description": "An example for how to use Basic Auth with Swagger.\nServer code is available [here](http://navm3.cloudapp.net:90/nav/odata). It's running on NAVM3.\n\n**You can use below User Name and Password for test.**\n* User Name: `ODATA`\n* Password: `qtkr47PTM3pmzLyEHNrW4DXhhgyjMfM3CKUZfXdn0tk=`\n"
},
"host": "navm3.cloudapp.net:90",
"basePath": "/nav/odata",
"schemes": [
"http"
],
"securityDefinitions": {
"basicAuth": {
"type": "basic",
"description": "HTTP Basic Authentication. Works over `HTTP` and `HTTPS`"
}
},
"paths": {
"/": {
"get": {
"security": [
{
"basicAuth": []
}
],
"responses": {
"200": {
"description": "Will send `Authenticated` if authentication is succesful, otherwise it will send `Unauthorized`"
}
}
}
}
}
}
i had the same problem, but the problem was in nodeJS back-end.
If you are using NodeJS, probably the problem it is with CORS. You should enable CORS in NodeJS with Express and everything will work.
To enable the CORS in nodeJS you can add the below code, before of the routes.
var app = express();
app.use(function(req, res, next) {
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, UPDATE, DELETE, OPTIONS');
res.setHeader('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization');
next();
});
try to replace the following part:
"securityDefinitions": {
"basicAuth": {
"type": "basic",
"description": "HTTP Basic Authentication. Works over `HTTP` and `HTTPS`"
}
},
with the following
"securityDefinitions": {
"basicAuth": {
"type": "http",
"scheme": "basic"
}
},
keeping the rest as is
here is the reference https://swagger.io/docs/specification/authentication/basic-authentication/