workfront : blank response on attempt to create API key - workfront-api

When I attempt to derive an APIkey from a user account in Workfront using the methods detailed in https://developers.workfront.com/api-docs/#API_key I only get a blank response. Whilst most users in this domain auth using SAML the user in question has been set up as a API account and SAML is disabled.
The URL used is:
/attask/api-internal/user?action=getApiKey&username=yyyyy#xxxxx&password=xxxxxxxx&method=put (xxx and yyy masking actual text)
... and I receive the following result. I get the same result in both prod and sandbox
{
data: {
result: ""
}
}
If I use an invalid user/password pair I receive the following result:
{
error: {
class: "com.attask.common.AuthenticationException",
message: "That username/password combination wasn't quite right.
Make sure your caps lock isn't on and try again."
}
}
If use the user/password method to auth (https://developers.workfront.com/api-docs/#Authentication) this works and I receive the full session information.

If you are getting a blank response then you do not have a API key to get. You can either generate on in the UI by opening setup > system > customer info or through the API
/attask/api/v5.0/user?action=generateApiKey&username=yyyyy#xxxxx&password=xxxxxxxx&method=put

Related

HTTP Connector in Microsoft Power Automate - Login against Azure AD app registration on behalf of user not working

I hope you are doing fine :)
I have the following problem/problems.
I have created a dummy (robot) user. In Azure AD there is an App Registration with some Power BI delegated permission services.
I want to automate the deletion of a push dataset via a HTTP request.
For this, I need to authenticate against that App Registration from Azure AD. With postman, everything worked perfectly, I got the token as a response.
Then, I tried to make the same request using the HTTP connector in PowerAutomate.
I get the following error
{"error":"invalid_request","error_description":"AADSTS900144: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: e6d68953-ce1c-4217-856c-ae3aada82e00\r\nCorrelation ID: f50db4d9-d5bb-4396-af11-214717721f43\r\nTimestamp: 2022-10-26 19:12:48Z","error_codes":[900144],"timestamp":"2022-10-26 19:12:48Z","trace_id":"e6d68953-ce1c-4217-856c-ae3aada82e00","correlation_id":"f50db4d9-d5bb-4396-af11-214717721f43","error_uri":"https://login.microsoftonline.com/error?code=900144"}
The connector looks like this->
I have tried other ways as well.
The following error ->
{"error":"invalid_grant","error_description":"AADSTS50126: Error validating credentials due to invalid username or password.\r\nTrace ID: fec65949-0701-4727-af3b-2c2b8eb73a00\r\nCorrelation ID: 42c6c04b-98be-477d-8d36-52a01a473a40\r\nTimestamp: 2022-10-26 19:23:50Z","error_codes":[50126],"timestamp":"2022-10-26 19:23:50Z","trace_id":"fec65949-0701-4727-af3b-2c2b8eb73a00","correlation_id":"42c6c04b-98be-477d-8d36-52a01a473a40","error_uri":"https://login.microsoftonline.com/error?code=50126"}
I get from the the next HTTP connector inputs. I tried creating a query out of the previous json. It says the username or password are invalid but I logged in successfully for a number of times with those exact credentials. That I am sure of.
The dummy inputs in the picture are used to avoid the real ids, username and password.
This worked for me ...
Add a header setting Content-Type to application/x-www-form-urlencoded and add the URL form encoded content string like thus ...
client_id=<CLIENT_ID>c&grant_type=password&username=<USERNAME>&password=<PASSWORD>&scope=User.read
If you're using the password grant type approach, you shouldn't need a client secret, just the client ID.

Microsoft Graph API - sendMail API error - "The requested user 'foobar#private.com' is invalid."

I am trying to understand how to send mail using Microsoft Graph sendMail API after creating an Azure AD app with 'Application permissions' for Microsoft Graph 'Mail.Send' and 'User.Read'. I am successfully using the client_id, tenant_id and client_secret to obtain an apparently valid token and subsequently submitting a POST to the api like this (R code):
from_address <- "foobar#private.com"
url <- paste0("https://graph.microsoft.com/v1.0/users/", from_address, "/sendMail")
resp <- POST(url,
add_headers(.headers = c(content_type = "application/json",
Authorization = paste("Bearer", token))),
body = upload_file("mail.json"))
The content of "mail.json" is:
{
"message": {
"subject": "Meet for lunch?",
"body": {
"contentType": "Text",
"content": "The new cafeteria is open."
},
"toRecipients": [
{
"emailAddress": {
"address": "someone#somewhere.com"
}
}
]
}
}
However, I get this 404 response:
"{\"error\":{\"code\":\"ErrorInvalidUser\",\"message\":\"The requested user 'foobar#private.com' is invalid.\"}}"
The Microsoft account I am using is private and the address represented above with foobar#private.com is the main 'signin' mail address for the account. I'm not sure if this user needs some special permissions or if it has to be a "corporate account". The plan is to use this within a corporate Microsoft account to send mails but I am currently testing with a private account to determine how it works.
The syntax for the call is
POST /users/{id | userPrincipalName}/sendMail
The tricky part is, as far as I can tell, personal Microsoft accounts don't have a userPrincipalName. Your "foobar#private.com" is an email address, but it isn't used as an identifier within Azure Active Directory or Graph.
Instead, you have to use your ID. You can get this with
GET /me
and the ID is the id field in the response.
Note that you may run into a separate problem with using an email address in the call, when it comes to work & school accounts. Commonly, people will have an address like "firstname.lastname#company.com", but this is only an alias for convenience; their userPrincipalName might be something more cryptic like "id123456#companytenantname.com". For this reason, it's best to stick to IDs throughout.
The description of how to POST to the Microsoft Graph SendMail api are correct in the question. The problem was only in the configuration of the application in Microsoft Azure portal Active directory. The administrator of the tenant created an app with two permissions with 'Admin consent'. The first is a Delegated permission, Microsoft Graph: 'Sign in and read user profile' the second is an Application permission, Microsoft Graph: 'Send mail as any user'. The first is used to get a token that is valid for 1 hour and the second is used in the code you see in the question to send the mail itself with the aquired token. I have been told that there is a restriction in place that only makes it possible to send mail from one specific 'no-reply' address at the organization so you can't use the api to impersonate someone else. It is not clear to me how that restriction works just that is does.

Gmail search with API and access token

I am trying to fetch Gmail search results from Gmail API using an access token.
The following code works and returns an array of my email IDs:
fetch(`https://www.googleapis.com/gmail/v1/users/${userId}/messages?access_token=${accessToken}`)
I then try to append a search query following the Gmail API documentation guidelines
fetch(`https://www.googleapis.com/gmail/v1/users/${userId}/messages?access_token=${accessToken}?q=${text}`)
and it brings this error code: 401, message: 'Invalid Credentials'
Authentication scope is set to https://mail.google.com/ which assumes full control of the email. I tried swapping access_token and q parameters, as well as removing the access_token parameter but still no success. What am I doing wrong?
`https://www.googleapis.com/gmail/v1/users/${userId}/messages?access_token=${accessToken}?q=${text}
you are preforming a HTTP GET in this call. Additional parameters are tacked on using a & only the first one starts with a ?
try this:
`https://www.googleapis.com/gmail/v1/users/${userId}/messages?access_token=${accessToken}&q=${text}

Got These credentials do not authorize access from nokia here api getlinkinfo

I'm performing the following call:
http://route.st.nlp.nokia.com/routing/7.2/getlinkinfo.json?app_id=APP_ID&waypoint=LATITUDE%2CLONGITUDE&app_code=APP_CODE
it always worked until yesterday, when I started getting http 403 error with the following json error message:
{
"response":{
"_type":"ns2:RoutingServiceErrorType",
"type":"SystemError",
"subtype":"SystemError",
"details":"These credentials do not authorize access. Please contact your customer representative or submit a request here https://developer.here.com/contact-us to upgrade your account. You can also get valid credentials by registering for a free trial license on https://developer.here.com.",
"metaInfo":{
"timestamp":"2017-11-08T10:48:02Z",
"mapVersion":"8.30.76.154",
"moduleVersion":"7.2.201744-2851",
"interfaceVersion":"2.6.34"
}
}
}
I checked my account but it's a Public Basic Plan one so there is no expiration or restriction on the api I'm calling.
Domains with nokia.com aren't supported anymore. You need to change the domain name to the actual one.
Try to use https://route.api.here.com/

Invalid tag for push notifications in Windows Azure

I am building a Windows Phone 8.1 application and want to add push notifications from Windows Azure. I am creating the channel by using CreatePushNotificationChannelForApplicationAsync, after which I take the resulting URI and store it in the Azure database. When trying to send a push notification by using push.wns.sendToastText01, I get the following error in the Azure logs:
Error in script '/table/Message.insert.js'. Error: 400 - An invalid tag 'https://db3.notify.windows.com/?token=AwYAAAC3tTi3W5ItZ0hWdZ3FLmELt%2flHcwpsM...' was supplied. Valid tag characters are alphanumeric, _, #, -, ., : and #.
I noticed that the channel URI contains the '%' which does not appear among the valid characters, yet that is the URI that gets generated in the client application. Am I using a wrong method for sending push notifications or is there something else I am missing?
Edit: I am using Node.js for backend in Azure.
request.execute({
success: function() {
push.wns.sendToastText01(channelUri, {
text1: "Google Plus Friend Tracker",
text2: item.content,
param: '/ChatPage.xaml?friendGoogleId=' + item.author_id
})
}
});
Looking at the wns object documentation, the first parameter would be the tags that you are sending to. Since you're providing a channel in the code above, you are getting the error specified.
The backend does not need to provide the channel URI, as this was associated with the Notification Hub via the client-side registration action. If you are broadcasting the message, you would just provide null as the tag value. Otherwise, you can use the tags that were specified when you registered the channel URI.
For more about the process, see the "Get started with push" tutorial. There is also an example of using a tag (user ID) in the "Send push notifications to authenticated users" tutorial. For more on tags in general, the Notification Hubs breaking news tutorial is also good.

Resources