I am working with testing out provisioning for an embedded device where I can't save the API key and feed ID when power cycling.
After activating the product once, I get 403 forbidden when trying to fetch the device API key and feed id for the second time, even though I am supplying a master API key (with read permission) when making the request. The request works however when using API key belonging to the device, which is an inadequate solution considering I don't have access to that API key.
My GET request is formatted as follows:
GET /v2/devices/<activation code>/activate.csv HTTP/1.1
Host: api.xively.com
X-ApiKey: <master API key>
Content-Length: 0
So, is there a way for an already activated device to receive its API key and feed ID?
A device can only be activated once. However, if you have a master key, retrieving the devices API key should be pretty easy. You say you don't know the devices feed ID, but if you used the activation endpoint I imagine you know its serial number?
If you do know its serial number try making a GET request to https://api.cosm.com/v2/products/PRODUCT_ID/devices/DEVICE_SERIAL with your master API key in the X-ApiKey header.
This should return the following JSON, with you feed ID and API key.
{
"device": {
"serial": "SERIAL",
"activation_code": "ACTIVATION_CODE",
"created_at": "2013-05-05T18:11:42Z",
"activated_at": "2013-10-18T16:25:07Z",
"feed_id": FEED_ID,
"api_key": "DEVICE_API_KEY"
}
}
You should also be able to make consecutive activations, if you pass the API key you got from the first activation.
Related
I'm getting started understanding what's required for Cybersource's Flex Microform integration. But to start with, I'm hoping to be able to see a valid response using my merchant ID, shared secret key and the general key that comes with generating the secret on the cybersource api reference page: https://developer.cybersource.com/api-reference-assets/index.html#flex-microform_key-generation_generate-key
This is using the HTTP Signature method and ChasePaymentech (default) processor.
If I use the default settings they supply and choose to do a test POST to here https://apitest.cybersource.com/flex/v1/keys?format=JWT&
The JSON response is good with no complaints of authentication.
If I try to do the same POST with my test environment merchant ID and keys I generated in my merchant environment here: https://ubctest.cybersource.com/ebc2/app/PaymentConfiguration/KeyManagement the POST response will return a 401 with this JSON:
{
"response": {
"rmsg": "Authentication Failed"
}}
Is this developer.cybersource.com site a valid place to perform this kind of test? Are there any other steps I need to do in the merchant account to have this Authenticate?
I'm just getting started on figuring out the CyberSource Flex Micro Form code out myself and it's pretty straight forward from what I can see. If you don't have the proper SDK already pulled in, you can fetch it from https://github.com/CyberSource
I had to use Composer to fetch all the dependencies but once I did, I was able to load up the microform checkout page in my browser window successfully. Make sure you edit the ExternalConfiguration file with your credentials that you setup in CyberSource.
The apiKeyId value is the value you can find in your CyberSource account under Key Management. This is the value with the dashes in it.
The secretKey value is the value you should have downloaded from CyberSource that is your public key. This is the value without the dashes and probably has a few slashes / in it.
That's all I had to do in my setup to get the first successful authentication / token on my end.
Cosmos DB, API Azure Tables, gives you 2 endpoints in the Overview blade
Document Endpoint
Azure Table Endpoint
An example of (1) is
https://myname.documents.azure.com/dbs/tempdb/colls
An example of (2) is
https://myname.table.cosmosdb.azure.com/FirstTestTable?$filter=PartitionKey%20eq%20'car'%20and%20RowKey%20eq%20'124'
You can create the authorization code for (1) on the client using the prerequest code from this Postman script: https://github.com/MicrosoftCSA/documentdb-postman-collection/blob/master/DocumentDB.postman_collection.json
Which will give you a code like this:
Authorization: type%3Dmaster%26ver%3D1.0%26sig%3DavFQkBscU...
This is useful for playing with the rest urls
For (2) the only code I could find to generate a code that works was on the server side and gives you a code like this:
Authorization: SharedKey myname:JXkSGZlcB1gX8Mjuu...
I had to get this out of Fiddler
My questions
(i) Can you generate a code for case (2) above on the client like you can for case (1)
(ii) Can you securely use Cosmos DB from the client?
If you go to the Azure Portal for a GA Table API account you won't see the document endpoint anymore. Instead only the Azure Table Endpoint is advertised (e.g. X.table.cosmosdb.azure.com). So we'll focus on that.
When using anything but direct mode with the .NET SDK, our existing SDKs when talking to X.table.cosmosdb.azure.com endpoint are using the SharedKey authentication scheme. There is also a SharedKeyLight scheme which should also work. Both are documented in https://learn.microsoft.com/en-us/rest/api/storageservices/authentication-for-the-azure-storage-services. Make sure you read the sections specifically on the Table Service. The thing to notice is that a SharedKey header is directly tied to the request it is associated with. So basically every request needs a unique header. This is useful for security because it means that a leaked header can only be used for a limited time to replay a specific request. It can't be used to authorize other requests. But of course that is exactly what you are trying to do.
An alternative is the SharedKeyLight header which is a bit easier to implement as it just requires a date and the a URL.
But we don't have externalized code libraries to really help with either.
But there is another solution that is much friendly to things like Fiddler or Postman, which is to use a SAS URL as defined in https://blogs.msdn.microsoft.com/windowsazurestorage/2012/06/12/introducing-table-sas-shared-access-signature-queue-sas-and-update-to-blob-sas/.
There are at least two ways to get a SAS token. One way is to generate one yourself. Here is some sample code to do that:
var connectionString = "DefaultEndpointsProtocol=https;AccountName=tableaccount;AccountKey=X;TableEndpoint=https://tableaccount.table.cosmosdb.azure.com:443/;";
var tableName = "ATable";
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(connectionString);
CloudTableClient tableClient = storageAccount.CreateCloudTableClient();
CloudTable table = tableClient.GetTableReference(tableName);
await table.CreateIfNotExistsAsync();
SharedAccessTablePolicy policy = new SharedAccessTablePolicy()
{
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(1000),
Permissions = SharedAccessTablePermissions.Add
| SharedAccessTablePermissions.Query
| SharedAccessTablePermissions.Update
| SharedAccessTablePermissions.Delete
};
string sasToken = table.GetSharedAccessSignature(
policy, null, null, null, null, null);
This returns the query portion of the URL you will need to create a SAS URL.
Another, code free way, to get a SAS URL is to go to https://azure.microsoft.com/en-us/features/storage-explorer/ and download the Azure Storage Explorer. When you start it up it will show you the "Connect to Azure Storage" dialog. In that case:
Select "Use a connection string or a shared access signature URI" and click next
Select "Use a connection string" and paste in your connection string from the Azure Portal for your Azure Cosmos DB Table API account and click Next and then click Connect in the next dialog
In the Explorer pane on the left look for your account under "Storage Accounts" (NOT Cosmos DB Accounts (Preview)) and then click on Tables and then right click on the specific table you want to explore. In the right click dialog you will see an entry for "Get Shared Access Signature", click on that.
A new dialog titled "Generate Shared Access Signature" will show up. Unfortunately so will an error dialog complaining about "NotImplemented", you can ignore that. Just click OK on the error dialog.
Now you can choose how to configure your SAS, I usually just take the defaults since that gives the widest access permission. Now click Create.
The result will be a dialog with both a complete URL and a query string.
So now we can take that URL (or create it ourselves using the query output from the code) and create a fiddler request:
GET https://tableaccount.table.cosmosdb.azure.com/ATable?se=2018-01-12T05%3A22%3A00Z&sp=raud&sv=2017-04-17&tn=atable&sig=X&$filter=PartitionKey%20eq%20'Foo'%20and%20RowKey%20eq%20'bar' HTTP/1.1
User-Agent: Fiddler
Host: tableaccount.table.cosmosdb.azure.com
Accept: application/json;odata=nometadata
DataServiceVersion: 3.0
To make the request more interesting I added a $filter operation. This is an OData filter that lets us explore the content. Note, btw, to make filter work both the Accept and DataServiceVersion headers are needed. But you can use the base URL (e.g. without the filter parameter) to make any of the REST API calls on a specific table.
Do be aware that the SAS token is scoped to an individual table. So higher level operations won't work with this SAS token.
I'm trying to load data from the Cloud API, but I don't know when to start my requests from. In the Device API there is "createdDate" key, but its never populated.
Is there a way to find this information from the API without asking the user?
I'm seeing the "createdTime" displaying correctly in my profile when I query the Profile API.
Request:
GET https://api.microsofthealth.net/v1/me/Profile
Response:
{
"firstName":"John",
"lastName":"",
"birthdate":"",
"postalCode":"",
"gender":"Male",
"height":19055,
"weight":549575,
"preferredLocale":"en-US",
"lastUpdateTime":"2016-06-04T00:07:58.950+00:00",
"createdTime":"2015-10-09T18:26:53.498+00:00"
}
I am building a Windows Phone 8.1 application and want to add push notifications from Windows Azure. I am creating the channel by using CreatePushNotificationChannelForApplicationAsync, after which I take the resulting URI and store it in the Azure database. When trying to send a push notification by using push.wns.sendToastText01, I get the following error in the Azure logs:
Error in script '/table/Message.insert.js'. Error: 400 - An invalid tag 'https://db3.notify.windows.com/?token=AwYAAAC3tTi3W5ItZ0hWdZ3FLmELt%2flHcwpsM...' was supplied. Valid tag characters are alphanumeric, _, #, -, ., : and #.
I noticed that the channel URI contains the '%' which does not appear among the valid characters, yet that is the URI that gets generated in the client application. Am I using a wrong method for sending push notifications or is there something else I am missing?
Edit: I am using Node.js for backend in Azure.
request.execute({
success: function() {
push.wns.sendToastText01(channelUri, {
text1: "Google Plus Friend Tracker",
text2: item.content,
param: '/ChatPage.xaml?friendGoogleId=' + item.author_id
})
}
});
Looking at the wns object documentation, the first parameter would be the tags that you are sending to. Since you're providing a channel in the code above, you are getting the error specified.
The backend does not need to provide the channel URI, as this was associated with the Notification Hub via the client-side registration action. If you are broadcasting the message, you would just provide null as the tag value. Otherwise, you can use the tags that were specified when you registered the channel URI.
For more about the process, see the "Get started with push" tutorial. There is also an example of using a tag (user ID) in the "Send push notifications to authenticated users" tutorial. For more on tags in general, the Notification Hubs breaking news tutorial is also good.
I'm working on an app that makes use of the googlemaps API. I'm not using any API key as I'm performing requests like http://maps.googleapis.com/maps/api/directions/json?origin=Brooklyn&destination=Queens&sensor=false&departure_time=1343641500&mode=transit (shown in one of the Google examples). Unfortunately, lately it keeps giving the following error:
{
"error_message": "You have exceeded your daily request quota for this API.",
"routes": [],
"status": "OVER_QUERY_LIMIT"
}
Even by adding a key I create as a parameter to the GET request (i.e., &key=blahblah), the result is always the same. Does this mean my I.P. is blocked by Google?
What can I do to get it back to work?
Thanks
When you use the key it means that that the limit for the account where the key has been created for has been reached.
When you don't use a key it means that the limit for the IP of your server has been reached.
What you can do:
wait until tomorrow or request the service from clientside