I'm trying to access Twitter's OpenAPI, which I believe is found here: https://api.twitter.com/labs/1/openapi.json
When I do this, I keep getting error 131:
Is this the correct uri to access it?
Am I maybe missing something, like a querystring param?
BTW, Error 131 is an "internal" version of HTTP Error 500.
You can try this openapi from Twitter:
https://api.twitter.com/2/openapi.json
The resource is from here: https://github.com/twitterdev
Related
While designing a GET endpoint I am confused ...
Have designed Open API spec 3.0 for successful response ( 200 ) , invalid request ( missing mandatory stuff ) ( 400 )
Now I am confused about things like : 401 ( Unauthorized ) , 405 ( Method not allowed ) , 415 ( Unsupported Media type )
This API will need an api key to be provided in header and if not provided by user or an invalid api key is provided then they should get a 401
So I think I should be specifying 401 in my response spec .
However when I look at swagger's Pet store ( https://editor.swagger.io/ ) they are not having this response code anywhere ... ?
My API spec ONLY supports GET with Content-type : application/json so I am thinking we dont need 405 ( DELETE / POST / PUT etc ) .
Similarly if consumer sends application/xml or anything other than application/json we are not supporting it so this is why we should not be explicitly defining 415 in the spec ?
A bit confused which is why am looking into some inputs.
Was referring to some pages here and here
I think it is a good idea to document the Response Codes the API might return, it is indeed supported (but optional) by OpenAPI.
The consumers might find useful to know 401 Unauthorized means the JWT token is not supplied or it is expired, or 400 means the payload is incorrect (i.e. missing a specific attribute).
Check this example if you would like to see how Response Codes are documented and displayed by Swagger UI.
However when I look at swagger's Pet store they are not having this response code anywhere ... ?
The Pet Store is really just an example that one can use as a starting point or when you want to feed a tool with a sample spec. It is not meant to be normative. If you look through the sample code, you will even find paths which are RPC style (e.g. here) and other things that are not exactly RESTful.
why we should not be explicitly defining 415 in the spec ?
I think the blogposts that you found are helpful and do not contradict each other. Both of them rightfully recommend you to use the standard http response codes and provide a helpful error body. Some people omit response codes that they think are self-explanatory. But IMO, adding these few lines is totally worth it. If you add them diligently, then you get a key aspect of openapi right: The purpose of openapi is clarity and predictability of the capabilities and behaviour of your API.
So in summary: Yes, think about the responses that you are going to need, and do include these response codes in your api spec.
I'm starting to use Insight API for Twitter from IBM Bluemix.
It's hard to find supporting resource for using this. So far I am using CURL and specifically formed URL to query the API service, and the service returns results in JSON format.
Here's an example of the URL I used with CURL to search for some tweets with the API:
https://(my seucrity key)#cdeservice.mybluemix.net:443/api/v1/messages/search?q=$MSFT%28posted:2016-01-01T00:00:00Z,2016-09-01T00:00:00Z%29&size=20
This URL returns a JSON object with tweets with keyword #MSFT, and between the time frame of 2016-1-1 to 2016-9-1, only return 20 tweets.
I would like to add to that link by specifying a language for the tweet to search for, so far I come up empty. Can you please help me ?
I have tried adding the following to the URL and did not do anything:
lang=EN, lang="en"
lang:en, lang:EN
Thanks.
The syntax is lang:en and you need to make sure to include it as part of your query.
I created the following query based on the one you provided in your question:
https://username:password#cdeservice.mybluemix.net:443/api/v1/messages/search?q=(%24MSFT%20AND%20posted%3A2016-01-01T00%3A00%3A00Z%2C2016-09-01T00%3A00%3A00Z%20AND%20lang%3Aen)&size=20
The unencoded query is
($MSFT AND posted:2016-01-01T00:00:00Z,2016-09-01T00:00:00Z AND lang:en)
You can find documentation here.
But in this link you can find more details on the syntax, which is:
/api/v1/messages/search?q=QUERY&size=NUMBER&from=NUMBER
I followed this tutorial and have gotten to the point where I am decoding the returned token, and extracting the email address (which should be stored in the preferred_username property), ie, the following code:
decoded_token = Base64.urlsafe_decode64(encoded_token)
jwt = JSON.parse(decoded_token)
email = jwt['preferred_username']
The problem is that the object returned doesn't contain this property, what I do get back is similar to below:
{
"ver":"2.0",
"iss":"https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0",
"aud":"0ab6433e-84fc-469b-8c72-41f7a0241a61",
"exp":1458142389,
"iat":1458055989,
"at_hash":"0OYaLKpTTdHNBrQNOqwQ0Q",
"sub":"AAAAAAAAAAAAAAAAAAAAAC1TrOaOmvInYrFAyrQjlFI",
"tid":"9188040d-6c67-4c5b-b112-36a304b66dad"
}
A quick glance at the spec indicates I am getting the correct object back from Office 365, as preferred_username is mentioned as a potential claim, but it isn't in the object I get back.
It's possible I'm not calling the get_token function with the correct parameters, but the documentation for the library is pretty sparse, so I can't really tell.
I have raised an issue on Github.
Is this an error on the Office 365 end, an error with the tutorial, or am I doing something wrong myself?
Answered here by Jason Johnston from Microsoft (author of the tutorial):
The Azure team deployed a breaking change to their v2 auth endpoint, which is causing the preferred_username to not be present. You need to add profile to the SCOPES array in auth_helper.rb. I'll post an update to the tutorial after the Build conference.
The SCOPES array in auth_helper.rb now looks like so:
SCOPES = [ 'openid', 'https://outlook.office.com/mail.read', 'profile' ]
I am try to reproduce this issue using normal HTTP request however I could get the preferred_username property successfully.
As far as I know, we can get this property only when we specific the openid scope in the request. To narrow down this issue, I suggest that you trying use Fiddler or Postman without Ruby.
Here is the test using web browser and Fiddler to get the id token for your reference:
Register the app in the portal using Office 365 account( which you can refer to the tutorial)
Get the auth code in a web broswer via the link below:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={ClientID}&response_type=code&redirect_uri={RedirectURL}&response_mode=query&scope=https%3A%2F%2Foutlook.office.com%2Fmail.read%20https%3A%2F%2Foutlook.office.com%2Fmail.send%20openid&state=12345
Replace the auth code from preview request and using Fiddler to post the request to get the tokens:
POST: https://login.microsoftonline.com/common/oauth2/v2.0/token
grant_type=authorization_code&client_id={ClientID}&scope=https%3A%2F%2Foutlook.office.com%2Fmail.read%20https%3A%2F%2Foutlook.office.com%2Fmail.send%20openid&redirect_uri=http%3A%2F%2Flocalhost%3A55065%2F&client_secret={ClientSecret}&code={AuthCode}
Decode the ID token from the link below:
https://jwt.io/
Then I could get the preferred_username property from the ID token successfully.
Steps to reproduce
Register a redirect_uri in the client: http://example.com/publisher/auth
Direct a user to the /oauth/authorize endpoint with the redirect_uri including a query parameter:
https://api.instagram.com/oauth/authorize/?client_id=xxx&redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth%3FinviteId%3D00001000-cf33-11e4-9f26-8789dd0b3e01&response_type=code&scope=basic&type=web_server
For reference, those query parameters are:
client_id=xxx
redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth%3FinviteId%3D00001000-cf33-11e4-9f26-8789dd0b3e01
response_type=code
scope=basic
type=web_server
Authenticate an instagram user and allow the app.
The user is redirected back to the correct redirect_uri.
Use the code query parameter from the redirected URI to post to Instagram's /oauth/access_token endpoint.
Expected behavior
The endpoint responds with 200 and an access token.
ACTUAL behavior
The endpoint responds with:
code=400
error_type = 'OAuthException'
error_message = 'Redirect URI doesn't match original redirect URI'
What I've Investigated So Far
To confirm that this is a problem with Instagram, I checked the API docs which very clearly state that adding query parameters to the redirect URI should be possible. I also tried varying only that query parameter. For example, when replaced with this /oauth/authorize URL I get the expected behavior:
https://api.instagram.com/oauth/authorize/?type=web_server&client_id=xxx&redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth&response_type=code&scope=basic
For reference, those query parameters are:
client_id=xxx
redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth
response_type=code
scope=basic
type=web_server
Notes
This question is actually a duplicate of another question which actually didn't really turn out to be a question, and which never got any answers.
I have submitted a bug with Instagram, but I wanted to see if anyone had found this or come up with a workaround.
Had the same issue today. To get the custom data passed between requests you must include it as state param. My authorize request url looked something like this:
https://www.instagram.com/oauth/authorize?client_id=SOME_CLIENT_ID&response_type=code&redirect_uri=http://example.com/auth/InstagramRedirect/&state=855C0114-F860-420A-AEB1-A276644FCCEA
Notice the & and state=...
You have to provide the redirect_uri with your extra search params as the last parameter:
https://www.instagram.com/oauth/authorize/?client_id=be1b911b487f4919b9c2fb7df0c4142c&type=web_server&response_type=code&scope=basic&redirect_uri=https://wpwifidemo.alepo.net/instagram/joinus/?inviteId=00001000-cf33-11e4-9f26-8789dd0b3e01
User will be redirected to:
https://wpwifidemo.alepo.net/instagram/joinus/?inviteId=00001000-cf33-11e4-9f26-8789dd0b3e01&code=CODE
It might be too late reply for this question. But i faced the same issue today & got this question already posted and solution for passing parameters to authentication URL is as follows.
It seems that your extra parameter is type=web_server , taking that into consideration, your URL for getting for code should be as follows
https://www.instagram.com/oauth/authorize/?client_id=be1b911b487f4919b9c2fb7df0c4142c&redirect_uri=https://wpwifidemo.alepo.net/instagram/joinus/?type=web_server&response_type=code&scope=basic
And then while calling the accessToken API append your redirect_uri parameter with your passed parameter (not the same configured in the app).
e.g.
redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth%3FinviteId%3D00001000-cf33-11e4-9f26-8789dd0b3e01?type=web_server
I've downloaded this repo (api-presentation) to experiment with api in rails app.
Here's an article with video that explains what is api and how to use it....
http://www.aomran.com/designing--building-restful-json-apis/
Now I'm trying to add a record through POST request with Postman extension and I'm geting:
param is missing or the value is empty: contact
What am I doing wrong?
Here's a screen with the error:
I added Header/Value and it worked for me. The question's probably lame.