when you access the homepage, A lot of APIs will be exposed.
But I have the baseURI and BasePath of the API I want.
For Example, When you connect to http://www.example.com, Among various APIs, an api called http://www.example.com/person/ajaxPersonList?name="Doe"&Age=30 is also called.
This API has a variety of params
So, if i know baseURI(http://www.example.com) and basePath(person/ajaxPersonList)
Is it possible to get params using restAssured?
The answer is NO.
If you are working on this project, you can access API document. You can see the params that each API is using.
If you are investigating the web app online, you have to try and error.
Related
LinkedIn api provides access token to use it in url to post a message which uses oauth2 in Rest client. So by using the url in my application, i can post the message.
Twitter api uses oauth1 to tweet by accepting parameter.But the problem is timestamp,nounce,oauth_signature parameters gets auto generated and keep on changing for every request in Rest client.Here url is not sufficient to tweet, it need parameters but 3 parameters keep on changing on Rest client.
I tried to pass every parameter in url, it throws
error: code 32, could not authenticate you
i am dependent only on url to send a tweet.My application supports parameters too but three parameters are auto generating.I cant auto generate bcz i am hardcoding it in my application.
Is there any solution to tweet by using url?
Is there any way to make those 3 parameters fixed?
It's hard to tell what's going on here. Perhaps you could post more of the code and what you expected to happen?
By definition the nonce is a number only used once, and shouldn't be hardcoded. The timestamp also should reflect the current time on each request.
https://en.wikipedia.org/wiki/Cryptographic_nonce
I have an endpoints API that I'm accessing with a Dart client library generated with discoveryapis_generator. All is well and good except that the generated library doesn't appear to reflect the authentication requirements of my API.
Is it only necessary to somehow create an authenticated http object to pass to my application's BrowserClient() constructor in the following line?
my_api = new MyApi(new BrowserClient());
Is the recommended method for creating the authenticated http object to use the googleapis_auth package as described here? Am I on the right track?
The authentication is not part of the API itself. It is actually the http client that will send the proper http header for user authentication. Assuming you use the standard google auth mechanism, you can use the package https://pub.dartlang.org/packages/googleapis_auth as you would for a standard Google API (Drive, etc...).
You will have to create a clientId (google console) and use BrowserOAuth2Flow to get an AuthClient (that extends http.client) and from then do new MyApi(authClient)
I have a (quite old) project where I override the standard behavior of google auth to allow specifying a userId (never really found the doc on that but it works) during authentication with a simple example that use the PlusApi to get the user name but it could work in a similar way for your own api. Maybe that could help https://github.com/alextekartik/tekartik_googleapis_auth.dart
I think you need at least the email scope when calling createImplicitBrowserFlow
There are also samples for using google apis that could help: https://github.com/dart-lang/googleapis_examples
I am working on Asp.Net MVC 5. When i click a link (placed in another website) I navigate to UserDetails.cshtml page. Basically that 3rd party site is passing the UserName & Password to my site & using that I authorize & display further user info.
It's fine but the Url is looking like this
localhost:8080//Admin/UserDetails/UserName/PWD.
I don't want to show the UserName & Password in URL i.e URL should look something like :
localhost:8080//Admin/UserDetails/
One possible solution could be rewrite the URL in IIS (http://www.hanselman.com/blog/ASPNETMVCAndTheNewIIS7RewriteModule.aspx)
But I believe there is an easier way to handle this by using the routing mechanism of MVC.
Please help me to figure out the same.
EDIT :
As many of you are confused why I am not doing a Form Post here, let me re-frame my question. I have no control over the third party application, so I cant request them to do a form Post to my MVC application. Again the 3rd party application is a Oracle Reporting application (OBI), so doing a POST from that application might not be feasible too...
Let me reverse engineer your requirements from your question:
I want to have an URI that when invoked will give access to a secured section of my website. This URI must be clicked by visitors of a third-party site, whom I give that URI to. I want to hide the credentials from the URI.
You cannot do this, the requirements are conflicting. You cannot hand out URIs that will authenticate anyone who fires a request to that URI.
You could do something with a token (like http://your-site/auth/$token), but then still, anyone with access to that URI can use it to authenticate themselves, or simply put it up on their own website.
If you have data you want to expose to a third-party site, let that site perform an HTTP request (with tokens, usernames, headers or whatever you want to use to authenticate) in the background to your site, and display the response in their site. Then the visitor won't see that traffic, can't share the URI and all will be secure.
No. No. NO. Like seriously, NO. Any sensitive information should be sent via a post body over a secure connection (HTTPS). You can't "hide" information in a GET request, because it's all part of the URI, or the location of a particular resource. If you remove a portion, it's an entirely different location.
UPDATE
I find it extremely hard to believe that any third-party application that needs to authenticate via HTTP and isn't designed by a chimp with a typewriter, wouldn't support a secure method to do so, especially if it's an Oracle application. I'm not familiar with this particular app, but, and no offense meant here, but I would more easily believe that you've missed something in the documentation or simply haven't found the right way to do it yet before I'd believe you have to send clear-text credentials over GET.
Regardless, as I said previously, there's no way to hide information in a GET request. All data in a GET is part of the URL, and therefore is plainly visible in the browser location bar or whatever. Unfortunately, I have no advice for you other than to look closer at the documentation, even reach out to Oracle if you have to. Whether by post or something like OAuth, there almost has to be another way.
when I write this
https://api.twitter.com/1.1/search/tweets.json?q=%23baseball&result_type=recent to search for #baseball but then I get a Bad Authentication data.
How do I add the Authentication to the request? I'm asking how do I make the request? Could someone give me an example of how it would look? If I have a Consumer Key and an Access Token?
The 1.1 API assures that all requests made to Twitter are made with some sort of authentication. To try out the API, use the API console here: https://apigee.com/console/twitter
To simply browse the request, use one of the auth methods in the console and pass in your request with GET https://api.twitter.com/1.1/search/tweets.json?q=baseball&result_type=recent
I am trying to make a GET request with AFNetworking to facebook's graph api. For various reasons, I'd rather not use the facebook SDK's native objects and would prefer to make those requests via AFNetworking. However, I'm a bit new to the networking side of things and I am unsure how to include the access token along with my GET request. Can anyone point me in the right direction?
I've tried setting the http header field to include this:
Authentication : {my access token}
but that doesn't seem to be working.
You need to add access_token as a URL query parameter for GET requests. See the docs here.