I'm struggling to access headers sent to my API in Grape. In my test specs I am sending a GET request with an email in a header. I want to extract the email sent in the header as it hits the API and record it in an instance of my Audit model. However I can't access the header here through request.headers, any idea what I can do?
Related
I need to trigger Twilio Flow Rest API via a webhook that freshdesk have on the automation feature.
Twilio Flow
I configure the automation with webhook service: https://webhook.site and i received the data.
Freshdesk Automation Webhook configuration
When I use POSTMAN to trigger the flow it works perfectly.
POSTMAN TWILIO
Based on your screenshots, you are sending the data differently to Twilio with each approach.
The Freshdesk example is sending application/json but Postman (which you indicated works) is using form-data.Try selecting X-FORM-URLENCODED on the Freshdesk side.
Creating or Updating Resources with the HTTP POST and PUT Methods
"Creating or updating a resource involves performing an HTTP PUT or HTTP POST to a resource URI. In the PUT or POST, you represent the properties of the object you wish to update as form urlencoded key/value pairs. Don't worry, this is already the way browsers encode POSTs by default. But be sure to set the HTTP Content-Type header to "application/x-www-form-urlencoded" for your requests if you are writing your own client."
Task is to receive messages and delete messages. Am modeling this in Postman. I can successfully execute the receive messages action, but not the delete message action.
I have tried copying the receipt handle string from the receive messages response and using it in the delete messages request, and also tried url encoding the string. Both returned errors
In Postman I run the aws sqs ReceiveMessage action and get the ReceiptHandle
<ReceiptHandle>AQEBjiliZegyBS/ZO9wta+a/heA/tSx/f6tLFqfH38jEZ2r9zguHAljXhG/B8tXaM+S6MKs/XGyZ206S3NC2V38CUKLO+sPF0mfP47wqu7+nAIwettlxTGQAYuCFqI1CYBYHXxgajB1UEiFz8Kc6v8SlWs/VPLX+IWjckoQOtMRl977sxM5pCLhMNvIwh1RYFvybM0D0WEbJEuYb9JU3DZuRZg/K5rjvNooPqER4FR1JJxpZiJ0tu6481CyePLtEh/J4+Yd2kYRyuqN788oEdSTZIKprA6lHUCiCmeuqCb0yEDsxJcCVX4GmDok5KMHm/E2bgjpRjVRxZ+mrnLqTSwojt0LXg61vv8dNF8QD4sngPXqhmKQ7yp5O6S8ygn4lIPaUGOl5cgX1HsB3Q9Pfv3sg4A==</ReceiptHandle>
Then I run the aws sqs DeleteMessage action
Try #1
Pass the ReceiptHandle with exact copy
Action=DeleteMessage&ReceiptHandle=AQEBjiliZegyBS/ZO9wta+a/heA/tSx/f6tLFqfH38jEZ2r9zguHAljXhG/B8tXaM+S6MKs/XGyZ206S3NC2V38CUKLO+sPF0mfP47wqu7+nAIwettlxTGQAYuCFqI1CYBYHXxgajB1UEiFz8Kc6v8SlWs/VPLX+IWjckoQOtMRl977sxM5pCLhMNvIwh1RYFvybM0D0WEbJEuYb9JU3DZuRZg/K5rjvNooPqER4FR1JJxpZiJ0tu6481CyePLtEh/J4+Yd2kYRyuqN788oEdSTZIKprA6lHUCiCmeuqCb0yEDsxJcCVX4GmDok5KMHm/E2bgjpRjVRxZ+mrnLqTSwojt0LXg61vv8dNF8QD4sngPXqhmKQ7yp5O6S8ygn4lIPaUGOl5cgX1HsB3Q9Pfv3sg4A==&Version=2012-11-05
In the response, Postman shows the ‘+’ being replaced with spaces, so assume this is an encoding problem:
The input receipt handle "AQEBjiliZegyBS/ZO9wta a/heA/tSx/f6tLFqfH38jEZ2r9zguHAljXhG/B8tXaM S6MKs/XGyZ206S3NC2V38CUKLO sPF0mfP47wqu7 nAIwettlxTGQAYuCFqI1CYBYHXxgajB1UEiFz8Kc6v8SlWs/VPLX IWjckoQOtMRl977sxM5pCLhMNvIwh1RYFvybM0D0WEbJEuYb9JU3DZuRZg/K5rjvNooPqER4FR1JJxpZiJ0tu6481CyePLtEh/J4 Yd2kYRyuqN788oEdSTZIKprA6lHUCiCmeuqCb0yEDsxJcCVX4GmDok5KMHm/E2bgjpRjVRxZ mrnLqTSwojt0LXg61vv8dNF8QD4sngPXqhmKQ7yp5O6S8ygn4lIPaUGOl5cgX1HsB3Q9Pfv3sg4A==" is not a valid receipt handle.
Try #2
URL Encode the Receipt Handle:
Action=DeleteMessage&ReceiptHandle=AQEBjiliZegyBS%2FZO9wta%2Ba%2FheA%2FtSx%2Ff6tLFqfH38jEZ2r9zguHAljXhG%2FB8tXaM%2BS6MKs%2FXGyZ206S3NC2V38CUKLO%2BsPF0mfP47wqu7%2BnAIwettlxTGQAYuCFqI1CYBYHXxgajB1UEiFz8Kc6v8SlWs%2FVPLX%2BIWjckoQOtMRl977sxM5pCLhMNvIwh1RYFvybM0D0WEbJEuYb9JU3DZuRZg%2FK5rjvNooPqER4FR1JJxpZiJ0tu6481CyePLtEh%2FJ4%2BYd2kYRyuqN788oEdSTZIKprA6lHUCiCmeuqCb0yEDsxJcCVX4GmDok5KMHm%2FE2bgjpRjVRxZ%2BmrnLqTSwojt0LXg61vv8dNF8QD4sngPXqhmKQ7yp5O6S8ygn4lIPaUGOl5cgX1HsB3Q9Pfv3sg4A%3D%3D&Version=2012-11-05
Error response is:
The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
Does the receipt handle need to be encoded?
Based on SQS DeleteMessage docs, your second attempt with URL encoding the receipt handle is correct.
It looks like you're having a problem with authentication & authorization - you need to sign your requests with auth params - this is what prevents (a) others from making unauthorized requests to your account's resources, and (b) others from intercepting and modifying (or replaying) your requests to your account's resources.
This tutorial provides great details on this how to do this auth via postman:
Postman makes it easy to setup all the necessary authorization using Collections. Configure the AWS authorization in the parent collection with the Access Key and Secret Access Key found in the AWS Console:
Then reference that authorization in each request:
For full information on how to construct the auth params more manually (which AWS API will do for you by the way), see http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
I am currently using Postman to test my REST API. I've built it using Ruby-On-Rails, and using devise_token_auth to manage users sessions. After a successful log in, my API is rendering a client, an access-token, a token-type(BEARER) and an Uid. These elements are needed for every request that requires the user to be logged in and have to be sent on the header.
Let's say I am creating an article using a POST. The first POST succeeds and creates the article but when I try to create another article, I get :
{
"errors": [
"Authorized users only."
]
}
I suspect either Postman is behaving as a different client after each request, or my API is creating an access-token for the user after each request.
I finally managed to fix the issue:
According to devise_token_auth gem documentation, the access-token changes each time the client queries the API. Thus, I had to update the access-token, on my headers, whenever I wanted to send a request to my API.
To prevent the access-token from being changed after each request, add the following line to confing/initializers/devise_token_auth.rb:
config.change_headers_on_each_request = false
I added an answer to this linked question that applies to this question also. Using Tests and Pre-Requests scripts you can have Postman automatically save and update the token after each request.
This lets you use Postman without having to set config.change_headers_on_each_request = false inside your Rails app.
In the inbound emails second, it said in the docs that when an email is received, it will forward the email through a POST request, so I should have an endpoint that will receive these POST requests. The thing is, we want the POST request sent by mandrill to have specific header values, possibly a token to verify it's from mandrill. Otherwise, I think anyone will be able spam us with fake POST requests. Is it possible to add a custom header?
It's not currently possible to add a custom header for POSTs. Mandrill, does, however, offer webhook authentication so you know it's coming from Mandrill and hasn't been modified.
I know same question has been asked many times but even after following each and every post as well trying various suggestions, I am still facing invalid_request error.
I am able to get code successfully from Google API and when I am trying to access accessToken , I am getting this error and HTTP code being sent from Google API is 400.
I have already tried and compared my data with oauthplayground and seems everything is same
Following data is being sent from my Application to Google API
https://accounts.google.com/o/oauth2/auth?
scope=openid+profile+email
&response_type=code
&redirect_uri=http%3A%2F%2Fsavealifetoday.org%2Fblood_donors%2FoAuthCallBackAction%3Fservice_provider_name%3D
&approval_prompt=force
&client_id=193214746340-ea0nq5alpst82n2fno13s9j21pn4f4pf.apps.googleusercontent.com
Access Token URL
https://accounts.google.com/o/oauth2/token?
scope=openid+profile+email
&client_secret=***********
&grant_type=authorization_code
&redirect_uri=http%3A%2F%2Fsavealifetoday.org%2Fblood_donors%2FoAuthCallBackAction%3Fservice_provider_name%3D
&code=4%2F8veoAnihzkao58oWvZaRShn5nhYg.0to7Or-lHPwRXE-sT2ZLcbTblHXFhgI
&client_id=193214746340-ea0nq5alpst82n2fno13s9j21pn4f4pf.apps.googleusercontent.com
But When Application is trying to fetch data over the network, I am getting exception
SEVERE: Error while fetching access token for Google..
OAuthProblemException{error='invalid_request', description='null', uri='null', state='null', scope='null', redirectUri='null', responseStatus=0, parameters={}}
I am using URLConnectionClient to establish network connection
Go through the OAuth flow using the OAuth playground https://developers.google.com/oauthplayground/.
Then compare what is being sent with your own.
Note that it needs to be an HTTP POST. The code you posted looks like a GET.
Also, your redirect URL looks a little odd. Is that exactly the same URL that you registered in the API console? This is isn't your current error, but will probably become your next one ;-)
It seems that you forgot to send 'state' parameter here (it is mandatory!):
https://accounts.google.com/o/oauth2/auth?
scope=openid+profile+email
&response_type=code
&redirect_uri=http%3A%2F%2Fsavealifetoday.org%2Fblood_donors%2FoAuthCallBackAction%3Fservice_provider_name%3D
&approval_prompt=force
&client_id=193214746340-ea0nq5alpst82n2fno13s9j21pn4f4pf.apps.googleusercontent.com
In Java code you can generate it in a way like this:
String state = new BigInteger(130, new SecureRandom()).toString(32);
So you request should look like this:
https://accounts.google.com/o/oauth2/auth?
scope=openid+profile+email
&response_type=code
&redirect_uri=http%3A%2F%2Fsavealifetoday.org%2Fblood_donors%2FoAuthCallBackAction%3Fservice_provider_name%3D
&approval_prompt=force
&client_id=193214746340-ea0nq5alpst82n2fno13s9j21pn4f4pf.apps.googleusercontent.com
&state= {insert_here_generated_state}
And also I don't know if it is necessary to send a 'scope' parameter in "Access Token URL".