How do I get organization ID? I tried this:
https://app.asana.com/api/1.0/organization_exports
But it returns
{"errors":[{"message":"Not Found","help":"For more information on API status codes and how to handle them, read the docs on errors: https://asana.com/developers/documentation/getting-started/errors"}]}
Of course I'm logged in, or use an access token, and other API calls work fine.
My final goal is to make use of the organization ID in https://github.com/Asana/export_importer.
sorry for the delay - the system that was supposed to alert us to your question didn't pick this one up.
The easiest way to get the organization ID is to query our API for your user to see what organizations you're a member of, rather than use the organization_exports endpoint - that's for exporting a full organization data dump for backup or reporting purposes.
If you look at our API documentation for getting your user at app.asana.com/api/1.0/users/me, you'll see that your user record returns a list of workspaces which have ID and name information. This is probably the most straightforward way to get your organization ID from our API.
Related
What is the best-supported approach for tracking logged-in Usernames/Ids in App Insights telemetry?
A User with Username "JonTester1" said some Pages he visited 4 hours ago were really slow. How can I see everything JonTester1 did in App Insights to trouble shoot/know which pages he's referring to?
Seems like User Id in App Insights is some Azure-generated anonymized thing like u7gbh that Azure ties to its own idea of the same user (thru cookie?). It doesn't know about our app's usernames at all.
I've also seen a separate field in App Insights called Auth Id (or user_AuthenticatedId in some spots), which looks to sometimes have the actual username e.g. "JonTester1" filled in - but not always... And while I don't see any mention of this field in the docs, it seems promising. How is our app's code/config supposed to be setting that Auth Id to make sure every App Insights log/telemetry has it set?
Relevant MS docs:
https://learn.microsoft.com/en-us/azure/azure-monitor/app/usage-send-user-context
This looks to just copy one library Telemetry object's User Id into another... no mention of our custom, helpful Username/Id anyway... and most in-the-wild examples I see don't actually look like this, including MS docs own examples in the 3rd link below; they instead hardcode get a new TelemetryClient()
https://learn.microsoft.com/en-us/azure/azure-monitor/app/website-monitoring No mention of consistently tracking a custom Username/Id
https://learn.microsoft.com/en-us/azure/azure-monitor/app/api-custom-events-metrics#authenticated-users Shows some different helpful pieces, but still no full example. E.g. it says with only the setAuth... JS function call (still no full example of working client-side JS that tracks User) on the page, you don't need any server-side code for it to track custom User Id across both client-side and server-side telemetry sent to Azure... yet then it also shows explicit code to new up a TelemetryClient() server-side to track User Id (in the Global.asax.cs or where?)... so you do need both?
Similar SO questions, but don't connect the dots/show a full solution:
Azure Insights telemetry not showing Auth ID on all transactions
Application Insights - Tracking user and session across schemas
How is Application insight tracking the User_Id?
Display user ID in the metrics of application Insight
I'm hoping this question and answers can get this more ironed out; hopefully do a better job of documentation than the relevant MS docs...
The first link in your question lists the answer. What it does show you is how to write a custom telemetry initializer. Such an initializer lets you add or overwrite properties that will be send along any telemetry that is being send to App Insights.
Once you add it to the configuration, either in code or the config file (see the docs mentioned earlier in the answer) it will do its work without you needing to create special instances of TelemetryClient. That is why this text of you does not make sense to me:
[…] and most in-the-wild examples I see don't actually look like this, including MS docs own examples in the 3rd link below; they instead hardcode get a new TelemetryClient()
You can either overwrite the value of UserId or overwrite AuthenticatedUserId in your initializer. You can modify the code given in the docs like this:
if (requestTelemetry != null && !string.IsNullOrEmpty(requestTelemetry.Context.User.Id) &&
(string.IsNullOrEmpty(telemetry.Context.User.Id) || string.IsNullOrEmpty(telemetry.Context.Session.Id)))
{
// Set the user id on the Application Insights telemetry item.
telemetry.Context.User.AuthenticatedUserId = HttpContext.Current.User.Identity.Name;
}
You can then see the Auth Id and User Id by going to your AI resource -> Search and click an item. Make sure to press "Show All" first, otherwise the field is not displayed.
Auth Id in the screenshot below is set to the user id from the database in our example:
We access the server from azure functions as well so we set the user id server side as well since there is no client involved in such scenarios.
There is no harm in settting it in both places, javascript and server side via an initializer. That way you cover all scenario's.
You can also manually add user id to app insights by
appInsights.setAuthenticatedUserContext(userId);
See App Insights Authenticated users
Logged in as the Office 365 Global Administrator, I want to get the relevant people list for any user in Active Directory.
I can get my calls to return using
https://graph.microsoft.com:443/v1.0/users('my.address#contoso.com')/people
and
https://graph.microsoft.com:443/v1.0/users/{the user id}/people
and
https://graph.microsoft.com:443/v1.0/users('{the user id}')/people
and
https://graph.microsoft.com:443/v1.0/users/my.address#contoso.com/people
but, as an Office 365 admin with People.Read.All consent in the app, the call only returns one person (the target user's profile) for any user but myself. If I call it for my user I get a list of ten people
If I log in as that other person and make the People List API call it returns the expected ten results.
JWT scope: "scp": "Files.ReadWrite Mail.Send People.Read.All User.Read
I have to change the scope to People.Read for the non-admin.
https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_list_people
the call only returns one person (the target user's profile) for any
user but myself.
Answer is in the API Doc. As the document says.
Retrieve a collection of person objects ordered by their relevance to
the user, which is determined by the user's communication and
collaboration patterns and business relationships.
The following request gets the people most relevant to another person in the signed-in user's organization
https://graph.microsoft.com:443/v1.0/users('my.address#contoso.com')/people
It might happen that there is no one relevant to that user.
If you want the list of contacts in other user's contact list then you can refer to this one :
https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_list_contacts
UPDATE
https://developer.microsoft.com/en-us/graph/graph-explorer
I used the demo account on this website. I used this query
https://graph.microsoft.com/v1.0/users/08fa38e4-cbfa-4488-94ed-c834da6539df/people It worked.
This query gives the same result
https://graph.microsoft.com/v1.0/users('08fa38e4-cbfa-4488-94ed-c834da6539df')/people
Same result
https://graph.microsoft.com/v1.0/users('MiriamG#M365x214355.onmicrosoft.com')/people/
Same result
https://graph.microsoft.com/v1.0/users/MiriamG#M365x214355.onmicrosoft.com/people/
If you still can't get it to work and specially on Graph Explorer Website. Then it means that according to Microsoft there are no relevant people for that particular user.
As you can see there are different ways to use the same thing. Try it all if it works. Let me know.
I am not seeing this behavior in the Graph Explorer sample tenant. The behavior seems to indicate that this is auth-related. I would try to sign in with the admin again and make sure that you've consented to any of the admin-only scopes. Additionally, one thing you can do to figure out whether you have the appropriate scope in your token is decoding the JWT and examining the "scp" collection.
I continue to get a "HTTP/1.1 403 Forbidden" response from a PUT request to /d2l/api/lp/1.2/courses/7917 . This may be a permission problem with the user/role that I'm using, but I can't figure out what specific permissions may be required. Can anyone point me to a list or matrix of valence routes and required permissions? Or, answer for this specific one?
The same appid/userid/username works for the GETs associated with the same path.
confused...
cwt
The permissions associated with API calls should mirror the permissions you'd have to have if you were to perform the relevant function through the Learning Envrionment's web UI. You can think about this problem in two ways:
Frame the question in terms of a user role: identify the class of users you'd reserve this ability for in your existing configuration, and ensure that a user of that role can make the call through the API as you'd expect.
Frame the question in terms of an abstract single user: start with a role that has no privileges and add permissions until you arrive at only the ones required for the API call. This is not a trivial exercise, and the first way is far more useful in the long run.
In this particular case, because the API requires you provide a complete course offering set of properties when you want to update it, you have to have permission to alter all the properties in the set (under the Manage Courses tool). You also need to be able to see the course info in the first place, so you need to have Course Management Console > See Course Info as well.
You're probably safest to look at the permissions array in the Manage Courses and Course Management Console tools for the user roles that would do this thing in the web UI and make sure that the users employing your app also have a similar permissions array specified in those tools.
I'm working on migrating from SOAP to valence API. I'm having some problems with a few calls like getting users (All users, based on role, by userID, etc) and grades (All variations).
I see an empty list returned with no items. There's no error of any kind. When I try to get the data using SOAP, I get the desired data.
I've checked the permissions for "Search for Students", so technically, I should be getting something when I try to get all users or by role id of students. What else am I missing here...
The D2LWS service's authentication mechanism puts the API caller in the position of being a privileged caller. The Valence Learning Framework APIs use a different auth model: the user ID/Key tokens that identify a user get employed by the back-end to restrict the functionality of calls. That is: the authenticated user should have access to the same functionality and data as the user would get through the web UI, and no more.
In this particular case, the calls succeed: they send back all the elements in the result set that your calling user has privileges to see -- none of them.
This is almost certainly an issue with the role privileges afforded to your calling user, and debugging the permissions around calls can be challenging. The Valence project's documentation provides a walkthrough topic on investigating role permissions that might shed let on a possible approach here, especially with respect to the calls to gain access to user records (or properties that appear in user records).
As the walkthrough discusses, there are various aspects to making the general call to /d2l/api/lp/{version}/users/ that bring permissions into play:
If you're trying to filter with a query parameter, does the calling user context have permissions to use the data on which you want to filter
Does the calling user context have permission to see properties affected by User Information Privacy settings
Does the calling user have permission to search for all the user roles they need to, in order find users in the result set
The users call operates on the root organization unit, so the permissions the calling user requires must be set on the organization org unit type.
By contrast, the Grades-related API calls operate not on the root organization unit, but typically on course offerings, sections, or groups. The permissions surrounding the calls there will get checked in the associated org unit types, so the calling user will need the right permissions against those types. Additionally, many of the calls related to course offerings (also sections and groups) require that the calling user be enrolled in the org unit in question (and in some cases, explicitly enrolled, not merely enrolled by cascading enrollment).
If you're sure that your calling user context does give you access to these things (and allows you access to this data through the web UI), and you still see a mismatch like this when you're calling through the API, then you may have uncovered a defect of some kind and you should please ask your organization's support contact, or your account manager, to open a support ticket to report that through Desire2Learn's support desk.
I'm doing some work with grades and the desire2learn Valence API. In the context I'm operating in, there is no way for us to get the orgUnitID directly. We are currently getting the Offering Code for each course but not the orgUnitID. Since the API requires the orgUnitID for any interactions with a course, is there any way to look up the orgUnitID using the offering Code for the course?
Thanks,
George
There is no call to search for a course by offering code, but, the offering code is set in the OrgUnitInfo structure. So I have seen people retrieve that structure as an indirection to get the actual ID. (For example when trying to retrieve grades)
If you have a user id for example you could get enrollments and go from there.
To answer further I would need a sense of how you wanted to walk the courses? Globally or for a specific user or something else?