This is the OAuth header I have generated using OAuth1.0 Library. Given below .
{"Authorization":"OAuth realm=\"TSTDRV1606019\",oauth_consumer_key=\"c85f08d536fb43ffbf199896b970af6cc8ae3b9ffbd4d5a8d7bd35c36bbc58be\",oauth_nonce=\"PxTkoW9AHGgo36obe2qL\",oauth_signature=\"60eebfff6843f7fb652f98ce6dd65fe025d9837e\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=\"1497605488\",oauth_version=\"1.0\"","content-type":"application/json"}
I keep getting a USER_ ERROR like below
"error" : {"code" : "INVALID_REQUEST", "message" : "The request could not be understood by the server due to malformed syntax."}}
Can anyone please tell me where I am going wrong ?
Appreciate all the help !
AS of Netsuite release 2021.2, the TBA(Token Based Authentication) with HMAC-SHA1 signature method gets deprecated. And users who actively use HMAC-SHA1 have to switch to HMAC-SHA256. Otherwise, the user may find the below error with 4xx error code
{
"error": {
"code": "INVALID_REQUEST",
"message": "The request could not be understood by the server due to malformed syntax."
}
}
Not sure if this is the only problem, but it looks like you're missing your oauth_token. See Required Data for Using TBA with RESTlets
I have no clue why, but after fixing the SHA to 256 I was still getting the malformed syntax error when calling from Postman until I set the Advanced -> Version to "1.0" (NOT "1").
Related
I am trying to generate the Access_Token after generating the Authorization code using MS Graph API.
I am getting the following error (Screen shot below)
"error_description": "AADSTS900144: The request body must contain the following parameter: 'grant_type'.",
I see that grant_type is present. I checked the rest of the values to be without any spaces. Any ideas on what could be wrong here? I appreciate your support.
Thanks,
Could you please try once in graph explorer .
When accessing Google-Drive, an access-token can expire and we can use the refresh-token to get a new access-token. There are a number of possible reasons though, that the refresh-token itself stops working or expires, see:
https://developers.google.com/identity/protocols/OAuth2#expiration
So my question, what happens if the refresh-token has expired after the 6 months, how can I detect it? Does the request for refreshing the access-token fail with 403 forbidden, or does it return a JSON containing an error message, or something else?
Unfortunately it is hard to find any information about this, and to test it out one has to wait for 6 month...
Solution:
Thanks to Gary Archers answer I could produce the situation with an invalid refresh-token and this is the response I got, maybe it helps somebody else:
HTTP-status-code: 400
JSON:
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
Almost all implementations I've seen return a known error code of 'invalid_grant' that you can check for. It will look something like this, with the server returning a JSON response with an error field and an optional error_description. At this point you need to redirect the user to reauthenticate:
Problem
PUT request to /beta/groups/<groupId>/team fails with the following error:
{
"error": {
"code": "AuthenticationError",
"message": "Error authenticating with resource.",
"innerError": {
"request-id": "e4385864-85e4-4fa6-8878-458988c584e4",
"date": "2017-11-10T10:29:39"
}
}
}
A Bearer token is supplied, that was generated by using delegate permissions on Group.ReadWrite.All.
The endpoint is documented here.
Things I found so far
It seems, that it's something related to teams resources. The following requests do not work:
PUT /beta/group/<groupId>/team
GET /beta/me/joinedTeams
Both fail with AuthenticationError.
Update
/beta/group/<groupId>/team does work now.
There was an issue when we acquire access token for graph.microsoft.com/ with trailing slash. This has been fixed and now you should be able to call /beta/group//team using token acquired by tailing slash too.
Note: Posting this as an answer so that other members need not go through all the comments.
For anyone still running into this problem in 2018:
Wajeed said they fixed the trailing slash token generation, which is only partially true. The trailing slash token generation works for succesfull requests but not for failing requests.
'/beta/me/joinedTeams' still returned an AuthenticationError for us. Only when we removed the trailing slash from the token generation we got a more descriptive error message telling us our test user did not have a Teams license.
Everything worked fine after granting our test user the correct license.
The error is:
ERROR:Error Domain=isNOTValidJSONObject Code=0 "xxx" UserInfo={NSLocalizedDescription=xxx}
I have motified the App Transport Security Security Setting -> Allow Arbitrary Loads == YES
Does this issue somebody meet?
isNOTValidJSONObject- so somewhere in code this is added to the created NSError. Probably the response from server is wrong and it can't be parsed as JSON response.
I'm hopelessly stuck on trying to call Amazon MWS Products API. Particularly I'm trying to request this function
It requires building a pretty complicated request with a signature:
POST /Products/2011-10-01 HTTP/1.1
Content-Type: x-www-form-urlencoded
Host: mws.amazonservices.com
User-Agent: <Your User Agent Header>
AWSAccessKeyId=AKIAEXAMPLEFWR4TJ7ZQ
&Action=ListMatchingProducts
&MWSAuthToken=amzn.mws.4ea38b7b-f563-7709-4bae-87aeaEXAMPLE
&MarketplaceId=ATVPDKIKX0DER
&Query=0439708184
&SellerId=A1IMEXAMPLEWRC
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2012-12-12T22%3A23%3A50Z
&Version=2011-10-01
&Signature=V%2BEXAMPLERT%2Baj%2Fxwqo7y3PIifMFHeqFlNYW0EXAMPLEA%3D
I build this query with the help of this little library:
So my final url string looks like this:
https://mws.amazonservices.com/Products/2011-10-01?AWSAccessKeyId=<MY_ACCESS_KEY>&Action=ListMatchingProducts&MarketplaceId=A1PA6795UKMFR9&Query=0439708184&SellerId=<SELLER_ID>&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2016-04-19T16%3A50%3A13Z&Version=2011-10-01&Signature=mZt3OhM14gwLdsQ%2Bhxz5UFMzr7m2U36DvZ7RG3dcsTI%3D
And it seems that the url string is built correctly. I think so because if a parameter is missing or incorrect the API returns 400 error with explanation that this parameter is invalid. The same applies for the signature. If signature is incorrect the API returns error which clearly states that the signature is invalid. So, again, I think that the url must be ok. However the API returns 401 error and a html page which looks like this:
<?xml version="1.0"?>
<ErrorResponse xmlns="http://mws.amazonservices.com/schema/Products/2011-10-01">
<Error>
<Type>Sender</Type>
<Code>AccessDenied</Code>
<Message>Access denied</Message>
</Error>
<RequestID>7b12e3c8-7b1a-4b6e-b7ba-15ec8c4e0968</RequestID>
</ErrorResponse>
Access denied. And I have no idea why. I've spent several hours already trying to figure out what's wrong. Can anyone help me?
The reason for the problem was that I was calling American url https://mws.amazonservices.com instead of European one https://mws-eu.amazonservices.com. It would be really nice if Amazon response gave more context about the error than simply Access denied