How can I set the authentication in my app in Zapier? - zapier

I'm trying to developer an app on the Zapier Developer Platform and I have troubles in authentication.
I have only an Auth Field: Api Key. I have a Test Trigger called 'test_api_key' with a Polling Url and no Trigger Fields. I followed this example: https://zapier.com/developer/documentation/v2/api-key-action/
When I test the authorization in the section 'Connected Accounts'. I have only 'Success' results. Instead, I would like to get a bad result if the Api Key is wrong. When I call my polling url I get a xml in the response that tells me if the Api Key is wrong or is correct.
Maybe I have to create a 'test_api_key_post_poll' method that reads the xml and return a good or a bad result?

If you want it "automatic" - your server should return a non-200 status code if your API Key is bad. For example - 401.
Or, you'll need to add a *_post_poll method in your Scripting to throw an error if the JSON/XML says "Bad authentication" or similar.

Related

How to do a server to server response to a POST

I am working on an old classic asp site that uses vbscript for the server code and HTML and JavaScript for the client end. I am communicating with an external server which handles the credit card payment details.
I have found loads of answers for getting the response from a POST to the server (both from the client using JavaScript and from our own website server using vbscript). However what I am failing to find is how to respond from my server to an POST made from the credit card gateway server.
The sequence goes something like this:
I post all the transaction details to the gateway server
They immediately respond with a success status, a security key, a transaction ID, and a URL to which I must immediately redirect.
They then send a 'notification' post to a URL, that I gave in the first post, with an MD5 hash made up from details of the transaction and, importantly, the security key. I must generate the same MD5 hash and check that it matches. This is obviously to confirm that the initial transaction has not been compromised in any way.
Having done the security check I am required to respond: "When we receive your response to our notification POST, we determine where to direct your customers browser based on your response Status:"
That last stage is the one I am struggling with. I'm sure it's something really simple and silly but I just can't find any information anywhere. I have found lots of stuff on HTTPResponse but that all seems to be getting the response from a POST that I have made (and I have used this in the earlier stages) whilst here I am wanting to generate a response to a POST I have received. Note this must all be done at my server end as the credit card gateway have the IP address of our server and will only accept these transactions from that IP address therefore none of this can be sent from the customer's browser.
Sorry if this is really dumb! I am a C++ developer not a web developer but, as is the way with these things, I am having to do this bit of web development!
What you are talking about here is a consumer (the Gateway server) sending a POST request to an endpoint on your web application, which you should handle just the same as if you were receiving a POST from a local request, the process is the same.
Here is a basic example;
<%
'Expect only POST data to this page
If UCase(Request.ServerVariables("REQUEST_METHOD") & "") = "POST" Then
'Craft your response
Call BuildResponse()
Else
'Anything other then a POST should be met with a 404 response.
Response.Status = "404 Not found"
End If
Call Response.End()
'Sub for crafting your response.
Sub BuildResponse()
'Do we have a form field of "somevalue" with a value of "yes"?
If LCase(Request.Form("somevalue") & "") = "yes" Then
Call Response.Write("Hello world - Valid")
Else
Call Response.Write("Hello world - Invalid")
End If
End Sub
%>
This is just a basic example that expects a form post parameter of "somevalue" with a value of "yes". Based on this it returns a conditional response.
Obviously, you will need to pad out the response based on your requirements but this should give you some idea of how to structure it.
Side-note: As you won't be the consumer yourself it might be an idea to output a text file or setup an email that reports the passed form parameters to help you debug what the consumer is POSTing to the page to help you work out how to handle the request and generate a valid response the consumer expects.
Useful Links
How to check form submission ASP classic
ASP - Printing the entire request contents
How to create a new text file with asp?

Getting 'unauthorized_client' with Power Platform Custom Connector using OAuth2

I am trying to build a Custom Connector in the Power Platform to connect to the BMC Helix (formerly Remedy) system to create work orders and such. I am using OAuth2 and was given a callback URL, auth URL, token URL, client ID and client secret.
I went to create a connector from scratch. I populated the fields, but I wasn't sure what to put for the 'Refresh URL', so I used the token URL there too.
I am trying to accomplish testing this connector and my successful test would be to get a JWT from doing a POST to the /api/jwt/login endpoint of BMC Helix. It should return a JWT which I can use to make subsequent calls.
Upon testing this, I go to create a connection, but a window opens (which I believe should be a prompt for authentication), but instead it contains an error saying 'unauthorized_client' coming back from the BMC Helix system at the /rsso/oauth2/authorize endpoint. It also contains a property within the URL of redirect_uri = https://global.consent.azure-apim.net/redirect.
Is there something on the Helix side I need to further configure? Not sure why I am getting this....
It sounds like you need TWO METHODS in your connector. A POST to call the token server, a GET (or another POST) to call the API (using the token received from Call 1).
One approach I've successfully used in the past is:
Use Postman to get your token server call working with OAUTH
Then use Postman to get your subsequent API calls working with the token appended
Save both requests to a single Postman collection
Export the Postman collection (as a V1 (deprecated) if I recall correctly)
Import this collection into PowerApps Custom Connector (create new/import from Postman Collection)
You'll have to massage it a bit after import, but it will give you a good headstart and you're starting from a known-good place (working Postman calls)
Good luck!

Asana Webhooks API

So I have implemented the Asana Webhooks API as described in their documents. I can pass it a project ID and request a new webhook be created. The API successfully sends a authentication request to my application which returns the Security header as described in the Docs. Asana then returns the expected success response, outlining the newly created Webhooks unique ID.
Now if i take this ID and then query the Asana API to show me all configured webhook's on either the parent Workspace or the project resource directly it returns an empty data JSON Object or reports the resource doesn't exist, suggesting the Webhook Ive just created wasn't actually created, despite giving me the expected success response.
Also If I then make a change to a project it doesn't fire the webhook and I don't receive any events on my application.
Strangely everything was working on Friday but today (Monday) I'm experiencing these issues.
Any pointers would be good, Ive been working as the Docs suggest in terms of my request structure and am authenticating using a PAT, Ive even tried a newly created token.
Thanks,
Our webhooks use the handshake mechanism to make sure that it's possible to call you back, but there's always the possibility that subsequent requests can fail. Additionally (although we don't document this very well - there's an opportunity for us) we should immediately try to deliver a (probably) empty event after the handshake (it looks like {"events":[]}. This is kind of like a "second callback" that contains anything that has changed since you created the webhook.
If this fails - or if any subsequent request fails often enough - the webhook will get trashed. "Failure" in this context means returns HTTP response codes other that 200 or 204.
As for why you're having trouble querying the webhook itself, I wasn't able to repro the issue, so we'd have to dive deeper. It should be fine if you:
Specify the workspace
Optionally specify the resource
I tested this out, and it seemed fine. You also might want to directly query the webhook by id with the /webhooks/:id endpoint - note to use the id of the webhook returned by create, and not the id in the resource field.
If you created the webhook (specifically, your PAT or OAuth app was the one making the create request) you should see the information just fine. If you can get the webhook by id, you should see last_failure_at and last_failure_content fields which would tell you why the webhook was unable to make the delivery.
Finally, if you would like to contact us at api-support#asana.com and let them know more details (for instance, the ID of the webhook you're trying to look at) we can look at those fields from our side to see if we can identify what's going on.

Bigcommerce API (oAuth) Webhook Request - what is {secret_auth_password}?

UPDATE: All calls to the API receive the following response:
failed [500] An error has occurred
Weirdly, my auth process (documented here) works perfectly, while all calls to the API (documented here), fail.
The Bigcommerce API is in transition from basic auth to oAuth. The documentation is consequently a little confusing.
I am trying to create a webhook using the new oAuth methodology. The documentation states that I need an oAuth access_token for the relevant store, which I have obtained.
The documentation also includes sample http request data:
{
"scope": "store/order/*",
"headers": {
"X-Custom-Auth-Header": "{secret_auth_password}"
},
"destination": "https://app.example.com/orders",
"is_active": true
}
In this context, I am assuming that {secret_auth_password} refers to the store's access_token. However, when I include the access_token here I get the following error:
failed [401] You are not authorized.
Thinking that this might be a scoping/permission issue, I have given my app the highest possible level of access through the app settings, but this did not work either.
Thanks in advance for any pointers.
Well after a couple of days of serious head-scratching (not to mention hair out-tearing) I worked out that this was all down to an error in my SSL intermediate certificate, which I have now fixed.
It was the old API returning an error of “UNABLE_TO_VERIFY_LEAF_SIGNATURE” that put me on the right track – the new API just returned:
500 – there is an error
or
404 – you are not authorized.
If you are using PHP I would recommend using the the Webhooks pull request combined with the OAuth pull request. They are both working fine together (I personally use them).
Webhooks pull - https://github.com/bigcommerce/bigcommerce-api-php/pull/101
OAuth pull - https://github.com/bigcommerce/bigcommerce-api-php/pull/88
Then to create a webhook you can just call createWebhook($object)
Object needs to include scope and destination.
Also - a side note.. Are you using SSL for the destination address. It won't work otherwise. You can use a self-signed cert to get around this though.
This will only work for setting up the webhooks though.
To actually receive them you need a valid certificate (else you get nothing).
Hope this helps.
I came across this same part of the documentation and was also confused by it. The proper headers to send for webhooks are the following:
"X-Auth-Client":"[YOUR_APPS_CLIENT_ID]",
"X-Auth-Token":"[OAUTH_ACCESS_TOKEN]"
In addition to using the headers that #FlyingL123 suggested, also take note of of the requirements as noted by BigCommerce:
Requirements
The following properties of the webhooks are required. The request
won’t be fulfilled unless these properties are valid.
scope
destination

yelp error :MISSING_PARAMETER

I am new to yelp API. I am using version2. I did sign up for API access and got, Consumer Key,Consumer secret, token, token_secret, then I used to the following link
http://api.yelp.com/v2/search?http://api.yelp.com/v2/search?term=food&location=San%2BFrancisco&oauth_consumer_key=SOMEKEY&oauth_consumer_secret=SOMESECRET&oauth_token=SOMETOKEN&oauth_token_secret=SOMESECRET
to get the data but then I get a series of MISSING_PARAMETER errors. For signature_method I used HMAC-SHA1 but for the rest (oauth_signature, oauth_nonce, oauth_timestamp) I iddn't know what to put, so i used an empty field but then I got "INVALID CREDENTIAL" error. How do I get these missing fields?
They are not in my API access page.
First of all you can't publish your keys like that, you need to run a script to "encrypt" them and once you "send" those keys you handshake with yelp and than make a query for the search you are trying to get results for.
Basically you need a script in your preferred language (PHP for example) to make the query. a good start might be https://github.com/Yelp/yelp-api/tree/master/v2

Resources