Desire2Learn - Valence Authenication error when updating course info - desire2learn

When I attempt to update course info I receive a 403 error. I'm using an adminstrator level account and D2L's test apitest tool. I'm able to pull course info.
API Call: PUT /d2l/api/lp/1.4/courses/2499625
JSON PARM: CourseOfferingInfo
JSON DATA:
{"Name":"Dale.SandBox","Code":"Dale.SandBox","IsActive":true,"StartDate":"2015-07-10T17:20:00.000Z","EndDate":null}

You JSON data and parameter looks correct. The only reason the documentation gives for returning a 403 is if permissions are insufficient. The permissions structure in D2L is so flexible that it's possible that an administrative level account doesn't have permission to update course info in the apitest tool.
One way to check this and practice with the API a bit would be to GET what permissions your account has.

Related

Get all TI Indicators returns an empty list

I am trying to collect all active TIs via the Beta Graph API by following this. But it doesn't return anything. Here is what I use in Postman:
https://graph.microsoft.com/beta/security/tiIndicators
Response (200):
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#security/tiIndicators",
"value": []
}
A bit of context for the environment I work in.
The tenant has multiple Sentinel workspaces & resource groups.
The application I use has the correct permissions:
ThreatIndicators.Read.All
ThreatIndicators.ReadWrite.OwnedBy
ThreatSubmission.Read.All
ThreatSubmission.ReadWrite.All
It is my current belief that this might be due to the limitations of the Beta API. My reasoning is that accourding to this documentation you need the ThreatIndicators.ReadWrite.OwnedBy permission to access the API. This would suggest that currently you can only view TI's that the resource itself created.
If more info is needed just ask.
According to the documentation, ThreatIndicators.ReadWrite.OwnedBy permission allow you to manage threat indicators your app creates or owns.
If you want to read all the threat indicators for your organization then your app needs ThreatIndicators.Read.All permission.
Although this is not a solution to the question it is a workaround. By using the Log Analytics API you can get the TI via a KQL.
ThreatIntelligenceIndicator
| where ExpirationDateTime > now() and
NetworkIP matches regex #"^(?:(?:25[0-5]|(?:2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$" and
ConfidenceScore > 25
| summarize by NetworkIP
This is probably better as you can also use a watchlist to exclude specific IP addresses with one request.
One thing I struggled with this was Authorization. You must give your Application permission to use the api.loganalytics.io API, and the application needs the Log Analytics Reader role in the Log Analytic workspace you want to use.

Graph API calls to OnPremise Exchange only works in Playground

Our setup is an on-premise Exchange Server which is accessible over the graph api. https://learn.microsoft.com/en-us/graph/hybrid-rest-support
We run in the issue, that our token is only "partial" working. And a token created by "Graph-Playground" is fully working. But we can't find any difference.
When I use Graph-Playground or use the token generated by Graph-Playground => all requests are working
When I create a token (over my app registration) => only some requests are working
The token seems to be valid some calls like /me are working, but all calls related to exchange like /me/contacts are failing with this error
Request, they work with token generated by Postman:**
Error:
{ "error": { "code": "MailboxNotEnabledForRESTAPI", "message": "REST API is not yet supported for this mailbox." } }
(that's a very generic error, and mostly don't say anything about the real issue)
Token Generation:
I create my token on the same way as Graph-Playground create the token (OAuth - Implicit flow):
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=token&state=test2&client_id=????&scope=openid%20profile%20User.Read%20email%20Contacts.Read&redirect_uri=????
Token - Analysis:
As a side note, it was working for a few days, nobody changed anything :)
So I have no idea, why the "Graph Playground" can create a working token, and my token only "partially" works. Can you help me?
There is already a thread, but I'm not the owner of it. Also there are no more responses... I can't provide a bounty for a foreign thread, that's why I create a new thread. You can find it here:
MailboxNotEnabledForRESTAPI - Microsoft Graph API integration with HMA Enabled on-premise server
I recognize your error, we see it in several cases (for Office 365):
User has no Exchange license (probably not the case, since it works in the explorer).
Customer tenant has setup additional security.
You can limit applications to certain mailboxes. Maybe there is some kind of setting or policy like this on your local Exchange as well, you have to connect to Exchange Online Powershell to set it, so maybe you can find something there. This is just a wild guess.
To track down this issue I would start checking the local Exchange logs.
Have you tried using the /users/{upn}/calendar endpoint? Maybe it's just that the /me/ part doesn't work.

how to get all users of a project in JIRA throught rest api

I'm trying to get all the users which are there in a project,
I went throught this API https://docs.atlassian.com/software/jira/docs/api/REST/7.9.2/#api/2/user-findAssignableUsers, but idk why I'm getting {"errorMessages":["Internal server error"],"errors":{}}.
I also followed this article https://community.atlassian.com/t5/Answers-Developer-Questions/List-of-users-in-project-REST-API/qaq-p/536820 but I'm getting 401 unauthorised, as I don't have admin rights, I can't use the plugin mentioned in the above article. I'm stuck :( . I'll be thankful if anyone can help me.
Thanks.
First of all as Mech suggested, you will need to have admin access to the project to get required details. REST API uses exactly the same permissions as that of the normal JIRA UI.
If you want to fetch all the users(including different project roles) who have access to the respective project, then you need a chain of Jira REST Api calls as below,
Using this api to fetch all the available roles for a project,
GET /rest/api/2/project/{projectIdOrKey}/role
You will get some response like,
{
"Administrators": "http://www.example.com/jira/rest/api/2/project/MKY/role/10002",
"Users": "http://www.example.com/jira/rest/api/2/project/MKY/role/10001",
"Developers": "http://www.example.com/jira/rest/api/2/project/MKY/role/10000"
}
Then for each of the project roles(fetched in the first step), call the below jira rest api to give the respective list of users by passing the role id and project key,
GET /rest/api/2/project/{projectIdOrKey}/role/{id}
This is how you can get all project memebers (users) :
https://{YourCompanyName}.atlassian.net/rest/api/3/user/assignable/search?project={JiraIdProject OR JiraProjectKey}

Does Microsoft Graph API /search() work when using app-only token

I am trying to use the graph API (v1.0) to search for files and folders within our team's sharepoint/onedrive folders but when using an app-only token I consistently get no results for any /search(...) request I try.
I have an registered and application with https://apps.dev.microsoft.com and have requested and granted consent for the permissions stated in the API Documentation;
User.ReadWrite.All, Group.Read.All, Sites.Read.All, Sites.ReadWrite.All, Group.ReadWrite.All, Sites.Manage.All, Files.ReadWrite.All, User.Read.All, Files.Read.All, Sites.FullControl.All
When I request a token from https://login.microsoftonline.com/ I can see the granted permissions in the payload.
Using this token I can successfully access the drive and retrieve information about its contents using drive/root
I have a small test folder structure that contains a few simple text files.
I can confirm that this token gives me access to my files and folders by calling drives/{driveid}/items/{folderid}/children recursively to build a complete tree structure.
However, when I try to search the drive for filenames or text phrases that I know exist I get no results at all, no matter what combination of paths or search terms I use. I've never seen a search result from an app-only token.
Examples that I've tried;
sites/root/drive/search(q='test')
drive/root/search(q='test')
drives/{driveid}/search(q='test')
drives/{driveid}/root/search(q='test')
The phrase "test" exists both as a filename and also within the text content of some of the files.
I get an HTTP:200 response but the value collection https://graph.microsoft.com/v1.0/$metadata#Collection(driveItem) is always empty.
I'm building http requests in my application (Coldfusion), not using a SDK.
I wondered if I was having encoding problems so have tried various approaches of url-encoding the search part of the url (q='test') etc.
I've also tried running the same requests with Postman and cUrl but the results are the same. Empty.
The only thing that works is when I try the same searches using the Graph Explorer I get the results I would expect to see.
I know that Explorer uses a different type of token so I'm wondering if this is and issues related to my token being app-only.
Does anyone know if .../search() actually work for app-only tokens?
Does anyone know if .../search() actually work for app-only tokens?
The answer is yes, ../search() actually work for app-only tokens
Based on my test, the following search API works well for app-only token
https://graph.microsoft.com/v1.0/drive/root/microsoft.graph.search(q='test')
https://graph.microsoft.com/v1.0/drives/{driveid}/root/microsoft.graph.search(q='test')
https://graph.microsoft.com/v1.0/drives/{driveid}/microsoft.graph.search(q='test')
https://graph.microsoft.com/v1.0/sites/root/drive/search(q='test')
For permission config, just put "Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All" into the GraphScopes in the project config file as docs states.
Above answer is based on your description:****register app in http://apps.dev.microsoft.com/. You can ignore the SDK although it is the best choice. If you don't have a project config with GraphScopes, you need to pass the scope to auth request, it is difficult for operation.
If your app-only mean register app in SharePoint online, then the Graph Search API won't work. SharePoint doesn't share AccessToken with Graph directly.
Here is the same question again. The answer has been commented by a microsoft developer. He confirmed, it was a bug.

desire2learn valence get users call giving 403 not authorized error

I am getting a 403 not authorized error with this call -> /d2l/api/lp/1.2/users/ and all it's variations with query parameters.
I have checked the permissions: Search for student, instructor, tutor, etc. and all the UIPs at Organization and Course Offering level for the calling user's role. All are enabled. I've cascade enrolled this user from organization level to all levels. What am I missing which needs to be enabled to make this call work?
Yes -- this is almost certainly that your calling user context doesn't have the permissions in place to make the call, for some reason. We do have this call working fine in our test environments, so I would encourage you to report this through D2L's support desk, and note that it's an API calling issue. You can help move it along significantly if you can provide a packet trace (via Fiddler or Wireshark) of a successful API call, and the not-good call, both outgoing request and response back along with your incident.
If, after opening the incident, you can report the INC number back here in a comment, I can try to expedite assistance at our end.
Well, It was a permissions issue and the call -> /d2l/api/lp/1.2/users/ needed the "User Management Tool" (something like that) permission, which my calling user didn't have at the root organization level. I was also getting an empty result set for the call -> /d2l/api/lp/1.2/enrollments/orgUnits/{OrgUnitID}/users/ this needed the "View User Enrollments" permissions again at the root level.
After enabling those 2 permissions, I'm able to get the expected results.

Resources