I am trying to update a signature through the Google email settings api. The domain is an EDU account, the user in question is a super admin. After successfully retrieving an OAuth 2.0 token, i issue this php curl code:
$mydomain = '<mydomain.com>';
$myuser = '<myusername>';
$token = '<mytoken>';
$url = 'https://apps-apis.google.com/a/feeds/emailsettings/2.0/'.$mydomain.'/'.$myuser.'/signature'
$data = '<?xml version="1.0" encoding="utf-8"?>
<atom:entry xmlns:atom="http://www.w3.org/2005/Atom" xmlns:apps="http://schemas.google.com/apps/2006">
<apps:property name="signature" value="blabla" />
</atom:entry>';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT');
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/atom+xml', 'Authorization: Bearer '.$token));
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec ($ch);
curl_close ($ch);
Which results in:
You are not authorized to access this API. Error 403
Because of other issues mentioned here about the client_id when getting authorized, i have tried the above with both the gserviceaccount.com address and the googleusercontent.com address, with the same results.
What am i doing wrong here?
To answer my own question: after speaking to a Google rep i have learned that the email settings api cannot be used through standard "web app" authorization but needs to be used through a "service account":
https://developers.google.com/identity/protocols/OAuth2ServiceAccount
Related
I am using youtuve v3 https://www.googleapis.com/youtube/v3/search api to get the list of videos in a channel.
Also, trying to use etag to use caching to avoid quota limit in youtube api. I am always get different etag for each request.
So i would like to know is this search api support etag caching?. I am using php curl to get the results.
eg:
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_FILETIME, true);
curl_setopt($curl, CURLOPT_HEADER, 'If-None-Match: "'.$eTag.'"' );
$curl_exec = curl_exec($curl);
I am trying to Authorize the quick-books using Oath 2.0. I have done with authorization and now trying to get access token. But while making POST request to get access token I am getting "Invalid Request Error".
`$adminUrl="https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer";
$client_id='Q0ble08jhv8hvQwLbBo******************';
$client_secret='ewHQsRokdOhOjcNHpt7wH***********';
$redirect_url='http://localhost/quickbooks/testaccesstoken.php';
//According to Quickbooks API need to pass Authorization Header//
$authorizationToken=base64_encode($client_id."".$client_secret);
//Curl Post Request//
$ch = curl_init();
$data = array("code" =>$code,"redirect_uri"=>$redirect_url,"grant_type"=>"authorization_code");
$headers = array();
$ch = curl_init($adminUrl);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT__TIMEOUT, "30");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization:Basic' .$authorizationToken,'Content-Type: application/x-www-form-urlencoded','Accept: application/json'));
$token = curl_exec($ch);
{"error":"invalid_request"}
I cannot refresh the Reddit access token.
When I send following request to https://ssl.reddit.com/api/v1/access_token
Content-Type: application/x-www-form-urlencoded
Authorization: #####
client_secret=#####&grant_type=refresh_token&client_id=#####&refresh_token=#####
I get status 200 but content is {"error": "invalid_request"}.
According to OAuth 2.0 spec and Reddit spec I do everything right.
I've also tried it without client_id and client_secret with the same result.
Am I missing something?
Reddit's OAuth implementation is really unique (and not in a good way).
The necessary parameters for refreshing tokens on reddit are:
client_id
client_secret
grant_type (=refresh_token)
refresh_token
scope
state
duration
redirect_uri
You'll also need the basic HTTP authentication header with client_id as login and client_secret as password.
I had to look up reddit's source code to figure out what was missing from my requests... So much development time lost on trivial matters.
In case anyone is looking for more explicit answer:
Here is how I did this in PHP.
$authorizeUrl = 'https://ssl.reddit.com/api/v1/access_token';
$clientId = "YOUR_CLIENT_ID";
$clientSecret = "YOUR_CLIENT_SECRET";
$post = array(
"client_id" => $clientId,
"client_secret" => $clientSecret,
"grant_type" => "refresh_token",
"refresh_token" => "STORED_REFRESH_TOKEN_VALUE",
"scope" => "identity",
"state" => "WHATEVER_VALUE",
"duration" => "temporary",
"redirect_uri" => "https://example.com/reddit",
);
$payload = http_build_query($post);
$ch = curl_init($authorizeUrl);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_USERPWD, $clientId . ":" . $clientSecret);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$result = curl_exec($ch);
curl_close($ch);
print_r($result);
I am using twitter api for retweet. in my PHP file I am using CURL to send request like this
$ch = curl_init() or die('cURL not available');
curl_setopt($ch, CURLOPT_URL, $retweet_url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $options);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //to suppress the curl output
$retweet_result = curl_exec($ch);
curl_close($ch);
Its giving "Unable to authenticate error." . I have already authenticated user and created a session.
I am trying to access the ClickBank API from my Delphi project, to check if a customer has a valid subscription.
I found the API Documentation here, but there are no Delphi examples. So I am trying to create my own little example, however I just cant figure it out with Indy's TIdHTTP.
Could anyone point me in the right direction, perhaps set up a minimal example?
P.S: I tried looking at the C# sample, however I cant port it to Delphi.
ClickBank sample C# is found here https://sandbox.clickbank.com/api_12_examples/api_example.csharp
HttpWebRequest request = (HttpWebRequest)
WebRequest.Create("https://api.clickbank.com/rest/1.2/orders/list");
request.Accept = "application/xml";
request.Headers.Add(HttpRequestHeader.Authorization,
"<< DEVELOPER KEY >>:<< API KEY >>");
request.Method = "GET";
HttpWebResponse response = (HttpWebResponse) request.GetResponse();
The PHP version is
https://sandbox.clickbank.com/api_12_examples/api_example.php
You'll see that they aren't doing much setup here... just setting two headers and performing a GET.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://api.clickbank.com/rest/1.2/orders/list");
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_GET, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
"Accept: application/xml",
"Authorization: << DEVELOPER KEY >>:<< API KEY >>"));
$result = curl_exec($ch);
curl_close($ch);
In Delphi - a quick demo is to drop a TIdHTTP1 client on a form, along with a Button and a Memo. Then on an onclick of the button (where xxx= your developer key and yyy= your api key) do the same - set two headers and perform a GET:
IdHTTP1.Request.Accept := 'application/xml';
IdHTTP1.Request.CustomHeaders.Add('Authorization: xxx:yyy');
Memo1.Text := IdHTTP1.Get('https://api.clickbank.com/rest/1.2/orders/list');