Previously if I request app.asana.com/api/1.0/workspaces into a browser (after I had logged into Asana) it was returning all of my workspace ID's.
But currently it is not working and shows the error :- "{"errors":[{"message":"Not Authorized"}]}".
Is there any other solutions to get my asana workspace IDs?
Thank You,
(I work at Asana.) We're sorry for the inconvenience - this was a security hole and we had to close it, as we wrote on our API updates feed. If you're writing an app for others to use, Oauth is the most appropriate and secure way to access the users' data. If you're writing a simple script, you can use your API key. This can be done through a browser, but by using JavaScript and not just making requests in the browser location bar.
Related
I assume it has something to do with this:
For me Google one Tap stopped working on all my sites that previously worked. I added API HTTP refer to restriction in console.developer.com, but I still get a warning message "The client origin is not permitted to use this API." any thoughts? If you go to the page https://www.wego.com/ you can see that Google one tap still works...
https://news.ycombinator.com/item?id=17044518#17045809
but Google YOLO stop working for everyone. I use it like many people for login and it just stop work.
My domain are obviously added on console.developers.google.com
Any ETA for fix this? Some information would be great for people who rely on it.
Google YOLO is not disabled. It is open to a small list of Google Partners.
The reason you were able to access it earlier was because it was open for a short period of time but the whitelist is now readded/enabled.
Reference:
https://twitter.com/sirdarckcat/status/994867137704587264
Google YOLO was put on whitelist after a client-side exploit became clear to google.
People could cover the login button of the prompt with something like a cookie consent (which we all know people automatically accept).
Therefor people could easily steal their gmail or other details due to this google decided to put it on whitelist and review the sites that are using this technology in order to ensure that they are using it as they should.
Google retroactively labeled One-Tap as a "closed beta".
https://developers.google.com/identity/one-tap/web
The beta test program for this API is currently closed. We are improving the API's cross-browser functionality and will provide updates here in the coming months.
The link for the entire project is currently 404, but the beta statement is visible on the wayback machine.
I'm trying to access and store a database of my read books and/or uploaded documents. I don't really mind what the method is as long as it's not scraping the info with some javascript extension in the browser. That defeats my purpose of automation.
This is what I've tried so far:
Oauth2: Gives me VERY limited information. Email, name, and not much more. So apparently the way is to scrape for that info, so I tried the following:
Mechanize: I tried to load the amazon login form and post it with my personal information stored on my server, but it seems this info is not sufficient, not sure why. Some hidden values also needed apparently.
I tried using an iframe to load the amazon site and the store the session cookies but can't find the way to make this work. Also, is this method allowed? I´m having some concerns about the legitimacy of this.
I know I asked about Amazon I think it also applies to the more general question of how to extract some data from a website that requires authentication.
Thanks a lot.
Capybara would be a good choice. It uses Selenium to open a browser and navigate to a URL, post form info, etc.
I have awebsite, lets just call it search, in one of my browserpages open. search has a form, which when submitted runs queries on a database to which I don't have direct access. The problem with search is that the interface is rather horrible (one cannot save the aforementioned queries etc.)
I've analyzed the request (with a proxy) which is send to the server via search and I am able to replicate it. The server even sends back the correct result, but the browser is not able to open it. (Same origin policy). Do you have any ideas on how I could tackle this problem?
The answer to your question is: you can't. At least not without using a proxy as suggested in the answer by Walter, and that would mean your web site visitors would have to knowingly login to your web site using their other web site's credentials (hmm doesn't sound good...)
The reason you can't do this is related to security, if you could run a script on the tab next to the one with the site open (which is what I'm guessing you want to do), you would be able to do a CSRF attack and get any data you wish and send it to hack.com
This is, of course, assuming that there has to be a login somewhere in the process, otherwise there's no reason for you to not be able to create a simple form which posts the required query and gets the info.
If you did have access to the mentioned website, you would be able to support cross domain xml using JSONP.
It is not possible to bypass the same origin policy in javascript (assuming that you want to do it with that considering your question). You need to set up a proxy server side that is doing the request for you and returns the html.
A simple way of doing this in PHP would be like this:
<?php
echo file_get_contents("http://searchdomainname.com" . "?" . http_build_query($_GET, '', '&'));
?>
i would like to post a message on facebook wall (standard friend/group's wall) not the Apps. using delphi, i could log-in but i dont know how to post a message on it. any suggestion?
I have never used Delphi so im not sure about the language structure
but facebook API is basically HTTP Requests, you should be able to build a class that upon instanation you would authorize your app and then have a set of methods that publish data via HTTPRequest and validate the response
Heres something you may wish to look at:
Facebook emailer in delphi via CakeMail: http://www.facebook.com/note.php?note_id=17522112271
And how to post via HTTP:
http://developers.facebook.com/docs/reference/api/post
It is possible.
If you're able to login you can use a sniffer to take a look for the details of how it is accomplished by Facebook itself when you do it withing a browser (kind of reverse engineering). Wireshark is the best tool for me.
Look and take your time to understand what's going on between your browser and the servers when you post messages to your friend's wall.
Once you understand the details, you can mimic the exact same behavior from your Delphi program to get the same results, for example with the TidHTTP or TidTCP components.
Facebook is AJAX intensive: series of HTTP GET/POST operations without full page refreshes.
Don't forget you're mimicking a undocumented and internal communication mechanism. Facebook or any other target site may change it's internal's and broke your program compatibility anytime.
Remember this kind of program may be prohibited... read the facebook agreement's for further details.
delphibook is a Delphi library to support Facebook applications.
Two possible links that may provide some guidance? They are not in delphi, but I assume the api would be similar to javascript/php ?
http://daipratt.co.uk/using-fb-api-to-make-a-full-post-to-a-users-wall/
http://blog.theunical.com/facebook-integration/5-steps-to-publish-on-a-facebook-wall-using-php/
is it possible to submit forms with yahoo pipes?
i basically need to log in somewhere, and get some stuff from the members area of a website into a feed.
Although this is not exactly programming related... I guess it is close enough.
No, logging into somewhere is impossible with Yahoo Pipes. Sending the username/password isn't even the only problem here.
The real problem is that most, if not all, web sites that require a log-in depend on a session cookie or something similar. Yahoo pipes can do a GET request, and that's about it. Even if it was possible to send your user name/password in the URL, you would not be able to use the session cookie, so subsequent requests would fail.
So... If you have access to a hosted web site somewhere: Write a small proxy script (in PHP or whatever is available) that does the login and fetches the data. Let Yahoo pipes read from your proxy page. But if you are that far, you can just as well produce RSS format right away. ;-)
I did a pipe that can log in and extract info. is working ok on a simple web form using POST.