Develop Reference

Microsoft Graph API - 503 Service Unavailable with "UnknownError"

Our application performs lots of calls to MS Graph API, mainly calls to messages, calendars and contacts. Due to huge amount of calls we experience throttling and sometime 503 Service Unavailable error. Sometimes description of 503 Service Unavailable error is following:
ErrorCode: "UnknownError", ErrorMessage: ""
Usually those errors disappear after one or several retries.
Starting on 5th of November the amount of such "UnknownError" errors increased dramatically. I couldn't find any MS Graph API service update description that could lead to those changes. What is a cause for the increase of those errors? How can I examine it?

Having the same issue, and it's obviously not related to the throttling like the previous answer suggested.
The sorting seems to be causing the issue for some reason. Almost as if there was a bad message that the API was failing to parse & throwing the exception.
Here is a full trace:
➜ workturbo curl -v -H "Authorization: Bearer $TOKEN" https://graph.microsoft.com/beta/me/messages\?%24select=changeKey\&%24filter=isDraft+eq+false+and+lastModifiedDateTime+lt+2020-02-01T23%3A19%3A57Z\&%24orderby=lastModifiedDateTime+desc\&%24skip=0\&%24top=5
* Trying 20.190.132.119...
* TCP_NODELAY set
* Connected to graph.microsoft.com (20.190.132.119) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=graph.microsoft.com
* start date: Jul 1 21:55:17 2020 GMT
* expire date: Jul 1 21:55:17 2022 GMT
* subjectAltName: host "graph.microsoft.com" matched cert's "graph.microsoft.com"
* issuer: C=US; ST=Washington; L=Redmond; O=Microsoft Corporation; OU=Microsoft IT; CN=Microsoft IT TLS CA 2
* SSL certificate verify ok.
> GET /beta/me/messages?%24select=changeKey&%24filter=isDraft+eq+false+and+lastModifiedDateTime+lt+2020-02-01T23%3A19%3A57Z&%24orderby=lastModifiedDateTime+desc&%24skip=0&%24top=5 HTTP/1.1
> Host: graph.microsoft.com
> User-Agent: curl/7.64.1
> Accept: */*
> Authorization: Bearer <OBFUSCATED>
>
< HTTP/1.1 503 Service Unavailable
< Cache-Control: private
< Content-Type: application/json
< request-id: 3903e2c4-325b-4925-8544-20383e2a2944
< client-request-id: 3903e2c4-325b-4925-8544-20383e2a2944
< x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West US","Slice":"SliceC","Ring":"5","ScaleUnit":"003","RoleInstance":"AGSFE_IN_17"}}
< Strict-Transport-Security: max-age=31536000
< Date: Tue, 21 Jul 2020 19:30:23 GMT
< Content-Length: 198
<
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"date": "2020-07-21T19:30:23",
"request-id": "3903e2c4-325b-4925-8544-20383e2a2944"
}
}
* Connection #0 to host graph.microsoft.com left intact
}* Closing connection 0

Please take a read of our guidance on Throttling. https://learn.microsoft.com/en-us/graph/throttling
You need to respect the retry-after header that gets returned with calls. Otherwise you'll get 429s and sometimes 503s like you are getting.
If you are using our Microsoft Graph SDKs, it has a built in throttling handler.

Twitter API authorization fails CORS preflight in browser

I'm trying to do the 3-legged authorization necessary to call the Twitter APIs in a browser. The process starts with getting a request token by POSTing a signed request to /oauth/request_token (this is also how sign in with Twitter begins).
My problem is that before the browser will POST to the Twitter API endpoint, it wants to preflight the request with an OPTIONS method. This preflight request is always returning status 400 (Bad Request).
Here's an example that you can cut and paste into a browser console that supports the Fetch API:
fetch('https://api.twitter.com/oauth/request_token', { method: 'POST', mode: 'cors', headers: new Headers({ authorization: 'xxx' }), body: 'oauth_callback=http%3A%2F%2Flocalhost%2F' });
On Chrome, the preflight request looks like this (Firefox is similar):
OPTIONS /oauth/request_token HTTP/1.1
accept:*/*
accept-encoding:gzip, deflate, sdch
accept-language:en-US,en;q=0.8
access-control-request-headers:authorization, content-type
access-control-request-method:POST
cache-control:no-cache
origin:null
pragma:no-cache
user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36
And the preflight response looks like this:
HTTP/1.1 400 Bad Request
content-length: 0
date: Tue, 08 Mar 2016 22:21:37 GMT
server: tsa_a
x-connection-hash: 529e3d8338caeb980077637d86db5df1
Note that problem is not that I didn't specify a real authorization header in the example above. The value of the authorization header is not used in the preflight request.
If I print out the components of my POST request to the console and assemble the pieces into a curl command (which doesn't preflight) then I can get a request token. But if I try to simulate the preflight request in curl, I haven't been able to get that to work:
$ curl -v -X OPTIONS -H "access-control-request-headers:authorization,content-type" -H "access-control-request-method:POST" -H "origin:http://example.com" https://api.twitter.com/oauth/request_token
* Trying 199.59.148.20...
* Connected to api.twitter.com (199.59.148.20) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:#STRENGTH
* successfully set certificate verify locations:
* CAfile: /opt/local/share/curl/curl-ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=CA; L=San Francisco; O=Twitter, Inc.; OU=Twitter Security; CN=api.twitter.com
* start date: Aug 11 00:00:00 2015 GMT
* expire date: Aug 15 12:00:00 2016 GMT
* subjectAltName: api.twitter.com matched
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
* SSL certificate verify ok.
> OPTIONS /oauth/request_token HTTP/1.1
> Host: api.twitter.com
> User-Agent: curl/7.47.1
> Accept: */*
> access-control-request-headers:authorization,content-type
> access-control-request-method:POST
> origin:http://example.com
>
< HTTP/1.1 400 Bad Request
< content-length: 0
< date: Tue, 08 Mar 2016 23:06:44 GMT
< server: tsa_a
< x-connection-hash: 66174829ef6d3f5e5ec641ac080ad19c
<
* Connection #0 to host api.twitter.com left intact
What am I missing that will let me do a successful CORS preflight to https://api.twitter.com/oauth/request_token?

So the unsatisfying resolution appears to be that the Twitter API does not support CORS. This seems a little astonishing to me, as it means that the API cannot be used from a browser.
That policy decision is probably related to their OAuth implementation, which is vulnerable to anyone with access to the calling platform. Maybe that was okay back in 2010, but most of the other major internet players have figured out how to do client-based authorization.

I recently faced this issue. I didn't want to spend lots of time creating node server, so I used Netlify's serverless functions. It is super easy and straight forward + free
I followed this blog, it worked perfectly fine for me: https://www.digitalocean.com/community/tutorials/nodejs-solve-cors-once-and-for-all-netlify-dev

A workaround and it is a long way around is to build a proxy server that you run with node or something else, I've done this a few times now, this is a good starter repo for someone running into this issue. It has the downside of being React specific, but you could always rip out the react ui and just setup with whatever you need: hcra twitter build.
Its forked from a Create React App/Node Express boilerplate by Mars Hall
You will need to clone it and run git fetch and then checkout twitter-req branch.

One workaround would be to create a NodeJS server for the same and call the Node API requesting Twitter API from front-end.

Check this workaround: https://stackoverflow.com/a/43881141
If you don’t control the server your frontend JavaScript code is
sending a request to, and the problem with the response from that
server is just the lack of the necessary Access-Control-Allow-Origin
header, you can still get things to work—by making the request through
a CORS proxy.
In short, prefix the request so the full URI looks something like this:
https://cors-anywhere.herokuapp.com/https://api.twitter.com/oauth/request_token
Unfortunately, you will not be able to use most Twitter libraries this way, but you can continue using fetch with the cors-anywhere prefix.
Edit: The mentioned cors-anywhere web service is no longer permanently available, but instead can be temporarily "activated" for development use.

iOS payload, but nothing to deliver to (missing device_tokens, tags, segments, or aliases)

I am doing background download for my app but I am getting
iOS payload, but nothing to deliver to (missing device_tokens, tags, segments, or aliases)
when I insert this in terminal:
curl -v -X POST -u "<appKey>:<master key>" -H "Content-type: application/json" -H "Accept:
application/vnd.urbanairship+json; version=3;" --data '{"audience":"all", "device_types" : ["ios"], "notification": {"ios": {"content-available":true, "sound": "default", "badge": 1, "message": "Hi there!", "priority":5}}}' https://go.urbanairship.com/api/push/
I wonder if the curl codes has any format mistakes in it.
Terminal return:
* Hostname was NOT found in DNS cache
* Trying 23.74.208.46...
* Connected to go.urbanairship.com (23.74.208.46) port 443 (#0)
* TLS 1.2 connection using TLS_RSA_WITH_AES_256_CBC_SHA
* Server certificate: *.urbanairship.com
* Server certificate: Cybertrust Public SureServer SV CA
* Server certificate: Baltimore CyberTrust Root
* Server auth using Basic with user '<codes>'
> POST /api/push/ HTTP/1.1
> Authorization: Basic <codes>
> User-Agent: curl/7.37.1
> Host: go.urbanairship.com
> Content-type: application/json
> Accept:
> application/vnd.urbanairship+json; version=3;
> Content-Length: 143
>
* upload completely sent off: 143 out of 143 bytes
< HTTP/1.1 400 Bad Request
* Server gunicorn/0.14.5 is not blacklisted
< Server: gunicorn/0.14.5
< Vary: Authorization, Cookie
< X-Frame-Options: SAMEORIGIN
< Content-Type: text/html; charset=utf-8
< Date: Wed, 19 Nov 2014 02:19:02 GMT
< Transfer-Encoding: chunked
< Connection: close
< Connection: Transfer-Encoding
< Set-Cookie: SRV=s0196; path=/
<
* Closing connection 0
iOS payload, but nothing to deliver to (missing device_tokens, tags, segments, or aliases)

First, you should not post your credentials for all to see. This could allow anyone to send notifications to your app users!
Second, the problem appears to be that within your "ios" section you need to specify your audience by means of device tokens, tags, segments, or aliases. These are mechanisms UA gives you to identify which users should receive the notification.

Why can't I get Twitter's OAuth Test to work?

I'm at the bottom of the learning curve for using the REST API v1.1. I am attempting to use cURL to test my Twitter App.
Here's what I've done so far on Twitter's dev apps webpages (starting at https://dev.twitter.com/apps), and a description of the stumbling block which has completely defeated me:
I created an App, then given it "read, write and direct messages" permissions. Then I regenerated the API keys and OAuth tokens.
I went to the app management page for my app and clicked "Test OAuth".
I want to test it with something simple, so under Request Settings, I choose Request Type "GET" and Request Query "account/verify_credentials".
Then I click "see OAuth Signature for this request".
Among the data that is presented to me, I see the curl command to use. It looks like this (edited to hide the keys and the signature):
curl --get 'https://api.twitter.com/1.1/' --data 'account%2Fverify_credentials=' --header 'Authorization: OAuth oauth_consumer_key="XXXXXXXXXXXXXXXXXXXX", oauth_nonce="f187b1a421600e88ffebeed19b6c1fbf", oauth_signature="XXXXXXXXXXXXXXXXXX", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1399538823", oauth_token="XXXXXXXXXXXXXXXXXXXXXXXX", oauth_version="1.0"' --verbose
So, I copy-and-paste this IMMEDIATELY (i.e. so that the timestamp does not expire) to my terminal (I'm using Debian), and I get the following response (again, edited to remove keys and signature), where you can see down the bottom it says, once again, "Invalid or expired token":
* About to connect() to api.twitter.com port 443 (#0)
* Trying 199.16.156.40... connected
* Connected to api.twitter.com (199.16.156.40) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Twitter, Inc.; OU=Twitter Security; CN=api.twitter.com
* start date: 2014-04-08 00:00:00 GMT
* expire date: 2014-10-10 23:59:59 GMT
* subjectAltName: api.twitter.com matched
* issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 Secure Server CA - G3
* SSL certificate verify ok.
> GET /1.1/?account%2Fverify_credentials= HTTP/1.1
> User-Agent: curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
> Host: api.twitter.com
> Accept: /
> Authorization: OAuth oauth_consumer_key="XXXXXXXXXXXXXXXXXX", oauth_nonce="f187b1a421600e88ffebeed19b6c1fbf", oauth_signature="XXXXXXXXXXXXXXXXXXXXXX", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1399538823", oauth_token="XXXXXXXXXXXXXXXXXXXXXXXXXXX", oauth_version="1.0"
>
< HTTP/1.1 401 Unauthorized
< content-length: 25
< content-type: text/plain
< date: Thu, 08 May 2014 08:47:38 UTC
< server: tfe
< set-cookie: guest_id=v1%3A139953885863095383; Domain=.twitter.com; Path=/; Expires=Sat, 07-May-2016 08:47:38 UTC
< strict-transport-security: max-age=631138519
<
Invalid or expired token
* Connection #0 to host api.twitter.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
What confuses me completely is that I have submitted Twitter's own curl command back to Twitter and it has rejected it!!!!
Any ideas??? I am completely stuck at this point.

Firstly, You will need to read the verify_credentials API document
In the link above, choose your created application and hit "Generate Oauth Signature" button.
You will see that while perform an OAuth request, you will need following 4 things:
Consumer key
Consumer secret
Access token
Access token secret
Also, do not put "account/verify_credentials" to Request query field, instead fill Request URI
with "https://api.twitter.com/1.1/account/verify_credentials.json".
This time the displayed curl should work fine :)

Curl loses body when a POST redirected from http to https

I'm trying to use curl 7.23.1 to POST some data to my server (which runs an nginx server). When this nginx is queried using http://, it redirects to https:// if it can (if it has keys and all the mambo-jumbo)
It looks like curl is doing something... odd. For compatibility reasons, my script (the thing that runs curl) is sending its requests to http://, but when it hits a server that has https:// available (and therefore, gets redirected), the body in the POST request disappears.
I'm trying to upload a bunch of text using --data-urlencode name#filename option. Basically, I run an script, dump its output in the file /tmp/checkin/cmd_result, and I want to upload that as the "data" attribute of the request:
curl --max-time 30 --silent --location-trusted \
--insecure --write-out "%{http_code}" --request POST \
--data-urlencode "data#/tmp/checkin/cmd_result" \
"http:/myserver/command_reply?command_id=524729ce93bc63292c1c9831" \
--trace-ascii /tmp/command_response_trace.log \
--output /tmp/checkin/cmd_res_resp --connect-timeout 10
But the redirection seems to strip the body. If I send my data directly to https://, everything works like a charm. Adding -L (--location) or --location-trusted to the curl instruction doesn't seem to fix the issue.
Has someone experienced the same issue? Any help will be deeply appreciated.
PS:
This is the trace curl outputs (I've cleaned it a bit):
=> Send header, 300 bytes (0x12c)
0000: POST /command_reply?&command_id=52
0040: 4729ce93bc63292c1c9831 HTTP/1.1
0061: User-Agent: curl/7.23.1 (mips-openwrt-linux-gnu) libcurl/7.23.1
00a1: OpenSSL/1.0.1c zlib/1.2.7
00e4: Content-Length: 356
00f9: Content-Type: application/x-www-form-urlencoded
012a:
=> Send data, 356 bytes (0x164)
0000: data=PING%20google.coms%0A
<= Recv header, 32 bytes (0x20)
0000: HTTP/1.1 302 Moved Temporarily
<= Recv header, 22 bytes (0x16)
0000: Server: nginx/1.1.19
<= Recv header, 37 bytes (0x25)
0000: Date: Sat, 28 Sep 2013 19:11:27 GMT
<= Recv header, 25 bytes (0x19)
0000: Content-Type: text/html
<= Recv header, 21 bytes (0x15)
0000: Content-Length: 161
<= Recv header, 24 bytes (0x18)
0000: Connection: keep-alive
<= Recv header, 120 bytes (0x78)
0000: Location: https://myserver/sensor/command_reply?command_id
0040: =524729ce93bc63292c1c9831
<= Recv header, 2 bytes (0x2)
0000:
<= Recv data, 161 bytes (0xa1)
0000: <html>
0008: <head><title>302 Found</title></head>
002f: <body bgcolor="white">
0047: <center><h1>302 Found</h1></center>
006c: <hr><center>nginx/1.1.19</center>
008f: </body>
0098: </html>
== Info: SSLv3, TLS handshake, Client hello (1):
=> Send SSL data, 189 bytes (0xbd)
0000: .....
== Info: SSLv3, TLS handshake, Server hello (2):
<= Recv SSL data, 90 bytes (0x5a)
0000: .....
== Info: SSLv3, TLS handshake, CERT (11):
<= Recv SSL data, 3227 bytes (0xc9b)
0000: .....?.
== Info: SSLv3, TLS handshake, Server key exchange (12):
<= Recv SSL data, 525 bytes (0x20d)
0000: .^~...
== Info: SSLv3, TLS handshake, Server finished (14):
<= Recv SSL data, 4 bytes (0x4)
0000: ....
== Info: SSLv3, TLS handshake, Client key exchange (16):
=> Send SSL data, 134 bytes (0x86)
0000: ...'
== Info: SSLv3, TLS change cipher, Client hello (1):
=> Send SSL data, 1 bytes (0x1)
0000: .
== Info: SSLv3, TLS handshake, Finished (20):
=> Send SSL data, 16 bytes (0x10)
0000: ....
== Info: SSLv3, TLS change cipher, Client hello (1):
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: SSLv3, TLS handshake, Finished (20):
<= Recv SSL data, 16 bytes (0x10)
0000: ...
=> Send header, 230 bytes (0xe6)
0000: POST /sensor/command_reply?command_id=52
0040: 4729ce93bc63292c1c9831 HTTP/1.1
0061: User-Agent: curl/7.23.1 (mips-openwrt-linux-gnu) libcurl/7.23.1
00a1: OpenSSL/1.0.1c zlib/1.2.7
00bc: Host: myserver
00d7: Accept: */*
00e4:
<= Recv header, 17 bytes (0x11)
0000: HTTP/1.1 200 OK
<= Recv header, 22 bytes (0x16)
0000: Server: nginx/1.1.19
<= Recv header, 37 bytes (0x25)
0000: Date: Sat, 28 Sep 2013 19:11:27 GMT
<= Recv header, 47 bytes (0x2f)
0000: Content-Type: application/json; charset=UTF-8
<= Recv header, 20 bytes (0x14)
0000: Content-Length: 22
<= Recv header, 24 bytes (0x18)
0000: Connection: keep-alive
<= Recv header, 2 bytes (0x2)
0000:
<= Recv data, 22 bytes (0x16)
0000: {"r": 200, "data": {}}
== Info: SSLv3, TLS alert, Client hello (1):
=> Send SSL data, 2 bytes (0x2)
0000: ..

Looks like your nginx does a 302 redirect from http to https. Based on RFC2616 standard, you should use 301 or 307 redirect in your nginx config. See more information from the link below.
Note that some user agents (chrome, firefox, IE) went further and treat a 302 redirect as a GET request even though the original request could be a POST.
Reference: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
Note: RFC 1945 and RFC 2068 specify that the client is not allowed
to change the method on the redirected request. However, most
existing user agent implementations treat 302 as if it were a 303
response, performing a GET on the Location field-value regardless
of the original request method. The status codes 303 and 307 have
been added for servers that wish to make unambiguously clear which
kind of reaction is expected of the client.
Update
301 might not work as well. Find this in curl manual. Looks like curl violates RFC2616 as well. So you might want to try 307 first.
When curl follows a redirect and the request is not a plain GET
(for example POST or PUT), it will do the following request with
a GET if the HTTP response was 301, 302, or 303. If the response
code was any other 3xx code, curl will re-send the following
request using the same unmodified method.