I am trying to create a broadcast using YouTube's v3 API. My request looks like this:
curl -H "Authorization: Bearer ******************" -H "Content-type: application/json" -d " {\"snippet\":{\"title\":\"Hello\", \"scheduledStartTime\":\"2014-01-30T00:00:00.000Z\", \"scheduledEndTime\":\"2014-01-31T00:00:00.000Z\"},\"status\":{\"privacyStatus\":\"public\"}}" https://www.googleapis.com/youtube/v3/liveBroadcasts?part=snippet,status
But the response I get from google is this:
{
"error": {
"errors": [
{
"domain": "youtube.liveBroadcast",
"reason": "liveBroadcastForbidden",
"message": "Request is not authorized"
}
],
"code": 403,
"message": "Request is not authorized"
}
}
I can confirm that the access token I am passing is correct.
Is there something I am doing wrong here?
Livestreaming API is only available to partners right now. It will be more widely available later.
If you have gotten the granted access, you should enable YouTube APIs from API Console. It looks like you haven't enabled them.
Related
I have been trying to use the API to retrieve my activities but I'm receiving the following JSON error.
{
"error": {
"code": 403,
"message": "The request is not properly authorized.",
"errors": [
{
"message": "The request is not properly authorized.",
"domain": "youtube.activity",
"reason": "forbidden"
}
]
}
}
, although I use https://www.googleapis.com/youtube/v3/activities?mine=true&key={my_api_key}&part=contentDetails and I use OAuth2 client to get an access token which I use on calling the API.
I tried to use the samples but I'm receiving the same error.
Is this a bug or I'm doing something wrong?
More details
I use the given link in postman with the GET method and I put a valid access token in the token field with TYPE=OAuth2 and Prefix=Bearer
According to the official specification of the Activities.list API endpoint, for to be able to use its mine request parameter, you have to issue the call to the endpoint while passing to it proper credentials:
mine (boolean)
This parameter can only be used in a properly authorized request. Set this parameter's value to true to retrieve a feed of the authenticated user's activities.
Therefore, using an API key is not sufficient (neither is required when issuing a properly authorized request).
Do note that the JSON error response obtained from the API agrees entirely with the specification quoted above.
According to the official (programming language agnostic) procedure, for to obtain a valid fresh access token from the API, issue a simple curl instance as follows:
$ curl \
--data 'grant_type=refresh_token' \
--data-urlencode "client_id=$CLIENT_ID" \
--data-urlencode "client_secret=$CLIENT_SECRET" \
--data-urlencode "refresh_token=$REFRESH_TOKEN" \
https://oauth2.googleapis.com/token
Above, $CLIENT_ID and $CLIENT_SECRET are the values of the corresponding properties of your client secrets JSON file you've got from Google's developers console. The $REFRESH_TOKEN is your (long-lived) refresh token you've obtained upon running a successful OAuth2 authentication/authorization flow.
The output obtained from curl when successful would look like:
{
"access_token": "...",
"expires_in": 3599,
"scope": "...",
"token_type": "Bearer"
}
A call to the Activities.list endpoint as yours above using curl is immediate:
$ curl \
--header "Authorization: Bearer $ACCESS_TOKEN" \
'https://www.googleapis.com/youtube/v3/activities?mine=true&part=contentDetails&maxResults=25'
The parameter $ACCESS_TOKEN above is your freshly obtained valid access token; the output of curl would look like:
{
"kind": "youtube#activityListResponse",
"etag": "...",
"items": [
{
"kind": "youtube#activity",
"etag": "...",
"id": "...",
"contentDetails": {
...
}
},
...
],
"pageInfo": {
"totalResults": ...,
"resultsPerPage": 25
}
}
For to run the above curl commands on a Windows machine under CMD.exe -- assuming that you've substitued the $-variables yourself manually --, do replace the backslash character at the end of each line above with the caret character, ^. The percent character % should be doubled, i.e. should be replaced with %%, and the single quote characters ' should be replaced with double-quote characters ".
I'm using Microsoft Graph API to build and integration with OneDrive. Everything has worked well and I have been able to register my App, get a token, navigate the OneDrive items and download files.
I started creating subscriptions to receive notifications from OneDrive when user does something. This works without any problem when user signs in with their "personal account" but when they use "work or school" account I get the following error message:
{
"error": {
"code": "ExtensionError",
"message": "Operation: Create; Exception: [Status Code: Forbidden; Reason: The caller does not have permission to perform the action.]",
"innerError": {
"request-id": "ffaf7fae-e0b0-4cd8-b911-bac4c2fb290a",
"date": "2019-09-18T00:18:40"
}
}
}
And this is the call I make to create the subscription:
curl -X POST \
https://graph.microsoft.com/v1.0/subscriptions \
-H 'Authorization: Bearer [access_token]' \
-H 'Content-Type: application/json' \
-H 'Host: graph.microsoft.com' \
-d ' {
"resource": "me/drive/root",
"changeType": "updated",
"clientState": "[email_Address]",
"notificationUrl": "https://webhook_url",
"expirationDateTime": "2019-09-19T04:43:47.6099364+00:00"
}'
The user has Files.ReadWrite.All permission which based on the documentation should be enough.
I had this same problem. The only difference is I am trying to setup a driveItem subscription on a business OneDrive path /users/<id>/drive/root but getting the same error as you on the response.
So, using the same access token, I did a GET /v1.0/users/<id>/drive/root and fetched the driveId of the parent from the response. Then I attempted to create the subscription at /drives/<driveId>/root and it worked. All requests were using the same access token and the previous way used to work for months.
So you might try doing a GET for your /me/drive/root and see if you can set it up with the driveId.
As a bonus, the subscription is now sending web-hooks like I expect.
I'm trying to request the "List privilegedRoles" resource using an app created in Azure's Active Directory.
I've given it all the Application permissions AND Delegated permissions in the Graph API app, to no avail.
The response is always:
"error": {
"code": "UnknownError",
"message": "{\"message\":\"An error has occurred.\"}",
"innerError": {
"request-id": "3e1bb5cf-2d2e-402f-8648-27193b28510a",
"date": "2018-06-06T14:26:02"
}
}
Any help would be much appreciated
UPDATE 1:
A full reproduction of the issue -
A V2 app with delegated permission "Directory.AccessAsUser.All" (and no application permissions), redirect url of http://localhost/myapp/permissions
step 1: admin consent
open browser at:
https://login.microsoftonline.com/MY-TENANT-ID/adminconsent?client_id=MY_APP_ID&state=12345&redirect_uri=http://localhost/myapp/permissions
and grant consent by an admin to the requested permission(s)
see successful redirect to:
http://localhost/myapp/permissions?admin_consent=True&tenant=MY_TENANT_ID&state=12345
step 2: get token
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'client_id=MY_APP_ID&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=MY-APP-SECRET&grant_type=client_credentials' 'https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token'
get reply like:
{
"token_type": "Bearer",
"expires_in": 3599,
"ext_expires_in": 0,
"access_token": "SOME-VERY-LONG-TOKEN"
}
step 3: attempt to get the resource
curl -X GET -H "Authorization: Bearer SOME-VERY-LONG-TOKEN" 'https://graph.microsoft.com/beta/privilegedRoles'
ERROR:
{
"error": {
"code": "UnknownError",
"message": "{\"message\":\"An error has occurred.\"}",
"innerError": {
"request-id": "cc9c950c-369c-4fb5-8ec4-eb4048e32a5d",
"date": "2018-06-10T09:09:57"
}
}
}
You can only use delegated permission for calling MSGraph PIM Api's.
Basically, you will need to do the following setup:
Create a native AAD application
Grant it Read and write privileged access to Azure AD permission and make sure the admin consents to it
Call MSGraph PIM Api's using this app with delegated token.
For more details, see https://blogs.msdn.microsoft.com/anujchaudhary/2018/06/07/powershell-sample-for-privileged-identity-management-pim-for-azure-ad-roles/
I am trying to create new responses using SurveyMonkey API, I am following this document provided by SurveyMonkey: https://developer.surveymonkey.com/api/v3/?shell#collectors-id-responses
and here is the request I am making:
curl -i -X POST -H "Content-Type: application/json" -H "Authorization:bearer ACCESS_TOKEN" https://api.surveymonkey.com/v3/surveys/{suvey_id}/responses -d '{"custom_variables":{"custvar_1": "one", "custvar_2": "two"},"response_status": "completed","custom_value": "custom identifier for the response","date_created": "2015-10-06T12:56:55+00:00","ip_address": "127.0.0.1", "pages": [{"id": "{page_id}","questions": [{"answers": [{"text": "Sample Text Response"}], "id": "{questions_id}"}, {"answers": [{"choice_id": "{choice_id}"}], "id": "{questions_id}"}]}]}'
and I am getting a 404 response:
{"error": {"docs": "https://developer.surveymonkey.com/api/v3/#error-codes", "message": "There was an error retrieving the requested resource.", "id": "1020", "name": "Resource Not Found", "http_status_code": 404}}
I have verified values of "choice_id", "questions_id", "page_id" and "survey_id", all of them are correct but I am still getting a 404, I am completely stuck down with this issue, any help in this regard will be highly appreciated.
Thanks!
I have OAuth login in my app. After that I have access_token.
I check token in google token info service:
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=<access_token>
And It returns:
{
"issued_to": "554651647288-tquejcu6mctplq4kin5dd9r81mtkg3vv.apps.googleusercontent.com",
"audience": "554651647288-tquejcu6mctplq4kin5dd9r81mtkg3vv.apps.googleusercontent.com",
"scope": "https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.orgunit https://www.googleapis.com/auth/admin.directory.user",
"expires_in": 3299,
"access_type": "online"
}
As you can see I have admin user directory permission.
Then I send GET request for getting information about user
curl -X GET https://www.googleapis.com/admin/directory/v1/users/test_user#test.com?access_token=<access_token>
And google returned me right user information. After that I decided to get list of users.
curl -X GET https://www.googleapis.com/admin/directory/v1/users?customer=my_customer&access_token=<access_token>
And google returned me:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
But I don't understand why google returned me so error.
Could you please help me with this problem?
Thanks.
There are two solutions here.
1.This is the simple one. Put the URL params in quotes. This should do the trick - (fake access token used)
curl "https://www.googleapis.com/admin/directory/v1/users?customer=my_customer&access_token=asdf.AHEasdfyIc9vuPQ_BGONpzEJkasdfWYXGujPw5iPI"
You don't need to pass in -X GET as that is the default.
2.In general it is bad practice to send the access_token in the URL as this URL may get logged somewhere along the way for innocuous reasons. You can also do this through HTTP Header of Authorization -
curl -H "Authorization: Bearer asdf.AHEasdfyIc9vuPQ_BGONpzEJkasdfWYXGujPw5iPI" https://www.googleapis.com/admin/directory/v1/users?customer=my_customer