I am using Delphi 2010, with Indy 10.5.8(svn version) and oAuth.pas from chuckbeasley. I am able to collect token with app key and App secret, authorize token with a web page and Access the final token. Now I have to post a status with Linkedin’s Share API. I am getting a unauthorized response.
My request and responses are giving bellow.
Request,
POST /v1/people/~/shares HTTP/1.0
Content-Encoding: utf-8
Content-Type: text/xml; charset=us-ascii
Content-Length: 999
Authorization: OAuth oauth_consumer_key="xxx",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1340438599",oauth_nonce="BB4C78E0A6EB452BEE0FAA2C3F921FC4",oauth_version="1.0",oauth_token="xxx",oauth_signature="Pz8%2FPz8%2FPz9ePzkxPyc%2FDD82Pz8%3D"
Host: api.linkedin.com
Accept: text/html, */*
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)
%3C%3Fxml+version=%25221.0%2522%2520encoding%253D%2522UTF-8%2522%253F%253E%253Cshare%253E%253Ccomment%253E83%2525%2520of%2520employers%2520will%2520use%2520social%2520media%2520to%2520hire%253A%252078%2525%2520LinkedIn%252C%252055%2525%2520Facebook%252C%252045%2525%2520Twitter%2520%255BSF%2520Biz%2520Times%255D%2520http%253A%252F%252Fbit.ly%252FcCpeOD%253C%252Fcomment%253E%253Ccontent%253E%253Ctitle%253ESurvey%253A%2520Social%2520networks%2520top%2520hiring%2520tool%2520-%2520San%2520Francisco%2520Business%2520Times%253C%252Ftitle%253E%253Csubmitted-url%253Ehttp%253A%252F%252Fsanfrancisco.bizjournals.com%252Fsanfrancisco%252Fstories%252F2010%252F06%252F28%252Fdaily34.html%253C%252Fsubmitted-url%253E%253Csubmitted-image-url%253Ehttp%253A%252F%252Fimages.bizjournals.com%252Ftravel%252Fcityscapes%252Fthumbs%252Fsm_sanfrancisco.jpg%253C%252Fsubmitted-image-url%253E%253C%252Fcontent%253E%253Cvisibility%253E%253Ccode%253Eanyone%253C%252Fcode%253E%253C%252Fvisibility%253E%253C%252Fshare%253E
Response,
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
x-li-request-id: K14SWRPEPL
Date: Sat, 23 Jun 2012 08:07:17 GMT
Vary: *
x-li-format: xml
Content-Type: text/xml;charset=UTF-8
Content-Length: 341
Connection: keep-alive
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<error>
<status>401</status>
<timestamp>1340438838344</timestamp>
<request-id>K14SWRPEPL</request-id>
<error-code>0</error-code>
<message>[unauthorized]. OAU:xxx|nnnnn|*01|*01:1340438599:Pz8/Pz8/Pz9ePzkxPyc/DD82Pz8=</message>
</error>
Please help.
Regards,
Vijesh Nair
I cannot comment on the content of your Authentication header, but the rest of your HTTP request is definately not correct, which tells me that you are not using the TIdHTTP.Post() method correctly. In particular, the XML has been url-encoded TWICE (only one of which would have been Indy's doing), and the Content-Encoding header is wrong.
I suspect that you are making the common newbie mistake of posting the XML using the TStrings overloaded version of TIdHTTP.Post(), and also pre-encoding the XML beforehand. Neither of those will work. You must use the TStream overloaded version instead, and do not pre-encode the XML at all.
The correct request should look more like this:
POST /v1/people/~/shares HTTP/1.0
Content-Type: text/xml; charset=utf-8
Content-Length: 571
Authorization: OAuth oauth_consumer_key="xxx",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1340438599",oauth_nonce="BB4C78E0A6EB452BEE0FAA2C3F921FC4",oauth_version="1.0",oauth_token="xxx",oauth_signature="Pz8%2FPz8%2FPz9ePzkxPyc%2FDD82Pz8%3D"
Host: api.linkedin.com
Accept: text/html, */*
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)
<?xml version="1.0" encoding="UTF-8"?><share><comment>83% of employers will use social media to hire: 78% LinkedIn, 55% Facebook, 45% Twitter [SF Biz Times] http://bit.ly/cCpeOD</comment><content><title>Survey: Social networks top hiring tool - San Francisco Business Times</title><submitted-url>http://sanfrancisco.bizjournals.com/sanfrancisco/stories/2010/06/28/daily34.html</submitted-url><submitted-image-url>http://images.bizjournals.com/travel/cityscapes/thumbs/sm_sanfrancisco.jpg</submitted-image-url></content><visibility><code>anyone</code></visibility></share>
The code to produce that request should look something like this:
var
PostData: TMemoryStream;
begin
PostData := TMemoryStream.Create;
try
WriteStringToStream(PostData, '<?xml version="1.0" encoding="UTF-8"?><share><comment>83% of employers will use social media to hire: 78% LinkedIn, 55% Facebook, 45% Twitter [SF Biz Times] http://bit.ly/cCpeOD</comment><content><title>Survey: Social networks top hiring tool - San Francisco Business Times</title><submitted-url>http://sanfrancisco.bizjournals.com/sanfrancisco/stories/2010/06/28/daily34.html</submitted-url><submitted-image-url>http://images.bizjournals.com/travel/cityscapes/thumbs/sm_sanfrancisco.jpg</submitted-image-url></content><visibility><code>anyone</code></visibility></share>', IndyUTF8Encoding);
PostData.Position := 0;
IdHTTP1.Request.ContentType := 'text/xml';
IdHTTP1.Request.Charset := 'utf-8';
IdHTTP1.Request.CustomHeaders.Values['Authorization'] := 'OAuth oauth_consumer_key="xxx",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1340438599",oauth_nonce="BB4C78E0A6EB452BEE0FAA2C3F921FC4",oauth_version="1.0",oauth_token="xxx",oauth_signature="Pz8%2FPz8%2FPz9ePzkxPyc%2FDD82Pz8%3D"';
IdHTTP1.Post('http://api.linkedin.com/v1/people/~/shares', PostData);
finally
PostData.Free;
end;
Related
It is nasty to debug Amazon MWS Feed submissions because whatever you might be doing wrong Ama just returns the same senseless error message:
<Error>
<Type>Sender</Type>
<Code>InvalidParameterValue</Code>
<Message>Either Action or Operation query parameter must be present.</Message>
</Error>
I am 100% positive that I build StringToSign correctly as well as calculate HMAC-SHA256, etc. It took me a few weeks to collect and adopt a stack of useful functions for hashing, signing, base64ing, etc. MWS requests. Written in pure Pascal they were all tested on Orders and Products APIs.
Now when it comes to Feeds API I am stuck on the above error. All parameters are equal to those generated by MWS Scratchpad. I tested the submission StringToSign generated by MWS Scratchpad, but no luck.
What I noticed so far: there is a difference between the number/values of headers generated by MWS Scratchpad and my app.
The Scratchpad generates the following headers (it least they are displayed):
Host: mws.amazonservices.ca
x-amazon-user-agent: AmazonJavascriptScratchpad/1.0 (Language=Javascript)
Content-Type: text/xml
My app uses Indy (in XE4) TIdHTTP to make a request. When Amazon returns the above error, Request.RawHeaders.Text contains the following:
Content-Length: 251
x-amazon-user-agent: MyApp/1.1(Language=Delphi;Platform=Windows7)
Content-Type: text/xml
Host: mws.amazonservices.ca
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: identity
User-Agent: MyApp/1.1(Language=Delphi;Platform=Windows7)
Looks like the extra the headers are added to Request object by default. My first question is: can those extra headers theoretically influence on the behavior? I.e. can they be the showstoppers?
My second question: is there any option to mofidy the list of default heades in Indy HTTP.Request? To go on with the debugging I would rather exclude extra headers to see if the request works.
UPDATE: (SignedString)
AWSAccessKeyId=<AWSAccessKeyId>
&Action=GetFeedSubmissionList
&Merchant=<MerchantId>
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2015-07-26T09%3A04%3A59Z
&Version=2009-01-01
&Signature=1OI0PVgL3uh5sFXxjCzaaWEwGmW6h5e0dgLUFkPgoXg%3D
UPDATE: (Complete HTTP Request/Response provided by TIdLogFile)
Stat Connected.
Sent 28.07.2015 12:28:11:
POST / HTTP/1.1<EOL>
Content-Type: text/xml; charset=us-ascii<EOL>
Content-Length: 279<EOL>
x-amazon-user-agent: MyAppNameAndVer<EOL>
Host: mws.amazonservices.ca<EOL>
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8<EOL>
Accept-Encoding: identity<EOL>
User-Agent: Mozilla/3.0 (compatible; Indy Library)<EOL><EOL>
Sent 28.07.2015 12:28:11:
AWSAccessKeyId=<AWSAccessKeyId>
&Action=GetFeedSubmissionList
&MWSAuthToken=<AWSAuthToken>
&Merchant=<MerchantId>
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2015-07-28T10%3A28%3A09Z
&Version=2009-01-01
&Signature=I6euLIiVDzjZ8bbdtF840K0TJCkGh4NrUbQPtQtu78A%3D
Recv 28.07.2015 12:28:11:
HTTP/1.1 400 Bad Request<EOL>
Date: Tue, 28 Jul 2015 10:28:10 GMT<EOL>
Server: AmazonMWS<EOL>
x-mws-request-id: 7e63280d-1db5-4d10-af40-587747d032a8<EOL>
x-mws-timestamp: 2015-07-28T10:28:11.048Z<EOL>
x-mws-response-context: OmAlguEmW20QT07uIdb9d25xkX+JSS7uFr1rDvXIoqXMvbUFzUMt1b5Xl2WzDaJszbwr25N/J4c=<EOL>
Content-Type: text/xml<EOL>
Content-Length: 324<EOL>
Vary: User-Agent<EOL>
nnCoection: close<EOL><EOL>
<?xml version="1.0"?><LF><ErrorResponse xmlns="https://mws.amazonservices.com/"><LF> <Error><LF> <Type>Sender</Type><LF> <Code>InvalidParameterValue</Code><LF> <Message>Either Action or Operation query parameter must be present.</Message><LF> </Error><LF> <RequestID>7e63280d-1db5-4d10-af40-587747d032a8</RequestID><LF></ErrorResponse><LF>
Stat Disconnected.
Please note: I formatted the response for your convenience adding CRs after <EOL>
Confusing nnCoection header is explained here: Cneonction and nnCoection HTTP headers
My question is now resolved. Below is my way to thank people not breaking the Community standards ;-)
Days := 1;
repeat
IsSuccessful := DebugAmazonFeedSubmissionProc;
Inc(Days);
until IsSuccessful or (Days = 14);
if not IsSuccessful then
begin
AskTheGods(#StackOverflow);
Sleep(1000); // ...wake up and drink a cup'o'tea :)
Expert := TRemyLebeau.Create('delphi');
try
Expert.ReviewTheCode;
Expert.GetTheJobDone;
finally
// You may dispose the instance here,
// but the Class is one of the most valuable assets of the Community.
// Thank you, Remy!
end;
end;
Your request Content-Type header is wrong. You have it set to text/xml; charset=us-ascii, but you are not actually sending XML data to begin with. You need to set the Content-Type (via the TIdHTTP.Request.ContentType property) to application/x-www-form-urlencoded instead, per the MWS GetFeedSubmissionList documentation.
The TStrings version of TIdHTTP.Post() would set the ContentType for you, but you are using the TStream version instead so you have to set the ContentType manually. In this case, I do suggest you switch to the TStrings version, and let it handle encoding the form fields for you:
var
PostData: TStringList;
begin
PostData := TStringList.Create;
try
PostData.Add('AWSAccessKeyId=<AWSAccessKeyId>');
PostData.Add('Action=GetFeedSubmissionList');
PostData.Add('MWSAuthToken=<AWSAuthToken>');
PostData.Add('Merchant=<MerchantId>');
PostData.Add('SignatureMethod=HmacSHA256');
PostData.Add('SignatureVersion=2');
PostData.Add('Timestamp=2015-07-28T10:28:09Z'); // <-- NOT percent encoded yet!
PostData.Add('Version=2009-01-01');
PostData.Add('Signature=I6euLIiVDzjZ8bbdtF840K0TJCkGh4NrUbQPtQtu78A='); // <-- NOT percent encoded yet!
IdHTTP1.Request.CustomHeaders.Values['x-amazon-user-agent'] := 'MyAppNameAndVer';
IdHTTP1.Post('http://mws.amazonservices.ca', PostData);
finally
PostData.Free;
end;
end;
This is the captured data from wireshark
POST /r HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.0.4; GT-I9100 Build/IMM76L)(en-us)
Cache-Control: no-transform
Host: xx.xx.xx.xx
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 77
WLL202GUI#00000058$CuII4425339CnsI4425339CzsXT3BQnVOa1ZR0OL0+0hLWwgCksHiqQ0V5HTTP/1.1 200 OK
Server: piled
Keep-Alive: timeout=30, max=300
Connection: keep-alive
Content-Type: application/octet-stream
Content-Length: 103
WLL202GUI#00000084$ChsN989338254856CcsD98Cvsb90ccdc057d52d0e53d906f963aabcfa7CqsI4425339CmsHPedr#mCgIC1
What I know is that this is the POST data:
WLL202GUI#00000058$CuII4425339CnsI4425339CzsXT3BQnVOa1ZR0OL0+0hLWwgCksHiqQ0V5
and this the response:
WLL202GUI#00000084$ChsN989338254856CcsD98Cvsb90ccdc057d52d0e53d906f963aabcfa7CqsI4425339CmsHPedr#mCgIC1
(correct me if i'm wrong)
what is the full URI path for this? is it :
http://xx.xx.xx.xx/r
followed by the above data?
i mean how can i send the same post data and recieve the same response? or change some of the data ?
this packets was sent by an app from an android OS (using BlueStacks to be exact)
The post data immediately follows the headers you pasted and should be visible in the tree.
It is not secured by SSL. If it were, you wouldn't be able to read the headers like you have.
In my Blackberry java native application, i am making a call to a dotnet web service whose Request and Response format is defined as below. Here In response XML is being returned. I have been searching the forums and trying for 2-3 days but no success...
Request format :
POST /cinews.asmx/GetSeatLayout HTTP/1.1
Host: webservices.mclients.com
Content-Type: application/x-www-form-urlencoded
Content-Length: length
strCinews=string&strTransId1=string&lngSessionId=string&blnScreenOnTop=string&strMergeOption=string&strAreaCats=string
Response format :
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
xml
In trying to upload a scorm package via the REST API the upload is not working.
PUT /d2l/api/lr/(D2LVERSION: version)/objects/
http://docs.valence.desire2learn.com/res/lor.html
We are always refused based on 403 permission.
Are there any settings I should look at? Also looking for a trace of this working.
As long as the account you are authenticated with can perform the function in the web UI it is expected that the API will also function.
If you are getting keys back from the login process but this call is failing you could try a basic call from the sample such as "whoami". If that works your keys are correct.
If the keys are correct and some GET calls are working, you may need to pass a different method to the signing call in the sdk. (The method is part of the signature).
Here is an example of a working trace. 403 errors often have a body that will provide additional information. Note the security parameters are: x_a,x_b,x_c,x_d,x_t parameters on the call.
PUT http://smihai-7:44459/d2l/api/LR/1.0/objects/?repositoryId=1&x_t=1339183935&x_a=L2Hd9WvDTcyiyu5n2AEgpg&x_c=tfJFhSUaczOeOGqDFPXPq8NSBPj2sOhz4U3RacqWRMY&x_b=TestToken&x_d=BEl7kdCcrjenkpBt9ri5dkt4bdEgCo6xfZDWIpkKctA HTTP/1.1
Accept: application/json, application/xml, text/json, text/x-json, text/javascript, text/xml
User-Agent: RestSharp 101.3.0.0
Host: smihai-7:44459
Content-Type: multipart/form-data; boundary=-----------------------------28947758029299
Content-Length: 1203
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
-------------------------------28947758029299
Content-Disposition: form-data; name="Resource"; filename="Hello World Module.zip"
Content-Type: application/zip
PK???u?h?]G?g???????????Hello World Topic.htmlM??
?#??A??wwo?xH+???h????b
[o+ ????oD??RYW9u??????}J,?q
d2?[!%E|Crj?Wo{34??Xg??s???L?3??+??/?????*??W?W3?Fyb w?>?cR?Zrf?*???b??PK???u?h?N2?T??n?????imsmanifest.xml?V??0?#?Q??m#TI?.b ?XF??5?????k,?$~???6I??Vt??s?=g?x???%7)??J?i4 P?f\???????????DR?W`]?(?WL???g??d???s?,.&i?q????r??jT?kI??E?C?fsmd6-?q??G? .?f?i??4???!??v\???o?7$\jH%
??K??~P??m?`E?¥a)?C????v???6????#???U~?????x???[fe?.?3????~W???;B_?,???V#B?HE???:??q?e???s??_E? 1wK??<R????T??.9YE??SkP`?????*UT??3???j??#'??#2?;?e_c?#g.????}?p?>?c??????\?
????~,u????\s?M*L?U???E??
??????Kzp\E?X#?%\p???\??R
X-????%??C??????7?|??/&?=???h????l?\?\???????P???s??))??Td??K?????{?Y?+????v?gTN??h$?
?E'E?aB?UD????PK-????u?h?]G?g?????????????????????????Hello World Topic.htmlPK-????u?h?N2?T??n???????????????????imsmanifest.xmlPK??????????E????
-------------------------------28947758029299--
And the response is like this:
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 69
Content-Type: application/json; charset=UTF-8
Expires: -1
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-XSS-Protection: 0
Date: Fri, 08 Jun 2012 19:32:22 GMT
{"IdentId":4,"Version":1,"ExecutionMessage":null,"ExecutionStatus":0}
I am using Ajax binding with the Grid and ran into a problem where ASP.NET MVC was throwing a HttpRequestValidationException when I attempted an operation on the grid that invoked the Ajax call (like sorting).
Using Fiddler I was able to determine my browser was attempting to post back my entire model in the query string and there were some characters that would have triggered ASP.NET's request validation.
I was able to work around this by simply adding
[ValidateInput(false)]
to my controller action.
I'm wondering why was the grid sending back so much data? And is this a symptom of a bug in my code or Telerik's?
Here is what I saw in Fiddler (note the extremely long query string, even though the HTTP verb is "POST").
POST http://127.0.0.1:52601/MyController/DatabindGrid?Items=System.Collections.ObjectModel.Collection%601%5BPMyNamespace.Data.ViewEntities.Alert%5D&DetailsClientUrl=&GetJsonUrl=%2FMonitor%2FGetGridJson&ViewName=&CurrentItem=&PageTitle=My%20Web%20Page&CopyrightText=Copyright%20%26%23x00A9%3B%202004-2010%20My%20Company%20Corporation&BrowserCapabilities=&OemName=&UiVersion=20101123 HTTP/1.1
Referer: http://ipv4.fiddler:52601/MyController/MyAction
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Accept: text/plain, */*; q=0.01
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 127.0.0.1:52601
Content-Length: 56
Connection: Keep-Alive
Pragma: no-cache
Cookie: ASP.NET_SessionId=bvgwuno4bounqio2werepkw4; .ASPXAUTH=612E18BB916F720D13A0F0D1695A86079B94DFE94A3BF5A9A8F19E35A37AE987282B7B684201C112CEC6081181E3D1C52C5517A66D9158E4CF83C1C3F523EE32FF783BD2E3B6E0A42A35E1874E63BA76C7735F9E8ABBA4E58BF61EB29DA03789E07A201A1BA9E7B85F941516ED7EA26E3E8E1E65D0836F39A109201E357EE97478D1A359B3FB4B4AD4C64A02A0CE7BBB39DC8FE1F73B179F284A14CF55D9C67D
page=1&size=10&orderBy=LocationName-asc&groupBy=&filter=
Rick,
I think you might be interested in this...
http://tv.telerik.com/watch/aspnet-mvc/video/building-a-responsive-site-with-mvc
very detailed and informative.
~AZee