I'm trying to use the API below to get access to a key vault.
https://learn.microsoft.com/en-us/rest/api/keyvault/keyvault/vaults/get
When I try to run this API in Alteryx, it asks for a authorization header.
I'm not sure what information I need to provide in this authorization header in order to get access to the specific key vault.
Can someone please share some knowledge on this?
enter image description here
Thanks
Azure Key Vault describes its request authentication in the Authentication section of this Authentication, requests and responses documentation:
Access tokens must be sent to the service using the HTTP Authorization header:
PUT /keys/MYKEY?api-version=<api_version> HTTP/1.1
Authorization: Bearer <access_token>
The access token is a token string that can be obtained via OAuth2 authentication. An easy way to obtain access tokens for Azure resources in Python is with the azure-identity library, which can be used with the azure-mgmt-keyvault library to make the request you're describing here.
If you'd like to use plain REST requests instead, access tokens are described thoroughly in this Microsoft identity platform access tokens documentation.
Disclaimer: I work with the Azure SDK for Python.
Related
Want some help from you.
I am working in Django/React project with Alpaca Broker APi https://alpaca.markets/broker
https://prnt.sc/1sfzv9k
I am trying to get relationship ID. Btw I am getting the error like screenshot
Please help me if you have an expertise with Alpaca API
Thanks
First, this error, basically means your API keys and Secret keys are incorrect. If that's the case, you need Regenerate new keys from Alpaca Broker Dashboard (please see screenshot)
Alpaca Broker API must authenticate using HTTP Basic authentication. Use your correspondent API key ID and secret as the username and password. The format is key_id:secret. Encode the string with base-64 encoding, and you can pass it as an authentication header.
Since you're testing with Postman, you can select the Basic Auth and enter the credentials accordingly as stated above.
You may also check here in the Alpaca Broker API docs
I cannot figure out that how can I get a GET request and authorize them using token-based authorization where I have only consumer and token keys with their secrets.
Search for token based authentication for restlets.
e.g.
Looking for example Python code for Netsuite API using OAuth?
The concept remains the same - you need to add the authentication data to the header when you make the GET request.
I am trying to download a file from a SharePoint Online data library via REST API which uses a multi-factor ADFS authentication, so far I found these posts (Post1, Post2) which talk about sending a SAML request to STS to receive a security token from https://login.microsoftonline.com/extSTS.srf, I have found multiple examples online which uses the same method to authenticate their requests. However, when I send the SAML request to the above Microsoft URL, I receive the error below.
AADSTS50126: Error validating credentials due to invalid username or password.
I have appropriate access to the SharePoint data library as I was able to get a valid response to an API request (to check available lists and not for authentication) when using a browser with authenticated session. Any idea on what I might be doing wrong or even if authentication is possible for MFA secured SharePoint library.
There is no official word in any Microsoft Documentation to confirm this. But MFA account + AAD token is not compatible.
You have to use a service account (username/password) without MFA enabled for it. This will work when you invoke the SPO web api using the service account for getting tokens.
When you have a browser session in open state, the token will be available in cookies & you will be able to access the library without issue. The same applies to POSTMAN or SOAP-UI testing.
Because MFA needs user interaction, this is not possible. Refer this github issue: Trouble spo login with an account with multi-factor authentication
We do "Application User" concept in Dynamics CRM for the same approach. Read more
I currently am using the Microsoft Office 365 API to get information about Mailbox Usage and Activity. I am attempting to switch over to the Graph API, and am having some trouble.
When I use the current API, I give an 'auth' field in my header so I avoid posting for a bearer token before sending a GET request.
When I attempt the same in the Graph API I get the following error: "CompactToken parsing failed with error code: -2147184105"
After doing some research, I'm unsure if it is even possible to access the Graph API without posting for a bearer token. I would like to access it by still using the authorization credentials in a 'auth' field. Please let me know of any input/help you can provide!
If I follow correctly, you're looking to obtain a bearer token without going through a separate "POST" to convert the authorization code into an access (bearer) token? This is supported by the v2 Endpoint (and Microsoft Graph) using the Implicit Grant.
I wrote an article on this a while back that might be helpful getting you started - v2 Endpoint and Implicit Grant
I got to transfer some files to a remote server for which I have to perform OAuth2.0 to get access token and then simply perform a POST request to upload the files.
Now I am too lazy to setup a Django project on cloud and then perform OAuth2 while there are not "too good" lib for that though.
So, I am thinking to perform OAuth2 using rauth lib as a simple python script without really setting up a server that accepts requests and all..
However, on the remote server profile, I need to provide a redirect_url and of course in the rauth client lib.
Are there any possible ways to do this authorization without really setting up a project on cloud..A simply python script is what I am looking for.
I'm the author and maintainer of rauth.
Rauth no longer enforces a redirect_uri, so if your provider allows it then you can forgo using it. However if you ultimate goal is not to setup a server, this should be doable even with a redirect_uri required by the provider. You can, for example, redirect to localhost where you could setup a minimal server using Flask or if the provider allows it, some other, arbitrary URL, e.g. Facebook provides https://www.facebook.com/connect/login_success.html for this purpose. And the provider you're using might have a similar scheme. Here's an example with rauth.
Another option is to use Bearer Auth with grant_type=password. All OAuth 2.0 providers are supposed to support Bearer Auth, but may not implement the password grant_type. This does not require a redirect_uri, instead you end up passing the server your user credentials and it should return an access token to you. If your provider allows Bearer Auth with grant_type of password, this is probably the ideal for you. Rauth 0.5.3 attempts to use Bearer Auth by default so all you have to do is pass in the grant_type. Be sure to update before giving this a go.
Here's a simple example:
# assume you have constructed an OAuth2Service object and bound it to `serv`
params = {'grant_type': 'password',
'username': 'foo',
'password': 'hunter2'}
s = service.get_auth_session(params=params)
r = s.get('https://example.com/api/some/endpoint')
Depending on the provider and what you want to do, it may require a little more investigation. However, hopefully this gives you something to start with.
Edit
I think my comment about password grant_type is a little confusing: I seem to be implying you have to use it with Bearer Auth (here by Bearer Auth I mean affixing the access token in the Authorization header in the Bearer format), but actually you don't. It's acceptable, although discouraged, to send the credentials along in the entity method[1]. If you're using rauth and find that authentication is not working as expected, you may need to disable Bearer Auth like this:
s = service.get_auth_session('/some/resource',
data={'code': code},
bearer_auth=False)
From the spec:
[1] "Clients SHOULD make authenticated requests with a bearer token using the Authorization request header field with the Bearer HTTP authorization scheme. Resource servers MUST support this method."