I would like to use UnityEngine.Networking and StartCoroutine() to retrieve data from Bing API in Unity/C#. I am getting Error 401 which is:
{"error":{"code":"401","message": "Access denied due to invalid subscription key or wrong API endpoint. Make sure to provide a valid key for an active subscription and use a correct regional API endpoint for your resource."}}
The url that I am attempting to call is:
https://[**MyEndpoint**]/bing/v7.0/news/trendingtopics?BingAPIs-Market=en-US&Ocp-Apim-Subscription-Key=[**KEY**]
I assume the reason for rejection is that I explicitly added Ocp-Apim-Subscription-Key header in the url but not sure %100.
As #jdweng indicated, you should specify your subscription key in the request header, just as below :
If it is necessary for you using the subscription key in the request URL,the param here should be subscription-key instead of Ocp-Apim-Subscription-Key just as below:
Bing API is RESTful API and expects the authentication key in the request header
Related
I have Web API built in .net framework 4.6. I secure my API using Azure AD. For the purpose of development, I need to generate token so I can use it for testing and debugging. How can I generate token from Microsoft Graph that I can use to authenticate to my API?
I tried this https://login.microsoftonline.com/{tenantId}/oauth2/token endpoint but the token it generates is not valid. I get 401 using the token from that endpoint.
enter image description here
The error "401 unauthorized" usually occurs when you missed giving resource parameter while generating access token.
If that's the case, you will still get the access token but when you are using the token to authenticate to your API, you will get "Invalid token" error.
To resolve the error, please include below parameters while generating access token:
Make sure to include resource parameter and other required parameters like below:
I tried in my environment, after including the above parameters, I got the access token successfully like below:
If the above solution does not work, try with different grant_type parameter.
For more information, please refer below links:
401 Unauthorized Error–Azure Active Directory (AD) – Microsoft Azure Articles.. (wordpress.com).
Getting Access Token for Microsoft Graph Using OAuth REST API - DZone Security
Azure registered app error: The user or administrator has not consented to use the application with ID - Stack Overflow
I want my Web API to get an Access Token to then call Microsoft Graph API. I've gone through a few documents and threads but they all talk about a POST method that asks for a Client ID and App Secret created when registering the app on AAD.
I'm following this document here.
My problem is:
What is client_credentials? Where should I get it from? I thought the API is supposed to be working with the secret and the client I'd only.
I appreciate your help.
There's 4 parameters in the HTTP request:
grant_type: in this case, the value is "client_credentials"
client_id: The client id of your app
client_secret: The client secret of your app
resource: The identifier of the API you want a token for, in this case https://graph.microsoft.com
So only client id and secret are needed from your app.
If you use v2 endpoint / MSAL, note there is no resource parameter.
Instead you would use scope=https://graph.microsoft.com/.default.
I'm very new to APIs and I need a GET request to this api called WordTracker. WordTracker gives me an app id and an app key to authorize usage of their api. I've searched everywhere on how to authorize api request but none are working for me. I continue to get a 403 forbidden error. If anyone can help me or could just give me a template to authorize, I would really appreciate it. I'm using c# on a windows form application.
The documentation states that you need to pass the app_id and app_key in the query string. Hence, you should try to append them to your GET-request, e.g.: http://url?app_key=xxx&app_id=yyy.
I'm trying to use openID connect to authenticate against google using the code flow.
I'm sending an auth request to google like
GET https://accounts.google.com/o/oauth2/v2/auth? client_id=***.apps.googleusercontent.com&
redirect_uri=https%3a%2f%2flocalhost%3a44321%2fAccount%2fConfirmLogin&
response_mode=form_post&
response_type=code&
scope=openid+email+profile&
state=STUFF
nonce=A_NONCE
and I get back a GET response
GET https://localhost:44321/Account/ConfirmLogin?state=STUFF&
code=Some letters&
authuser=0&
hd=my app domain&
session_state=HEX&
prompt=none
According to the spec : http://openid.net/specs/openid-connect-core-1_0.html#AuthResponse
When using the Authorization Code Flow, the Authorization Response MUST return the parameters defined in Section 4.1.2 of OAuth 2.0 [RFC6749] by adding them as query parameters to the redirect_uri specified in the Authorization Request using the application/x-www-form-urlencoded format, unless a different Response Mode was specified.
From my reading of the spec this means google should return a POST to my server not a GET?
Support for the form_post response mode as defined in http://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html is optional and it is not supported by Google. Hence the parameter is ignored.
Hi I am using Bearer authentication in my web api 2. After user login i generate access token to the user. Further when they request my web api, they have to send access token in request header. All valid access tokens are requesting web api with out any problem. But I am not sure how to handle bad access tokens (expired). Please let me know the solution if you have. Thanks in advance.
In addition to Mahesh Kava, you may extend AuthorizeAttribute class to return more detailed information for unauthorized request. Refer to this SO question
You should use the [Authorize] filter attribute to authorize the request. All bad request with expired tokens will be treated with a 401 unauthorized error