I am fairly new to web development and using API's, and for some reason I keep getting a 401 "Access denied due to missing hibp-api-key." error when trying to use this one API for the website HaveIBeenPwned. I'm using Postman just to check the API, and here is what I am using: https://haveibeenpwned.com/api/v3/pasteaccount/foo%40bar.com%20hibp-api-key:%20XXXXXXXXXXXX #API Key was redacted at the end, and the email is a test email.
Can anyone tell me what I'm doing wrong, and why it keeps giving me an error? I've checked my API key a million times and I just don't know why this isn't working! Here is the documentation: https://haveibeenpwned.com/API/v3
It says:
The API takes a single parameter which is the email address to be
searched for. The email is not case sensitive and will be trimmed of
leading or trailing white spaces. The email should always be URL
encoded. This is an authenticated API and an HIBP API key must be
passed with the request.
GET https://haveibeenpwned.com/api/v3/pasteaccount/{account}
hibp-api-key: [your key]
The key needs to be passed in the header per the docs here: https://haveibeenpwned.com/API/v3#Authorisation
The key is then passed in a "hibp-api-key" header:
GET https://haveibeenpwned.com/api/v3/{service}/{parameter}
hibp-api-key: [your key]
I'm in the process of setting up oauth following the process laid out by Slack for my Slack app (I've used a token previously for the same app). Unfortunately I'm hitting a snag with step 1. I'm using Postman to test out the GET request to https://slack.com/oauth/authorize by passing along 3 parameters (client_id, scope, & redirect_uri) expecting something that gets me closer to receiving a code (step 2). But what I receive is an error message of Invalid client_id parameter. I've checked my client_id in Postman against what's provided by Slack multiple times but can't figure out where this issue is stemming from. What am I doing wrong?
Additionally I'm thinking of using Passport with the Passport-Slack strategy for authentication.
The reason this does not work is that you have defined the properties in the header, but you need to provide those as GET parameters.
To fix remove them from the header and either add them to the URL (e.g. ?client_id=xxx&scope=xxx) or click on Params next to the Send button to enter them directly.
When I try sign up an user in AWS Cognito this error is returned in response.:
But, in my config the email field is an alias.:
How can I fix this?
By that error message, it looks like it's failing because you have email as an alias but have also set given it as your username. I think to get around this, you could either use some temporary, throw away username at first or un-check it as an alias and just use it as both username and an attribute. The former gives you more flexibility to updating it, but that's ultimately up to your application's needs.
So I'm out of ideas, I don't know what to check or debug anymore, but on the exception I get this:
string(188203) "Facebook\FacebookAuthorizationException Object
(
[statusCode:Facebook\FacebookRequestException:private] => 400
[rawResponse:Facebook\FacebookRequestException:private] => {"error":{"message":"Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request","type":"OAuthException","code":100,"fbtrace_id":"DqCCKoiN0r4"}}
[responseData:Facebook\FacebookRequestException:private] => Array
(
[error] => Array
(
[message] => Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request
[type] => OAuthException
[code] => 100
[fbtrace_id] => DqCCKoiN0r4
)
)
[message:protected] => Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request
[string:Exception:private] =>
[code:protected] => 100
You can set redirect URI in
Go to https://developers.facebook.com/apps
Select your app.
Under Products > Facebook Login > Settings
Enable Embedded Browser OAuth Login
Set Valid OAuth Redirect URIs
You can Validate Redirect URI with Redirect URI Validator.
You can only use https URIs.
Also set App Domain in Settings > Basic > App Domains
Try / at the end of redirect URI
In my case I was using https://localhost everywhere but somehow when getting access token specifying https://localhost/ worked.
As absurd as it sounds, verify you're using the correct app_secret.
Facebook will give you this instead of just saying "invalid secret" in the response
I believed you have used different redirect_uri in your facebook app settings and Oauth API code. thats why you got this error.
For facebook login you must set same redirect_uri into both place.
Make sure to have it exactly as in your FB settings.
For me, I had https://localhost:3000/ in my settings but https://localhost:3000 in my get access token call and this was the source of the error!
I had the same issue and non of the answers helped me, then I tried to make another Facebook app, and it solved my issue!
I mean you have to use one application for Facebook OAuth and make another to use for Instagram oauth. seems Facebook has an issue with using both functionalities in one app.
After engaging in the problem for more than a day, found my mistake to be one '/' (slash) in app url at the end.
incase anyone else is having this issue and can't figure it out, your redirect_uri needs to have a "/" at the end. Facebook adds one automatically when you put your redirect_uri in the app settings. If you don't add the "/" in your code when you're trying to get the token, it will give you this error. That's what was going on with mine.
Ex: redirect_uri = "https://myserver.com:4429"
should be
redirect_uri = "https://myserver.com:4429/"
It means the redirect URI you pass to FB (usually in the query string) does not match what you have set in the app settings.
It can also be because of multiple slashes, for ex:
https://yoursite.com/auth/facebook/callback -> that's the one you added in the app settings
https://yoursite.com//auth/facebook/callback -> that's what you actually send
For me, it worked by replacing
callbackURL: "api/auth/facebook/redirect/",
to
callbackURL: "http://localhost:3000/api/auth/facebook/redirect/",
in the new FacebookStrategy
Was stuck in the same problem for a long time .
You will get this error when the redirect url is mismatching or does not exist or is wrongly formatted in the field (additional spaces or // ) , either the facebook app setting or while you are calling the API .
Solution
What worked for me was when ever you add a redirect URl you can check it in the valid redirect auth field uf it doesnot show valid when pressed check than that url is not the correct one
I finally managed to get this to work, in my case, I was using the Instagram Oauth API but I believe the logic is the same and you can find the complete flow here : https://developers.facebook.com/docs/instagram-basic-display-api/guides/getting-access-tokens-and-permissions.
So here is the basic flow :
Generate an authorization which will provide you with a code (the user will get redirected to Instagram in order to accept/deny the requested authorizations)
This code can be used in order to generate a 'short lived access token' and this is where the troubles arise.
For the first point, you need to provide Instagram with a redirect_uri. When you want to complete the second point, you'll need to make a POST request to Instagram, with a redirect_uri as well.
I thought that both redirect_uri's could be different between the 2 steps, but they don't. And this is simply where my error was : I wanted something like that for the first step : https://my.domain/short-lived-token and something like this for the 2nd : https://my.domain/short-lived-token but when I tried both with https://my.domain/generate-access-token, for instance, it worked.
Hope it helps you guys because I couldn't find anything on the internet.
LATEST FIX:
After sending 3 hours, I found a solution to this error.
This happened due to 2 reasons.
As we can see in response. Just Make sure you set the same URL in the developer portal and code
IMP: FACEBOOK needs to change the API response. 2nd reason is that you make sure that using Instagram App Secret and app ID. I was getting the same error bcoz I was using the wrong app secret.
Must Follow: Official FB Docs
I am developing an app using Java and Javascript and I have an email service that the user can send an automatic email to me if an error occurs with the application. I have it sending a blank email to me at the moment but I would like it to get the error message from the console and paste it into the email. I have to code to add it to the email but how do I get the information from the console?
EDIT:
2012-05-03 10:20:46,449 [mobileapp] DEBUG Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'GET' not supported
2012-05-03 10:20:46,449 [mobileapp] WARN Request method 'GET' not supported
2012-05-03 10:20:46,449 [mobileapp] DEBUG Null ModelAndView returned to DispatcherServlet with name 'mvc-dispatcher': assuming HandlerAdapter completed request handling
2012-05-03 10:20:46,449 [mobileapp] TRACE Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade#741848
If you're using JavaScript, there is no "real" console. Instead install a plug-in that provides this for you - e.g. FireBug (for Firefox) or just use Chrome. That has worked for me, when you do a console.log("whatever") it should be shown there.
Good luck!