Bearer token in the (OAuth) Authorization request header for REST API POST call
My recent experience with Oauth suggests the content type should be:
Request.ContentType = "application/x-www-form-urlencoded"
Request.Method = "POST"
Request.ContentLength = byteArray.Length
rather than request.ContentType = "application/json"
StealthRT
Updated on July 08, 2022Comments
-
StealthRT almost 2 years
Hey all i am trying to figure out how to do this OAuth authorization token for a REST API POST call.
The documents state:
With a valid access token, your app can make calls to any Yammer API endpoint by sending the access token as a “Bearer” token in the “Authorization” request header. GET /api/v1/messages/following.json HTTP/1.1 Host: www.yammer.com Authorization: Bearer abcDefGhiFor more details on the “Bearer” token refer to [enter link description here][1] If the access token expires or the user de-authorizes your app, the API request will return an HTTP 401 with the following error in the body of the response. { "response": { "message": "Token not found.", "code": 16, "stat": "fail" } }
Your app can request a new access token by re-running the appropriate flow if this error occurs.
Currently my VB.net code is this:
Dim request As HttpWebRequest Dim response As HttpWebResponse = Nothing Dim reader As StreamReader Dim address As Uri Dim data As StringBuilder Dim byteData() As Byte Dim postStream As Stream = Nothing address = New Uri("https://www.yammer.com/api/v1/messages.json") request = DirectCast(WebRequest.Create(address), HttpWebRequest) request.Method = "POST" request.Headers("Authorization") = "Bearer " & yammerAPI.userToken request.ContentType = "application/json" request.Host = "www.yammer.com" Dim body As String = "test" Dim replied_to_id As Integer = 123456789 Dim group_id As Integer = 123456789 data = New StringBuilder() 'data.Append("&replied_to_id=" & HttpUtility.UrlEncode(replied_to_id)) data.Append("group_id=" & HttpUtility.UrlEncode(group_id)) data.Append("&body=" & HttpUtility.UrlEncode(body)) byteData = UTF8Encoding.UTF8.GetBytes(data.ToString()) request.ContentLength = byteData.Length Try postStream = request.GetRequestStream() postStream.Write(byteData, 0, byteData.Length) Finally If Not postStream Is Nothing Then postStream.Close() End Try Try response = DirectCast(request.GetResponse(), HttpWebResponse) reader = New StreamReader(response.GetResponseStream()) Debug.Print(reader.ReadToEnd()) Finally If Not response Is Nothing Then response.Close() End Try
I keep getting an error of: The remote server returned an error: (401) Unauthorized.
I found this in a following Stackoverflow posting:
The Yammer API requires the OAuth data to be in the header. If you look at their example for Getting Data, you'll see the request looks like.
GET /api/v1/messages/favorites_of/1234 HTTP/1.1 HOST: www.yammer.com
Authorization: OAuth oauth_consumer_key="KsTROcNF1Fx3e1PwA",oauth_token="vlVH7A7DOm9wXuHdv58A",oauth_signature_method="PLAINTEXT",oauth_timestamp="1297383841092",oauth_nonce="1047685618",oauth_verifier="E4F8",oauth_signature="yPsEvDnNPIA8xGCFLvMJ73K0DD9ivMpATJeFOSo%26fSFh9UPkHQ6oRwK5OTne33ltnSnbQ9XrAhA72heg"
The OAuth data is in the Authorization header and not in the URL. The only time you have any OAuth data in the URL is when you do the authorize.
Any help would be great to understand this more!
-
Eugenio Pace over 10 yearsHow are you obtaining
yammerAPI.userToken
? -
StealthRT over 10 years@EugenioPace By going though each state (using webbrowser). Logging into yammer, being redirected via my redirect link of the app which places the code at the end of that (blahblah.com/?code=XYZ). Then i take that code and do this Dim url As String = "yammer.com/oauth2/access_token.json?client_id=" & clientID & "&client_secret=" & clientSecret & "&code=" & authorizedToken and parse the JSON and get the access_token from that. The access_token is my yammerAPI.userToken.
-
Mark S. over 10 yearsLook at the code example in [this question][1]. [1]: stackoverflow.com/questions/14188938/…
-
StealthRT over 10 years@MarkS. Could you give me some more info on how to go about finding the oauth_consumer_key, oauth_timestamp, oauth_nonce, oauth_verifier & oauth_signature?? All the yammer documents state that it only needs to send the Bearer + token is enough in the header?
-
Mark S. over 10 yearsIf you follow the Yammer docs in the introduction they talk about setting up the OAuth so that you can get the needed OAuth client ID etc. Once the authorization is setup you use the Bearer to request data.
-