search

Shoeboxed / api

Official API documentation for integrating with Shoeboxed https://www.shoeboxed.com
14 stars 5 forks source link

How to initiate Shoeboxed Swagger UI? #21

Open theo-armour opened 5 years ago

theo-armour commented 5 years ago

I am trying to initiate the Shoeboxed Swagger UI at:

https://api.shoeboxed.com/v2/explorer/index.html

The goal is to fill the input with "OAuth Client ID" as placeholder text with the correct data.

Here is what I am doing:

Create a test app at https://app.shoeboxed.com/member/v2/settings#api with a redirect url of https://api.shoeboxed.com/v2/explorer/o2c.html. I have received an ID and secret.

Use the ID to obtain a credential using:

https://id.shoeboxed.com/oauth/authorize?client_id=<client id>&response_type=code&scope=all&redirect_uri=https://api.shoeboxed.com/v2/explorer/o2c.html&state=012345678

An error is reported in the JavaScript console, but there is an entry for a credential:

https://id.shoeboxed.com/oauth/authorize?client_id=d54fcdae881d4ee490e43a856ff90135&response_type=code&scope=all&redirect_uri=https://api.shoeboxed.com/v2/explorer/o2c.html&state=01234567888

Use this credential to create the following curl:

curl -v -XPOST https://id.shoeboxed.com/oauth/token -d code=<credential> \
-d grant_type=authorization_code --data-urlencode \ redirect_uri='https://api.shoeboxed.com/v2/explorer/o2c.html' -u <id>:<secret>

The curl receives the following error:

Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 35.238.229.109:443...
* TCP_NODELAY set
* Connected to id.shoeboxed.com (35.238.229.109) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: OU=Domain Control Validated; CN=*.shoeboxed.com
*  start date: Jun 21 16:54:22 2019 GMT
*  expire date: Aug 20 18:19:03 2020 GMT
*  subjectAltName: host "id.shoeboxed.com" matched cert's "*.shoeboxed.com"
*  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Server auth using Basic with user '30d0e270a0e64429a9b9bc6adb9b8229'
* Using Stream ID: 1 (easy handle 0x26130b0)
> POST /oauth/token HTTP/2
> Host: id.shoeboxed.com
> Authorization: Basic MzBkMGUyNzBhMGU2NDQyOWE5YjliYzZhZGI5YjgyMjk6endndzY2aUJVTDMyaW9xS1RJS1EzLktleW00bzlKRDBkYk1nRi9oQjBIUlZ3N04zeHZ0dEs=
> User-Agent: curl/7.65.3
> Accept: */*
> Content-Length: 139
> Content-Type: application/x-www-form-urlencoded
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
* We are completely uploaded and fine
< HTTP/2 400
< server: nginx/1.14.0 (Ubuntu)
< date: Sat, 05 Oct 2019 23:26:55 GMT
< content-type: application/json; charset=utf-8
< content-length: 76
< x-frame-options: DENY
< x-permitted-cross-domain-policies: master-only
< x-xss-protection: 1; mode=block
< content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'
< x-content-type-options: nosniff
<
{"error":"invalid_request","error_description":"invalid authorization code"}* Connection #0 to host id.shoeboxed.com left intact

What should I be doing to get the Swagger UI to run as it should?

igstan commented 5 years ago

Hi, @theo-armour! What you have to do is:

  1. Take the ID from Your API apps page and put it in the text field of the Swagger UI page.
  2. Open the GET /accounts/{account} section in Swagger UI and click on the toggle button at the right. This should start an in-browser OAuth authentication process.
  3. Tick the all scopes in the pop-up that appears
  4. Click Authorize. You should now be redirected to a page where you'll have to click Authorize once more.
  5. Click this Authorize button too. After this step, you should be back on the Swagger UI page and able to interact with the API.

If any of the steps from 2 onwards fails, try an incognito tab. There might be some issues with the JS inside Swagger UI.

theo-armour commented 5 years ago

@igstan @sbxalex

Yay! I'm in. Thank you for the speedy weekend response.

It would save newbs like me hours of trial and error, if the Swagger instructions your provided are made available via a link in the Swagger UI page and as part of the Shoeboxed GitHub pages.

I look forward to exploring the API in detail.

My objective is to create simple FOSS methods to transfer documents from Shoeboxed to the Internet Archive and or other similar online archives without expiry dates.

More about this effort ( and questions) in future GitHub issues.

Theo