What is the best way to check if Twilio auht_token, account_sid are correct and sms can be sent, number checked? Some call which doesn't cost extra credits?
E.g. I see https://www.twilio.com/docs/api/rest/usage-records on RESTfull documentation but can't find how to get the same thing with JS SDK. Can't see dedicated endpoint for config checking so looking for anything else.
Environment: NodeJS 8.9
Twilio developer evangelist here.
Most API calls to the Twilio REST API don't cost, particularly those where you retrieve a resource or list resources. Since you mentioned SMS you could, for example, list your latest messages like this:
const client = require('twilio')(accountSid, authToken);
client.messages.list({ limit: 10 })
.then(function(messages) {
console.log("Everything is good!");
})
.catch(function(err) {
console.error("Something went wrong: ", err)
})
Take a look through the API reference and pick one that takes your fancy.
Using JS SDK might be insecure here. Because of that I think they didn't include a method in the JS API which may present the user the account_sid and the auth_token, which may be exploited. I assume you can use a server bridge between your client JS and Twilio API. Like this:
Client makes a JS AJAX request to http://my.domain.tld/checkstatus
Server connects to the Twilio API with C#, PHP, NodeJS or whatever tech it uses
Twilio returns that the credentials and tokens are still valid or expired
Server prepares the client response as true/false or 0/1
Client reads the status and continues or redirects somewhere else.
Edit There's a GET method here which you can also use with JS AJAX call:
https://www.twilio.com/docs/api/rest/usage-records#list-get
which is requested by this format:
/2010-04-01/Accounts/{AccountSid}/Usage/Records/{Subresource}
Related
I have a bot which should answer to calls, here's MS doc
Actually I can Answer a call (MS Team unhook the call ) but I get no response status code or error. In documentation it mentioned that I should get a 202 accepted status code see here ( api method right after initialisation):
client
.api('/me')
.get((err, res) => {
console.log(res); // prints info about authenticated user
});
I have tried to check res.statusCode but I get no content.
How can I get response from MS Teams API ?
appHostedMediaConfig requires use of the C# Media SDK. Please refer to the documentation describing the options. GitHub site contains documentation and samples for using the C# SDK. If the bot is participating in a multiparty call, the bot needs tenant consent for one or more of the Calls permissions.
You can use other SDKs when using serviceHostedMediaConfig for IVR scenarios. answer does not return a response body but 202 Accepted. I saw attempts from the bot using this method. However, it was used with removeFromDefaultAudioGroup: true which is for advanced audio routing. I suggest starting without the advanced features.
To continue with the call, setup your notification handler. Our service took down the call with the bot because your handler was not responding. Wait for the established notification before sending IVR commands.
statusCode isn't a property of the response object, it is part of the rawResponse object. Your method needs to include the full set of response objects:
client
.api('/me')
.get((err, res, rawResponse) => {
console.log(rawResponse.statusCode);
});
this is my first post so please go easy on me!
I am a beginning developer working with javascript and node.js. I am trying to make a basic request from a node js file to facebook's graph API. I have signed up for their developer service using my facebook account, and I have installed the node package for FB found here (https://www.npmjs.com/package/fb). It looks official enough.
Everything seems to be working, except I am getting a response to my GET request with a message saying my appsecret_proof is invalid.
Here is the code I am using (be advised the sensitive info is just keyboard mashing).
let https = require("https");
var FB = require('fb');
FB.options({
version: 'v2.11',
appId: 484592542348233,
appSecret: '389fa3ha3fukzf83a3r8a3f3aa3a3'
});
FB.setAccessToken('f8af89a3f98a3f89a3f87af8afnafmdasfasedfaskjefzev8zv9z390fz39fznabacbkcbalanaa3fla398fa3lfa3flka3flina3fk3anflka3fnalifn3laifnka3fnaelfafi3eifafnaifla3nfia3nfa3ifla');
console.log(FB.options());
FB.api('/me',
'GET',
{
"fields": "id,name"
},
function (res) {
if(!res || res.error) {
console.log(!res ? 'error occurred' : res.error);
return;
}
console.log(res);
console.log(res.id);
console.log(res.name);
}
);
The error I am getting reads:
{ message: 'Invalid appsecret_proof provided in the API argument',
type: 'GraphMethodException',
code: 100,
fbtrace_id: 'H3pDC0OPZdK' }
I have reset my appSecret and accessToken on the developer page and tried them immediately after resetting them. I get the same error, so I don't think that stale credentials are the issue. My
console.log(FB.options())
returns an appropriate looking object that also contains a long hash for appSecretProof as expected. I have also tried this code with a number of version numbers in the options (v2.4, v2.5, v2.11, and without any version key). Facebook's documentation on this strikes me as somewhat unclear. I think I should be using v2.5 of the SDK (which the node package is meant to mimic) and making requests to v2.11 of the graph API, but ??? In any case, that wouldn't seem to explain the issue I'm having. I get a perfectly good response that says my appSecretProof is invalid when I don't specify any version number at all.
The node package for fb should be generating this appSecretProof for me, and it looks like it is doing that. My other info and syntax all seem correct according to the package documentation. What am I missing here? Thank you all so much in advance.
looks like you have required the appsecret_proof for 2 factor authorization in the advance setting in your app.
Access tokens are portable. It's possible to take an access token generated on a client by Facebook's SDK, send it to a server and then make calls from that server on behalf of the client. An access token can also be stolen by malicious software on a person's computer or a man in the middle attack. Then that access token can be used from an entirely different system that's not the client and not your server, generating spam or stealing data.
You can prevent this by adding the appsecret_proof parameter to every API call from a server and enabling the setting to require proof on all calls. This prevents bad guys from making API calls with your access tokens from their servers. If you're using the official PHP SDK, the appsecret_proof parameter is automatically added.
Please refer the below url to generate the valid appsecret_proof,and add it to each api call
https://developers.facebook.com/docs/graph-api/securing-requests
I had to deal with the same issue while working with passport-facebook-token,
I finally released that the problem had nothing to have with the logic of my codebase or the app configuration.
I had this error just because I was adding intentionally an authorization Header to the request. so if you are using postman or some other http client just make sure that the request does not contain any authorization Header.
I'm building myself a click-to-call website that utilizes Twilio. After I configured in TwiML app and wrote Twilio JavaScript SDK client-side to make request to Twilio, then Twilio will make a POST request to this route of mine:
app.post('/callcenter',function(req,res){
const twilio=require('twilio');
var twiml=new twilio.TwimlResponse();
res.type('text/xml');
twiml.dial({},function(node){
node.number('MY_PHONE_NUMBER');
});
res.send(twiml.toString());
);
This is the most simplified use of Dial in REST API for TwiML that I want to respond to Twilio to make a call to MY_PHONE_NUMBER. But I always ended up hearing voice of "An error occured..."
Please someone help me point out what did I do wrong in this route handler? Server is built in ExpressJS
try this out:
twiml.dial({callerId : process.env.TWILIO_PHONE_NUMBER}, MY_PHONE_NUMBER);
which comes from: https://www.twilio.com/docs/tutorials/walkthrough/browser-calls/node/express
There click to the page call.js.
I'd like to implement a sms verification and I wonder how I can send sms to a given phone number by using Meteor?
I've been able to do this using the meteor-twilio package built from the node library (you'd need a Twilio account). The package exports a global called Twilio that you can use like this:
// server-side code
...
var twilio = Twilio(accountSid, authToken);
this.unblock(); // make the request asynchronously
twilio.sendSms({
to:'+445678984', // any number Twilio can deliver to
from: '+12125551212', // must be your Twilio account phone number
body: 'here is your confirmation'
}, function(err, responseData) { //executed when a response is received from Twilio
if (!err) {
// "responseData" is a JavaScript object containing data received from Twilio.
console.log(responseData.body); // outputs "here is your confirmaton"
}
...
This can be done inside a Meteor.method call.
I'd recommend to look for a SMS API which you can use, by searching for something like javascript sms api. Then you could for example send a verification code by SMS and prompt the code in your app.
Ancient thread, but for searchers who discover this, take a look at:
https://github.com/DispatchMe/meteor-accounts-sms
or
https://github.com/okland/accounts-phone
They are roughly similar solutions that can use Twilio.
Can I access Google Analytics data using a service account in a client-side application? If not, are there other ways of achieving the same outcome?
Must be entirely client-side, and must not require users to authenticate (hence the desire to use a service account).
Yes you can in https://code.google.com/apis/console make sure you say that its a Service account it will give you a key file to download. With that you dont need a user to click ok to give you access.
For a service acccount to work you need to have a key file. Anyone that has access to that key file will then be able to access your Analytics data. Javascript is client sided which means you will need to send the key file. See the Problem? You are handing everyone access to your account. Even if you could get a service account to work using javascript for security reasons its probably not a very good idea.
You can use the official (and alpha) Google API for Node.js to generate the token. It's helpful if you have a service account.
On the server:
npm install -S googleapis
ES6:
import google from 'googleapis'
import googleServiceAccountKey from '/path/to/private/google-service-account-private-key.json' // see docs on how to generate a service account
const googleJWTClient = new google.auth.JWT(
googleServiceAccountKey.client_email,
null,
googleServiceAccountKey.private_key,
['https://www.googleapis.com/auth/analytics.readonly'], // You may need to specify scopes other than analytics
null,
)
googleJWTClient.authorize((error, access_token) => {
if (error) {
return console.error("Couldn't get access token", e)
}
// ... access_token ready to use to fetch data and return to client
// even serve access_token back to client for use in `gapi.analytics.auth.authorize`
})
If you went the "pass the access_token back to client" route:
gapi.analytics.auth.authorize({
'serverAuth': {
access_token // received from server, through Ajax request
}
})