OmniTech Posted September 25, 2023 Share Posted September 25, 2023 The handleGetAuthorizationCode() works, I can already get my Authorization code but when trying to get a Access Token, I'm getting 401 Unauthorized error, my code in in the 3rd picture, am I doing it wrong? Link to comment Share on other sites More sharing options...
Jay Rock Posted September 26, 2023 Share Posted September 26, 2023 Hello, thank you for a question. Please give me a more precise sample of the request. Link to comment Share on other sites More sharing options...
OmniTech Posted September 26, 2023 Author Share Posted September 26, 2023 50 minutes ago, Jay Rock said: Hello, thank you for a question. Please give me a more precise sample of the request. I censored the url and the client_secret. curl 'https://api.loyverse.com/oauth/token' \ -H 'authority: api.loyverse.com' \ -H 'accept: application/json, text/plain, */*' \ -H 'accept-language: en-US,en;q=0.9' \ -H 'content-type: application/x-www-form-urlencoded' \ -H 'origin: https://**************.com' \ -H 'referer: https://**************.com/' \ -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'sec-ch-ua-platform: "Windows"' \ -H 'sec-fetch-dest: empty' \ -H 'sec-fetch-mode: cors' \ -H 'sec-fetch-site: cross-site' \ -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \ --data-raw '{"client_id":"jvvDK-U6kQ7fFFfb3-ff","client_secret":"******************************************************************","redirect_uri":"https://**************.com","code":"fLDgmF","grant_type":"authorization_code"}' \ --compressed Link to comment Share on other sites More sharing options...
Jay Rock Posted September 26, 2023 Share Posted September 26, 2023 (edited) Looks like you generated a JSON object instead x-www-form-urlencoded. Please double check. Edited September 26, 2023 by Jay Rock Link to comment Share on other sites More sharing options...
OmniTech Posted September 26, 2023 Author Share Posted September 26, 2023 (edited) It worked, I got 200 OK response but now I'm encountering CORS error 47 minutes ago, Jay Rock said: Looks like you generated a JSON object instead x-www-form-urlencoded. Please double check. Edited September 26, 2023 by OmniTech Link to comment Share on other sites More sharing options...
Jay Rock Posted September 27, 2023 Share Posted September 27, 2023 Due to our API’s restrictions that disallow direct calls from the browser, users are required to utilize a backend proxy such as Nginx or a similar tool in their local environment. https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS Link to comment Share on other sites More sharing options...
OmniTech Posted September 27, 2023 Author Share Posted September 27, 2023 1 hour ago, Jay Rock said: Due to our API’s restrictions that disallow direct calls from the browser, users are required to utilize a backend proxy such as Nginx or a similar tool in their local environment. https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS Ok thanks, I'll check Nginx Link to comment Share on other sites More sharing options...
OmniTech Posted October 2, 2023 Author Share Posted October 2, 2023 (edited) My site is already running through Nginx but I'm still getting CORS error: curl 'https://api.loyverse.com/oauth/authorize' \ -H 'authority: api.loyverse.com' \ -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7' \ -H 'accept-language: en-US,en;q=0.9' \ -H 'cache-control: max-age=0' \ -H 'content-type: application/x-www-form-urlencoded' \ -H 'cookie: _ga=GA1.1.858668138.1695212056; _vwo_uuid=D35989D99F9432AB5B75A9322B8A81E9E; _vwo_ds=3%241695315746%3A42.48334429%3A%3A; intercom-device-id-re5afjv3=67153bb0-dba7-4fc0-bef3-31bb0619ce84; _vwo_uuid_v2=DA1F8919D943D9B0DA11A711700A40703|0385ce800dcb2cc1f3cf4aaf391347b1; _clck=1qi7gzl|2|ffi|0|1358; intercom-session-re5afjv3=cndoN2xYaG9OZDFVZEFncWp6b2xSemdTMEJEdWhqOENOd1ZsVFo4dE5jY011R0RTQTRldFhQR3VGU0pSUGp2aC0tOXdJZlN1RmdzaGtEck8zMFZhaFhmdz09--b5d6991992db5dc53c993680c12b9fff90273fb7; _ga_3KWXPBTJ0S=GS1.1.1696275805.5.1.1696275820.0.0.0; _vis_opt_s=5%7C; _vis_opt_test_cookie=1; JSESSIONID=75751FB14B0680E0574F9B398F4C8BC1; _clsk=6ma08|1696276966636|7|1|s.clarity.ms/collect; AWSALB=piqIgqF+ZXvJywcBFSoOdoWlf0xwI04hnJdZjDfMPmHV+ehZSybAl76GWHWcUPXMj//Ze+zXzheqAQtsMcw0AWEGBeuPdsxryv7ohq7S9rPrDWpC8G2fKkiQBzpG; AWSALBCORS=piqIgqF+ZXvJywcBFSoOdoWlf0xwI04hnJdZjDfMPmHV+ehZSybAl76GWHWcUPXMj//Ze+zXzheqAQtsMcw0AWEGBeuPdsxryv7ohq7S9rPrDWpC8G2fKkiQBzpG; mp_92c6e09f236098fe1dd8f045937cc868_mixpanel=%7B%22distinct_id%22%3A%202508755%2C%22%24device_id%22%3A%20%2218ab8b1528aa01-045b1f89b5cdfd-26031e51-1fa400-18ab8b1528aa01%22%2C%22%24initial_referrer%22%3A%20%22https%3A%2F%2Fdeveloper.loyverse.com%2F%22%2C%22%24initial_referring_domain%22%3A%20%22developer.loyverse.com%22%2C%22%24user_id%22%3A%202508755%2C%22__mps%22%3A%20%7B%7D%2C%22__mpso%22%3A%20%7B%7D%2C%22__mpus%22%3A%20%7B%7D%2C%22__mpa%22%3A%20%7B%7D%2C%22__mpu%22%3A%20%7B%7D%2C%22__mpr%22%3A%20%5B%5D%2C%22__mpap%22%3A%20%5B%5D%7D; _vwo_sn=960077%3A13%3A%3A%3A1; _ga_HQQLJ83BKE=GS1.1.1696275757.6.1.1696277043.60.0.0' \ -H 'origin: https://loyverse.com' \ -H 'referer: https://loyverse.com/' \ -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'sec-ch-ua-platform: "Windows"' \ -H 'sec-fetch-dest: document' \ -H 'sec-fetch-mode: navigate' \ -H 'sec-fetch-site: same-site' \ -H 'sec-fetch-user: ?1' \ -H 'upgrade-insecure-requests: 1' \ -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \ --data-raw 'app_name=Queue&client_id=jvvDK-U6kQ7fFFfb3-ff&redirect_uri=https%3A%2F%2F****************************.com%2Fhome&response_type=code&scope=RECEIPTS_READ&state=*****************************************************%3D%3D&user_oauth_approval=true' \ --compressed ; curl 'https://****************************.com/home?code=QW6wM5&state=*****************************************************%3D%3D' \ -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7' \ -H 'Accept-Language: en-US,en;q=0.9' \ -H 'Cache-Control: max-age=0' \ -H 'Connection: keep-alive' \ -H 'Referer: https://loyverse.com/' \ -H 'Sec-Fetch-Dest: document' \ -H 'Sec-Fetch-Mode: navigate' \ -H 'Sec-Fetch-Site: cross-site' \ -H 'Sec-Fetch-User: ?1' \ -H 'Upgrade-Insecure-Requests: 1' \ -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \ -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'sec-ch-ua-platform: "Windows"' \ --compressed ; curl 'https://****************************.com/assets/index-8d7007fb.js' \ -H 'Accept: */*' \ -H 'Accept-Language: en-US,en;q=0.9' \ -H 'Connection: keep-alive' \ -H 'If-Modified-Since: Mon, 02 Oct 2023 20:03:54 GMT' \ -H 'If-None-Match: "651b222a-4b1da"' \ -H 'Origin: https://****************************.com' \ -H 'Referer: https://****************************.com/home?code=QW6wM5&state=*****************************************************%3D%3D' \ -H 'Sec-Fetch-Dest: script' \ -H 'Sec-Fetch-Mode: cors' \ -H 'Sec-Fetch-Site: same-origin' \ -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \ -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'sec-ch-ua-platform: "Windows"' \ --compressed ; curl 'https://****************************.com/assets/index-613a36d1.css' \ -H 'Accept: text/css,*/*;q=0.1' \ -H 'Accept-Language: en-US,en;q=0.9' \ -H 'Connection: keep-alive' \ -H 'If-Modified-Since: Mon, 02 Oct 2023 20:03:54 GMT' \ -H 'If-None-Match: "651b222a-22e0"' \ -H 'Referer: https://****************************.com/home?code=QW6wM5&state=*****************************************************%3D%3D' \ -H 'Sec-Fetch-Dest: style' \ -H 'Sec-Fetch-Mode: no-cors' \ -H 'Sec-Fetch-Site: same-origin' \ -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \ -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'sec-ch-ua-platform: "Windows"' \ --compressed ; curl 'chrome-extension://bkkbcggnhapdmkeljlodobbkopceiche/injectScript.js' \ -H 'Referer;' \ -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \ --compressed ; curl 'https://fonts.googleapis.com/css2?family=Mulish:wght@200;300;400;500;600;700;800;900&display=swa' \ -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \ -H 'Referer: https://****************************.com/' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \ -H 'sec-ch-ua-platform: "Windows"' \ --compressed ; curl 'https://api.loyverse.com/v1.0/receipts' \ -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \ -H 'Accept: application/json, text/plain, */*' \ -H 'Referer: https://****************************.com/' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'Authorization: Bearer f8466237695047479b21fdfd1369d34b' \ -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \ -H 'sec-ch-ua-platform: "Windows"' \ --compressed ; curl 'https://api.loyverse.com/v1.0/receipts' \ -X 'OPTIONS' \ -H 'authority: api.loyverse.com' \ -H 'accept: */*' \ -H 'accept-language: en-US,en;q=0.9' \ -H 'access-control-request-headers: authorization' \ -H 'access-control-request-method: GET' \ -H 'origin: https://****************************.com' \ -H 'referer: https://****************************.com/' \ -H 'sec-fetch-dest: empty' \ -H 'sec-fetch-mode: cors' \ -H 'sec-fetch-site: cross-site' \ -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \ --compressed ; curl $'data:image/svg+xml,%3Csvg width=\'25\' height=\'18\' viewBox=\'0 0 25 18\' fill=\'none\' xmlns=\'http://www.w3.org/2000/svg\'%3E%3Cpath d=\'M19.4127 6.4904C18.6984 6.26581 18.3295 6.34153 17.5802 6.25965C16.4219 6.13331 15.9604 5.68062 15.7646 4.51554C15.6551 3.86516 15.7844 2.9129 15.5048 2.32334C14.9699 1.19921 13.7183 0.695046 12.461 0.982805C11.3994 1.22611 10.516 2.28708 10.4671 3.37612C10.4112 4.61957 11.1197 5.68054 12.3363 6.04667C12.9143 6.22097 13.5284 6.3087 14.132 6.35315C15.2391 6.43386 15.3241 7.04923 15.6236 7.55574C15.8124 7.87508 15.9954 8.18975 15.9954 9.14193C15.9954 10.0941 15.8112 10.4088 15.6236 10.7281C15.3241 11.2334 14.9547 11.5645 13.8477 11.6464C13.244 11.6908 12.6288 11.7786 12.0519 11.9528C10.8353 12.3201 10.1268 13.3799 10.1828 14.6234C10.2317 15.7124 11.115 16.7734 12.1766 17.0167C13.434 17.3056 14.6855 16.8003 15.2204 15.6762C15.5013 15.0866 15.6551 14.4187 15.7646 13.7683C15.9616 12.6032 16.423 12.1505 17.5802 12.0242C18.3295 11.9423 19.1049 12.0242 19.8071 11.6253C20.5491 11.0832 21.212 10.2696 21.212 9.14192C21.212 8.01428 20.4976 6.83197 19.4127 6.4904Z\' fill=\'%23F44250\'/%3E%3Cpath d=\'M7.59953 11.7459C6.12615 11.7459 4.92432 10.5547 4.92432 9.09441C4.92432 7.63407 6.12615 6.44287 7.59953 6.44287C9.0729 6.44287 10.2747 7.63407 10.2747 9.09441C10.2747 10.5536 9.07172 11.7459 7.59953 11.7459Z\' fill=\'black\'/%3E%3Cpath d=\'M2.64217 17.0965C1.18419 17.093 -0.0034949 15.8971 7.72743e-06 14.4356C0.00352588 12.9765 1.1994 11.7888 2.66089 11.7935C4.12004 11.797 5.30772 12.9929 5.30306 14.4544C5.29953 15.9123 4.10366 17.1 2.64217 17.0965Z\' fill=\'black\'/%3E%3Cpath d=\'M22.3677 17.0965C20.9051 17.1046 19.7046 15.9217 19.6963 14.4649C19.6882 13.0023 20.8712 11.8017 22.3279 11.7935C23.7906 11.7854 24.9911 12.9683 24.9993 14.4251C25.0075 15.8866 23.8245 17.0883 22.3677 17.0965Z\' fill=\'black\'/%3E%3C/svg%3E%0A' \ -H 'Referer;' \ -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \ --compressed ; curl $'data:image/svg+xml,%3Csvg xmlns=\'http://www.w3.org/2000/svg\' class=\'h-6 w-6\' fill=\'none\' viewBox=\'0 0 24 24\' stroke=\'%23999\' stroke-width=\'2\'%3E%3Cpath stroke-linecap=\'round\' stroke-linejoin=\'round\' d=\'M21 21l-6-6m2-5a7 7 0 11-14 0 7 7 0 0114 0z\' /%3E%3C/svg%3E' \ -H 'Referer;' \ -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \ --compressed ; curl 'https://api.loyverse.com/oauth/token' \ -H 'authority: api.loyverse.com' \ -H 'accept: application/json, text/plain, */*' \ -H 'accept-language: en-US,en;q=0.9' \ -H 'content-type: application/x-www-form-urlencoded' \ -H 'origin: https://****************************.com' \ -H 'referer: https://****************************.com/' \ -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'sec-ch-ua-platform: "Windows"' \ -H 'sec-fetch-dest: empty' \ -H 'sec-fetch-mode: cors' \ -H 'sec-fetch-site: cross-site' \ -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \ --data-raw 'client_id=jvvDK-U6kQ7fFFfb3-ff&client_secret=*****************************************************%3D%3D&redirect_uri=https%3A%2F%2F****************************.com%2Fhome&code=QW6wM5&grant_type=authorization_code' \ --compressed ; curl 'https://api.loyverse.com/v1.0/receipts' \ -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \ -H 'Accept: application/json, text/plain, */*' \ -H 'Referer: https://****************************.com/' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'Authorization: Bearer f8466237695047479b21fdfd1369d34b' \ -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \ -H 'sec-ch-ua-platform: "Windows"' \ --compressed ; curl 'https://api.loyverse.com/v1.0/receipts' \ -X 'OPTIONS' \ -H 'authority: api.loyverse.com' \ -H 'accept: */*' \ -H 'accept-language: en-US,en;q=0.9' \ -H 'access-control-request-headers: authorization' \ -H 'access-control-request-method: GET' \ -H 'origin: https://****************************.com' \ -H 'referer: https://****************************.com/' \ -H 'sec-fetch-dest: empty' \ -H 'sec-fetch-mode: cors' \ -H 'sec-fetch-site: cross-site' \ -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \ --compressed ; curl 'https://api.loyverse.com/v1.0/receipts' \ -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \ -H 'Accept: application/json, text/plain, */*' \ -H 'Referer: https://****************************.com/' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'Authorization: Bearer f8466237695047479b21fdfd1369d34b' \ -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \ -H 'sec-ch-ua-platform: "Windows"' \ --compressed ; curl 'https://api.loyverse.com/v1.0/receipts' \ -X 'OPTIONS' \ -H 'authority: api.loyverse.com' \ -H 'accept: */*' \ -H 'accept-language: en-US,en;q=0.9' \ -H 'access-control-request-headers: authorization' \ -H 'access-control-request-method: GET' \ -H 'origin: https://****************************.com' \ -H 'referer: https://****************************.com/' \ -H 'sec-fetch-dest: empty' \ -H 'sec-fetch-mode: cors' \ -H 'sec-fetch-site: cross-site' \ -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \ --compressed Edited October 2, 2023 by OmniTech Link to comment Share on other sites More sharing options...
Jay Rock Posted October 3, 2023 Share Posted October 3, 2023 (edited) This one looks like works. GET https://api.loyverse.com/v1.0/receipts sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/plain, */* Referer: https://****************************.com/ sec-ch-ua-mobile: ?0 Authorization: Bearer ************************************ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Request with method OPTIONS returns an invalid token error. OPTIONS https://api.loyverse.com/v1.0/receipts authority: api.loyverse.com accept: */* accept-language: en-US,en;q=0.9 access-control-request-headers: authorization access-control-request-method: GET origin: https://****************************.com referer: https://****************************.com/ sec-fetch-dest: empty sec-fetch-mode: cors sec-fetch-site: cross-site user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 If you read about the OPTIONS method it's a pre-flight request from the browser. Without a proper response from the OPTIONS request, the browser won't send the main request with the GET method like/ receipts. Hopefully, we will fix this issue in the near future. We recommend avoiding sending pre-flight requests, or waiting until pre-flight requests will be fixed. Edited October 3, 2023 by Jay Rock Link to comment Share on other sites More sharing options...
Recommended Posts