Get an access token from sign now REST APIs?

Question

I followed this procedure. https://techlib.barracuda.com/CudaSign/RestEndpointsAPI

This is my C# code to get an access token.

        string userData = "username=email@domain.com&password=mypassword&grant_type=password";
        HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://signnow.mydomain.com/api/index.php/oauth2/token");
        request.Accept = "application/json";
        request.Method = "POST";
        request.ContentType = "application/x-www-form-urlencoded";
        request.Headers.Add("Authorization", "Basic " + userData);

        var response = request.GetResponse() as HttpWebResponse;

        if (response.StatusCode == HttpStatusCode.OK)
        {
               //JSON output.
        }

The following error I got:

      The remote server returned an error: (400) Bad Request.

I know this is because of wrong pattern. Can you please help me in getting an access token from sign now?

Thanks in advance!!!

cURL Request:

string data = "username=email@domain.com&password=mypassword&grant_type=password";

 WebRequest myReq = WebRequest.Create(myURL + "oauth2/token");
 myReq.Method = "POST";
 //myReq.ContentLength = data.Length;
 myReq.ContentType = "application/x-www-form-urlencoded";

 UTF8Encoding enc = new UTF8Encoding();

//myReq.Headers.Add("Authorization", "Basic " + Convert.ToBase64String(enc.GetBytes(data)));
 myReq.Headers.Add("Authorization", "Basic " + data);
 WebResponse wr = myReq.GetResponse();

Answer 1

As far as I can see, the user data should be sent within the payload and not within the header Authorization. The client credentials (ENCODED_CLIENT_CREDENTIALS) must be something associated to your global account on Barracuda.

I suggest you to test your request using curl since the documentation of the tool use it:

curl -H 'Authorization: Basic ENCODED_CLIENT_CREDENTIALS'
   --data 'username=user@test.com&password=test&grant_type=password&scope=user%20documents%20user%2Fdocumentsv2' https://capi-eval.signnow.com/api/oauth2/token

The command parameter --data corresponds to the payload of the request POST.

To fix your problem, you shoud update your code as described below:

string encodedUserCredentials = 
    Convert.ToBase64String(
       System.Text.ASCIIEncoding.ASCII.GetBytes("user:password")));
string userData = "username=email@domain.com&password=mypassword&grant_type=password";
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://signnow.mydomain.com/api/index.php/oauth2/token");
request.Accept = "application/json";
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
request.Headers.Add("Authorization", "Basic " + encodedUserCredentials);

StreamWriter requestWriter = new StreamWriter(request.GetRequestStream());
requestWriter.Write(userData);
requestWriter.Close();

var response = request.GetResponse() as HttpWebResponse;

To know what to put within the variable encodedUserCredentials (i.e. values of user and password), see this doc https://techlib.barracuda.com/CudaSign/RestEndpointsAPI#, section "Security and Access Control".

See these two links for more details:

• How to pass POST parameters to ASP.Net web request?
• How to send authentication header in ASP.Net for set of web request

Hope it helps you, Thierry

Answer 2

Ok, this may not be the most elegant solution, but I am new to all this. Also I apologize about it being in vb instead of C#

Public Class iqAPI
Public Shared Function postRequest(ByVal url As String, ByVal toSerialize As String, strHeader As String) As DataTable
    Dim wHeader As WebHeaderCollection = New WebHeaderCollection
    wHeader.Clear()
    wHeader.Add(strHeader)
    Dim wReq As WebRequest = WebRequest.Create(url)
    Dim postData As String = JsonConvert.SerializeObject(toSerialize)
    Dim byteArray As Byte() = Encoding.UTF8.GetBytes(postData)
    wReq.Headers = wHeader
    wReq.Method = "POST"
    wReq.ContentType = "application/x-www-form-urlencoded"
    wReq.ContentLength = byteArray.Length

Dim dataStream As Stream = wReq.GetRequestStream()
dataStream.Write(byteArray, 0, byteArray.Length)
dataStream.Close()

Dim wResp As WebResponse = wReq.GetResponse()

MsgBox(CType(wResp, HttpWebResponse).StatusDescription)
dataStream = wResp.GetResponseStream()
Using reader As New StreamReader(dataStream)
    Dim respFromServer As String = reader.ReadToEnd()
    Dim dtCudaClient As DataTable = JsonConvert.DeserializeObject(Of DataTable)("[" & respFromServer & "]")
    MsgBox(dtCudaClient.Rows(0).ToString)
    iqSTAMP.gvCudaClients.DataSource = dtCudaClient
    reader.Close()
    dataStream.Close()
    wResp.Close()
    Return dtCudaClient
End Using
Return Nothing
End Function

A couple things to note, I overloaded this to use an object instead of the string for the toSerialize. It seems when you create a user, you have to have it in a json format and when you are getting a Token you use the above method passing a string the way you have it. I couldn't figure out the create user without having an object that got Serialized into json. As far as the Encoded_Client_Credentials, that is supplied by CudSign. I am currently trying to figure out how to POST a file to them without much luck. Hope you have an easier time than me.

Answer 3

var client = new RestClient("https://api-eval.signnow.com/oauth2/token");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/x-www-form-urlencoded");
request.AddHeader("authorization", "Basic BASE64_ENCODED_CLIENT_ID:CLIENT_SECRET");
request.AddParameter("application/x-www-form-urlencoded", "username=EMAIL&password=PASSWORD&grant_type=password", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);

It looks like you are hitting the wrong endpoint to me but not 100% sure. I added the code that works for me in getting the correct response, minus some minor info. Let me know if this helps if not I am happy to help get the correct response.

Side note: might need to clear cache if anything could be saved from previous attempts.

Side note: you do not need to specify the scope if you are getting an unrestricted access token.