Avaya ACR Search and Replay API : 401 Insufficient Rights - avaya

I am trying to play back a call using the Search and Replay API on Contact Recorder. I have set up the API user in the ACR Admin interface, giving it roles "May use external API's, May export recordings as files". I have also given it rights to play back all recordings ("000000-999999").
Using the HTTP request, it looks like my authentication is passing. When I use an incorrect password, I get "401 Unauthorized", and when using the correct password, I get "401 Insufficient rights".
Is there anyone that can give me a hint on where to look or roles that I might have missed?

Found my own solution:
The actual problem was an incorrect INUM, although the server returned "insufficient rights".
I looked up a test INUM in the database, and tried testing with that. The correct way is to search for the INUM using the API, and then play back the recording using the details retrieved. Do not look up an INUM in the database and expect it to be retrievable through the API.
One possible reason might be that the INUM retrieved from the database might be a screen recording, or a segment of another recording, which is unplayable.


Transparently Get Facebook Profile Pictures

I'm just getting into the Graph API and am having having a hard time trying to figure out if/how I can go about showing MY profile albums on My website with out having to have the user log into facebook. I'm getting thrown off with the access token...I realize I can retreive an access token to retreive my photos if I have someone log on to the site, but I want it to be transparent, using my credentials through code (securely) some how if necessary.
How can I accomplish this? I'm looking for a general conceptual explaination, but pseudo code never hurts. Can any one clear it up for me a little?
Facebook Javascript Sdk
Mirosoft MVC
Facebook C# Sdk
There's no way, that I'm aware of, to do that.
Facebook apps treat all users the same, you can't have special privileges for your user.
If your user is public then you should be able to get all of the public using an application access token which does not expire.
If that's not the case then you have two options as I see it.
Use the server side authentication with your user, or extend a valid token (a method to replace the deprecation of the "offline_access" permission), that will get you a long lived token, about 60 days, and in that time frame you can then get your data from facebook.
Then when that expires re-authenticate in the same way and get another 60 working days, etc.
Another approach is to authenticate as yourself and then have your app save the data, then present it from your own db.
Be sure to update the data every once in a while.

Implementing OAuth 2.0 Authentication for My API

I've been using the Facebook Graph API (uses oauth 2.0 for authentication) successfully for a while now. I now need to write my own API which allows developers to connect to it in a similar fashion. I've looked into various libraries but i'd like something a little leaner so i've decided to roll my own. Looking at the code i have to authenticate a user on facebook it looks relatively simple but please correct me if i'm going off track.
First i would need to provide a secure page which the consumer would need to redirect to. eg https://api.mydomain.com/oauth/authorize?client_id=CONSUMER_KEY&redirect_url=CALLBACK_URL. The user would verify the application then i would redirect back to the url provided in the callback url with the oauth_token in the query string. I suppose i could just generate a random unique string here for the oauth_token and store it against the user for this particular consumer (EDIT: Please see the answer below, this should be unique for each consumer application and not the user).
That's step 1 out the way. I now need to provide a second secure page which the consumer would trigger a web request to. eg https://api.mydomain.com/oauth/access_token?client_id=CONSUMER_KEY&client_secret=CONSUMER_SECRET&oauth_token=OAUTH_TOKEN_RETURNED_ABOVE. This would allow the consumer to exchange the oauth_token returned above for an access token. I would again simply generate a random unique string and store it against the user for this particular consumer.
Now my API would accept the access_token for methods which try to grab information specific to the user who is using it.
I'd like to know if i've understood things correctly. The OAuth 2.0 spec seems extremely trivial if that's the case. Also why do we have to exchange the oauth_token with an access_token? I have my own idea but i'd appreciate it if someone could help clarify this.
I'd really appreciate your feedback as i don't wish to go ahead and waste hours implenting this when it's completely wrong.
Actually protocol flow diagrams would be extremely helpful for visualizing specs like that of OAuth 2 but there are only some partials works out there. As I've just implemented a client-side only OAuth 2 library, I can verify that you're on the right track. But here is a catch:
oauth_token belongs to your client application (i.e. a desktop facebook reader) which authenticates your application (just like an ID). You submit this to get back a access_token, which is specific to your application and logged in user, which allows you to access restricted resources related to the user.
Here is a basic desktop app authentication process (taken from: http://developers.gigya.com/020_Developer_Guide/85_REST/OAuth2)
Actually a flow digram with timeline (from top to bottom, taken from: http://www.ibm.com/developerworks/web/library/wa-oauthsupport/?ca=drs-)
And finally the full procedure is: (taken from http://h2anetwork.org/ProjectDocs/DPI/DPI_Framework.html)

Getting my organisation's events

Through Github's API (and logged in with my user), I'm trying to get the events (or activity) of my organisation. I think I've got it right. So far I'm using this request URL:
If I use "github" as :org, I get the stream alright, but if I use my organisation name it responds with an empty array. From what I understad it's because of the private settings of the organisation.
Now, how can I get my stream, using my authenticated user, without changing my organisation's privacy settings?
Thanks for any help
OK found it: https://developer.github.com/v3/activity/events/#list-events-for-an-organization
The proper request is at: GET /users/:username/events/orgs/:org
Who would have believed you need to go through a user, to get an organisation's events..?

Netflix API simple query for queue

I am playing with the Netflix API. I am confused on what they want as the 'UserID'. (for a protected query)
I am sending in this string (after authentication) to get the User's queue:
This is return from authentication (not the real token) but what part of it is the userID?
Maybe I am not even approaching it from the right angle. Any documentation or code I have found glosses over that part (My netflix ID doesn't work and I assume it should be part of the oauth token I get back, not my normal netflix ID)
Its a bit old question, but you need to get access token which will give you userid.
You can get access token when user agrees that your application can access his netflix account by calling API
These information you will later use for communcation with api.
Hope it helps.
Find more here: http://developer.netflix.com/docs/read/Security part Send Us the Subscriber’s Authorized Request Token

Is it possible to retrieve a list of Facebook Friends via Server Side?

I have no idea how to start to retrieve my facebook friends using the facebook API. First of all, please don't say: go read the faq / manual (aka Graph API). I've tried to do that.
Secondly, I'm doing TDD so i want to start with my test cases.
At first, these will be integration tests because I have to integrate the real life facebook api. That's kewl.
After that works, I'll mock out these tests to make them unit tests.
So this is why i'm stuck and flummoxed.
Can anyone help me out, please?
Please assume that I have a Facebook account (eg. email + password) so I can authenticate and then use the access token to get my friends.
Thanks in advance :)
I also do have an FB App already setup (eg. app id / app secret).
The first thing that you need to do to get the list of friends, or any other api request on the behalf of the user, is to authenticate the user and get a user access token.
There are two authentication flows:
Client-Side: will result with a short lived access token (expires within a few hours) which you can then extend (on the server side) for a long lived using the new endpoint.
Server-Side: results with a long lived access token for about 60 days.
It will probably be hard to do that with TDD (at least at first), and so you might want to use one of the following facebook tools which will generate the access token for you:
Access Token Tool: gives you a list of `access tokens for all your apps bound to your own user'. Per application you get both a user token and an app token.
Graph API Explorer: Select your application at the top right corner and then click the "Get Access Token" button, then select the permissions you need and approve it, when the dialog closes you'll see the access token in the field.
With the access token that you get you can start querying the api.
To get the list of friends simply issue a request to me/fiends as explained in the Friends connection of the User object documentation.
I'm not a C# developer, but I'm aware of this C# SDK for Facebook, it should (like all other facebook SDKs) have implemented most of the work for you for sending the api requests and parsing the returned data.
From a quick look at their getting started documentation it should look something like:
var accessToken = "THE ACCESS TOKEN YOU HAVE";
var client = new FacebookClient(accessToken);
dynamic me = client.Get("me/friends");