{"id":1267,"date":"2016-03-22T21:46:04","date_gmt":"2016-03-23T04:46:04","guid":{"rendered":"https:\/\/officedevblogs.wpengine.com\/?p=1267"},"modified":"2021-11-15T11:34:11","modified_gmt":"2021-11-15T19:34:11","slug":"one-time-authentication-for-public-resource","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/one-time-authentication-for-public-resource\/","title":{"rendered":"One time Authentication for Public Resource"},"content":{"rendered":"

Hi there,\nThe current authentication mechanism is heavy for public image resources. When you retrieve a page content with authenticated token, the image URLs that are referenced still need to have OAuth token added whenever you request them. We heard people from\u00a0UserVoice Forums<\/a>\u00a0want OneNote APIs support preAuthenticated image URLs from a OneNote page that a browser can GET. This new API feature is available now!\nOnce the user has sent an authenticated Page Content Resource request with parameter “preAuthenticated” set to true, it allows browser to fetch the image resource without authentications for a limited time. Its response will contain the public resource URL in a format that shows the resource is a public resource and its content type accordingly. This public resource URL will be available for 1 hour without the need for additional authentication!<\/p>\n

How can you trigger this feature? Follow these steps<\/strong>:<\/p>\n

1. Get the ID of the page with image resources.\n2. Send GET page content request with preAuthenticated parameter, for example:\nGET\u00a0https:\/\/www.onenote.com\/api\/v1.0\/me\/notes\/pages\/{pageId}\/content?preAuthenticated=true<\/a>\n3. A response with 200 means it is a successful return. And you can find a resource URL link looks like this:\nhttps:\/\/www.onenote.com\/api\/v1.0\/me\/notes\/resources\/{resourceId}\/content?publicAuth=true&mimeType=image\/jpeg<\/a><\/p>\n

4. The response contains headers with expire UTC datetime and content type of the resource:\nX-ResourceExpires: 3\/21\/2016 11:08:27 PM\nContent-Type: image\/gif\n5. Now this resource URL is available for 1 hour without the need for additional authentication.<\/p>\n

Supported Scenarios:<\/strong>\n\u2022 Windows Live Account\n\u2022 Office365 Account with Me\/Users\/Group\/Site scenarios<\/p>\n

Remarks:<\/strong>\nThe UTC datetime info in header “X-ResourceExpire” shows the exact datetime that the URL is going to expire. Please note that the datetime is set in the header when you request the resource. The actual expire time could be changed if you send the Page Content Resource request with “preAuthenticated=true” again, which will refresh the expiration time with another one hour extension. So you could get different datetime for different resource requests, if you have multiple Page Content Resource calls on the same page in between. The actual expiration time will be the latest one.<\/p>\n

Examples:<\/strong>\n\u2022 Page Content Resource request:\nGET\u00a0https:\/\/www.onenote.com\/api\/v1.0\/me\/notes\/pages\/{pageId}\/content?preAuthenticated=true<\/a><\/p>\n

\u2022 Page Content Resource response:\nimg alt=”Rainier.gif” width=”279″ height=”236″ src=”https:\/\/www.onenote.com\/api\/v1.0\/me\/notes\/resources\/{resourceId}\/content?publicAuth=true&mimeType=image\/gif” data-src-type=”image\/gif” data-fullres-src=”https:\/\/www.onenote.com\/api\/v1.0\/me\/notes\/resources\/{resourceId}\/content?publicAuth=true&mimeType=image\/gif” data-fullres-src-type=”image\/gif”<\/p>\n

\u2022 Preauthenticated Resource Retrieval request:\nGET https:\/\/www.onenote.com\/api\/v1.0\/me\/notes\/resources\/{resourceId}\/content?publicAuth=true&mimeType=image\/jpeg<\/p>\n

\u2022 Preauthenticated Resource Retrieval response:\nX-ResourceExpires: 3\/21\/2016 11:08:27 PM\nContent-Type: image\/gif<\/p>\n

References:<\/strong>\n\u2022 Get page content request:\u00a0http:\/\/dev.onenote.com\/docs#\/reference\/get-pages\/v10menotespagesidcontentincludeids<\/a>\n\u2022 Construct the request URI for Me\/Users\/Group\/Site scenario:\u00a0https:\/\/msdn.microsoft.com\/office\/office365\/howto\/onenote-get-content#request-uri\n<\/a>\u2022 Add images and files to OneNote pages:\u00a0https:\/\/msdn.microsoft.com\/en-us\/office\/office365\/howto\/onenote-images-files\n<\/a>\nLet us know what you think on\u00a0UserVoice<\/a>, contact us on twitter\u00a0@onenotedev<\/a>, or ask questions tagged onenote on\u00a0Stack Overflow<\/a><\/p>\n

Have fun,\nLinda<\/p>\n","protected":false},"excerpt":{"rendered":"

Hi there, The current authentication mechanism is heavy for public image resources. When you retrieve a page content with authenticated token, the image URLs that are referenced still need to have OAuth token added whenever you request them. We heard people from\u00a0UserVoice Forums\u00a0want OneNote APIs support preAuthenticated image URLs from a OneNote page that a […]<\/p>\n","protected":false},"author":69223,"featured_media":25159,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[11],"tags":[71],"class_list":["post-1267","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-office-add-ins","tag-onenote"],"acf":[],"blog_post_summary":"

Hi there, The current authentication mechanism is heavy for public image resources. When you retrieve a page content with authenticated token, the image URLs that are referenced still need to have OAuth token added whenever you request them. We heard people from\u00a0UserVoice Forums\u00a0want OneNote APIs support preAuthenticated image URLs from a OneNote page that a […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts\/1267","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/users\/69223"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/comments?post=1267"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts\/1267\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/media\/25159"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/media?parent=1267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/categories?post=1267"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/tags?post=1267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}