I am unable to make any /media/search calls to the Instagram api without getting errors.
In firefox, the endpoint
https://api.instagram.com/v1/media/search?lat=48.858844&lng=2.294351&?access_token=VALID_ACCESS_TOKEN
(Where VALID_ACCESS_TOKEN, is a valid access token that works successfully with other api calls.)
I get the following output
{"meta":{"error_type":"OAuthParameterException","code":400,"error_message":"\"client_id\" or \"access_token\" URL parameter missing. This OAuth request requires either a \"client_id\" or \"access_token\" URL parameter."}}
I can't make sense of this error, since clearly, the access token is present in the url.
Could it be some weird character encoding issue?
Just a quick look at your URL and it looks like you have an extra ? in there before the access_token parameter.
https://api.instagram.com/v1/media/search?lat=48.858844&lng=2.294351&access_token=VALID_ACCESS_TOKEN
The first ? tells it to accept parameters, and then each param is separated by &. You shouldn't need any more ?'s and they may actually cause it to parse incorrectly.
Related
Is it possible to customize URL for client ?
In detail, currently working on API project where I need to give API url, suppose actual URL like this
https://XYZ.ie/TA/sdv/sbhdv/j/ksd/filter=%sdvnj3d'2343'
Now I don't wish to show the actually locations and parameters names, also the actual URL is to long. so I'm willing to customize like
https://example.com/j/sdvn='23423'
so client would call above URL and initial URL could trigger.
I tried by changing the current values of variable in postman, didn't work.
Also would like to ask, does postman token expires after certain period?
I try to use Invidious API with authenticated route. For this, i've generated new token with this URL : https://invidio.us/authorize_token?scopes=GET:preferences.
The response is like this : {"session":"v1:XXXXX","scopes":["GET:preferences"],"signature":"XXXX"}
But, the token generated (session) don't work. I try with simple GET on preferences route, and i've an error Request must be authenticated :(
Anyone have already use their API and work with auth route ?
Thank you !
I've actually been struggling with this the past week, and I even deployed a self hosted instance because I thought that would fix it... I was wrong of course.
Here's how the Authentication header should look like:
Authentication: {"session":"v1:XXXXX","scopes":["GET:preferences/*"],"signature":"XXXX"}
The full token is the json that is provided.
The scope needs to include a * or a specific identifier for example in the case of playlists as mentioned in the examples here . So your authorize_token request should look like:
https://invidio.us/authorize_token?scopes=GET:preferences*
or
https://invidio.us/authorize_token?scopes=GET:preferences/*.
If you want all scopes that would be :*. Make sure not to forget the colon.
When I'm calling the "search API" from AngelList (https://angel.co/api/spec/search) with the following URL:
https://api.angel.co/1/search?query=barack&type=Locations&callback=?access_token=707cfhgbdae43060876388ac584bf4cf4fdb
The result gives me an error: {"error":"access_denied","error_description":"You must pass in an access token when making this request."}
I'm not sure why this is happening because when I'm calling other APIs with the same access_token, these run successfully.
How I can solve this situation?
I think you have a typo in your URL. You need an extra & character for the access_token parameter. And probably you can remove your callback parameter as at this point you can retrieve the data from the response message.
Your URL should be like this:
https://api.angel.co/1/search?query=barack&type=LocationTag&access_token=707cfhgbdae43060876388ac584bf4cf4fdb.
It solved my problem at least :).
The logic looks circular to me(although I know I'm missing something)
I want to use this:
https://dev.twitter.com/docs/auth/pin-based-authorization
But in order to make the url to send the user to get the pin you need an "oauth_token" :
https://dev.twitter.com/docs/api/1/get/oauth/authorize
But to get the "oauth_token" you need a:
https://dev.twitter.com/docs/api/1/post/oauth/request_token
But that at the bottom shows it needs an "oauth_signature"
Well, an "oauth_signature" requires an "oauth_token"
( https://dev.twitter.com/docs/auth/creating-signature ) which you don't have, making impossible to get an "oauth_token" because you need one to get one.
What am I missing here? I mainly just want to find out how to get that initial url for the PIN-based authorization, so I need that first "oauth_token" somehow.
There are two different types of oauth tokens - let's call them request tokens and normal tokens. Request tokens are used for the authentication, then once the authentication is done you get normal oauth tokens.
Calling oauth/request_token will generate a request token for you, which is a temporary token used for the actual authentication. Once that's done you have the normal tokens.
set the callback URL both https://apps.twitter.com/ and in your code
. It is working for Me.
oauthCallback:#"myapp://twitter_access_tokens/"
I'm trying to search Netflix through their API, but without logging anyone in (because I want to do this on the back-end, not necessarily related to any user action). I'm just starting off with their API so please forgive me if I'm doing something completely stupid. Here's the URL I'm trying to access:
http://api.netflix.com/catalog/titles/?oauth_consumer_key=MY_CONSUMER_KEY&oauth_token_secret=MY_SECRET&term=fight+club
However, that gives me a 400 Bad Request error. Is there no way to browse/search the Netflix catalog without having a user first sign in to my application? Or am I doing something wrong?
Note: I'm accessing said URL through my browser, since I only want to perform a GET request, which is what a browser does by default.
When using OAuth you need to compute a signature for the request, even if you're using 2-legged authentication which just uses your shared-secret and no user token (this means that your application is logged in, but no user is logged in).
If it's an HTTP (as in non-SSL) URL then you need to be using the HMAC-SHA1* signature method rather than PLAINTEXT because you don't want your consumer secret being passed across the wire in plain text.
If they allow an HTTPS URL then you can use the PLAINTEXT method, but you'll still need to calculate it as per https://datatracker.ietf.org/doc/html/draft-hammer-oauth-10#page-27 and pass that as the oauth_signature query string parameter instead of passing oauth_token_secret. Note that you'll also need to pass oauth_signature_method=PLAINTEXT as a parameter too.
Also, it might be worth looking at the response that comes back. If they implement the OAuth Problem Reporting extension then that could give you some help with what's wrong.
*or another method that encryptes your shared secret