Flickr API: API key keeps getting invalid? - api

I’ve a Flickr which I’m using to upload pictures from my phone and all images are public. On my blog I want to retrieve all the images to show and for that I’ve first tried to create an application to get my API key. I’m using the Flickr API flickr.people.getPublicPhotos. This API service is said to not require authentication and putting it all together I end up with this call:
http://api.flickr.com/services/rest/?method=flickr.people.getPublicPhotos&api_key=fc94274cd0335f3c171fe22c8490b7d9&user_id=5545356%40N04&extras=description%2Cdate_upload%2Cdate_taken%2Cowner_name%2Coriginal_format%2Ctags%2C+o_dims%2C+views%2C+media%2C+path_alias%2C+url_sq%2C+url_t%2C+url_s%2C+url_q%2C+url_m%2C+url_n%2C+url_z%2C+url_c%2C+url_l%2C+url_o&per_page=40&format=php_serial&api_sig=0c48e2b6b6d9a03521e5ca86a15cf471
The problem is that every around 10 hours I fails and returns the error message a:3:{s:4:"stat";s:4:"fail";s:4:"code";i:100;s:7:"message";s:31:"Invalid API Key (Key not found)";}
I tried to create the API call when logged in to Flickr and also with not logging in and in both cases I get the error message. It’s like the API key expires or stops working. Have a missed something on Flickr about the API key or what could cause this? It is really frustrating to renew the URL twice at day.
Thank you
Sincere
- Mestika

If I read the docs correctly, the &api_sig query string parameter is constructed using an authentication token, one that eventually expires. Remove that parameter (= do not sign your API request) and I think you'll be OK.

Mestika's comment seems correct. I was getting the same problem when using the API explorer. If you use your accounts API, or go in and create a new app, then use the API given for that, then the key doesn't change every few hours.
The url to request a key is:
http://www.flickr.com/services/apps/create/apply

I got the same problem.
This is how i solved it:
removed the auth_token and the api_sig parameters
replaced the api_key value with an app key
Hope this helps.

i met this issue before. with new api key, only accept https request.
Let's change your url to: https://api.flickr.com/services/rest/?method=flickr.people.getPublicPhotos&api_key.....
I am sure it will be work right know.
thanks

Related

Is there any way to get a Bearer token now, since Robinhood has changed the API again?

We keep playing this cat and mouse game with Robinhood.com. I have a trading app which used to trade stocks with Robinhood, but they keep changing the unsupported unofficial API to make it difficult for traders to use. I know that many people are doing the same thing and I want to reach out to them to see if there is a new answer. The latest problem is when I try to get a Bearer token using the URL https://api.robinhood.com/oauth2/token/ the API returns the following JSON: {"detail":"This version of Robinhood is no longer supported. Please update your app or use Robinhood for Web to log in to your account."}. This started happening on 4/26/2019.
Has anyone found a work around for this, yet, or have they finally beaten us into submission?
A more complete solution (not need browser):
Use requests.session.
Obtain the login page by making a GET request to "https://robinhood.com/login".
At this point the session's cookies will contain 'device_id'.
Obtain this device_id and use it in making the oauth2 token request to "https://api.robinhood.com/oauth2/token/" also add in the data request "challenge_type" (either "sms" or "email").
This request will fail with a 400 error code. Robinhood will send an SMS message or Email with a temporary (5 minute) code.
Also at this point use the 400 response's body to get "id" from "challenge" inside of the JSON object.
Confirm the challenge by making a POST request to "https://api.robinhood.com/challenge/CHALLENGEID/respond/" where CHALLENGEID is the same id mentioned in the first failed /oauth2/token/ POST request.
Make the same POST request to "https://api.robinhood.com/oauth2/token/" and include in the header "X-ROBINHOOD-CHALLENGE-RESPONSE-ID" with the value CHALLENGEID.
You can reuse a device_id with user/pass after this even after logging out.
Be cautious with storing device_id as it is the result of user/pass login and successful SMS/email 2FA.
Just got it working. At the risk of them seeing this post and changing it more, here we go:
First, you're going to want to log into your RH account in a web browser
View Source on the page, and look for clientId - it should be a big hex number separated by dashes
Add that number to your POST requests to /oauth2/token under the field device_token
There's probably another way to retrieve the device token, and I'm not even sure it's unique, but that way should work.
Good to be back here after a very long time.
Not sure if anyone is still looking for answers to this, but I have a very simple solution.
At Robinhood's login screen, enter your username/email and your password, press F12 on your keyboard to bring up the console panel and switch to the "Network" tab then wait for the page to load completely. (During this time you will see a list of items being loaded rapidly depending on the connection speed.)
At this time you can keep clearing the list by clicking on the button highlighted in the below image.
Click on button highlighted repeatedly until the list is empty
Now, log into your Robinhood account. At this point your console should display a list similar to the one shown below.
Look for the name "token/", most likely it will be the second one you get all the information you need. And this information will be under the Headers then Request Payload
I was able to find this with past knowledge and experience of web scraping for fun. And also, I needed to know this as well, since I recently started doing trades via Robinhood.
Hope this help you curious ones out there.
For my Robinhood account I am using Google Authenticator for my 2FA. What I have so far is that I send the original call that I was sending before to https://api.robinhood.com/oauth2/token/. This is giving me a response of:
{"mfa_required":true,"mfa_type":"app"}
I then repeat my oauth token request, but this time providing the value from Google Authenticator (so my GUI has to prompt me to fill it in) with this payload in the request to https://api.robinhood.com/oauth2/token/:
{"grant_type":"password","scope":"internal","client_id":"c82SH0WZOsabOXGP2sxqcj34FxkvfnWRZBKlBjFS","expires_in":86400,"device_token":"***","username":"***","password":"****","mfa_code":"***"}
and then I am getting an access token in reply

Trello API: Getting invalid token on all calls

I have a weird situation, which I hope you can help with.
I am trying to setup a simple Trello application. What I do are the following:
I go to https://trello.com/app-key and get my KEY
I go to https://trello.com/1/authorize?expiration=never&name=SinglePurposeToken&key=MYKEY for a permanent server to server key
I authorize
I get a token
Now I'm ready, but then when I want to make a call such as:
https://api.trello.com/1/boards/BOARDID/actions/?limit=2&key=MYKEY&token=MYTOKEN
I get "invalid token".
Reason I post here on StackOverflow, and not Trello support, is because I assume there is something basic I am doing wrong!
I was wrong about step 2).
I should use this link instead:
https://trello.com/1/authorize?expiration=never&scope=read,write&response_type=token&name=APPNAME&key=KEY
This gave the working token. All is well!

Implementing OAuth2 with Socrata API

I'm implementing the Socrata API to be able to parse publicly-available data from the City of Chicago open data set. I am really just concerned about the data itself, so I did not initially think that I would need to implement OAuth2 through an app exposed via ngrok to be able to GET the data.
My initial attempt was to take the GET requests mentioned in their documentation and try to get responses through Postman.
Here's an example of such an attempt:
I also added my Socrata App Token as a param in the querystring, but the same message was shown.
So I tell myself, ok, maybe they deprecated GET requests without making the client go through OAuth2. If they didn't deprecate these GET requests, I would prefer not to have to deal with OAuth2, but I began implementing the authentication process and everything went successfully until I got to the following instructions found here:
I have every single value that needs to be included in that POST request except for 'authorization_type'. Where does this come from? I tried leaving 'authorization_type' in as a string, but received a response similar to the 'Invalid username or password' message in the top image in this question.
Are you only accessing public datasets from Chicago's data portal? From your screenshot it looks like you're trying to access the Building Permits dataset, which is public.
Authentication is only required for modifying datasets or accessing private data, so chances are very good you don't even need to authenticate. Just include an application token with your request for throttling purposes.
Glad to help you figure out your OAuth workflow, but it sounds like it might be unnecessary.

To integrate with Silverpop

Can anyone guide how to integrate with Silverpop, using OAuth(tokens)?
I referred this link
connecting to web api using c#
and I was able to get access token. After this I don't know how to proceed.
Thanks.
Take a look at my github repo:
https://github.com/marcelluseasley/IBM-Marketing-Cloud-XML-API-Wrapper
It isn't finished, but I started working on an XML API wrapper for the Silverpop API. First of all, if you are trying to integrate with the API, you should be able to contact client support and get a copy of the API PDF.
In any case, you should have a client id, client secret, and refresh token. You will need these three things along with a header value of "refresh_token" for the "grant_type" header key.
So you will first sent a post to https://api(pod number).silverpop.com/oauth/token . This will return an access token in a json dictionary ("access_token").
Any subsequent calls made to the API endpoint (https://api(pod number).silverpop.com/XMLAPI will require that you pass this access token in the header section of your request:
"Authorization:" would be the header key and
"Bearer: (access token)" would be the header value
Looking at my code will make it clearer if you are using Python. Your best bet is to get a copy of the API documentation. You have to be a Silverpop client to get a copy though.
Good luck.
Check the follwing:
http://www.codeproject.com/Articles/758362/SilverPop-Integration
Follow the step by step guide.

LinkedIn OAuth Request with no Verifier

Introduction:
Hi everyone, i am currently writting a lib to make generic OAuth Requests in C#.
The first part, of getting a Token and a Token secret is working for Twitter and Linkedin already ( RequestTokens ), but as soon as i jump to the Authorization part it does not work for Linkedin,but it does for twitter.
Useful Informations
I am currently using a method to generate AUTHORIZATION_URL for the Request. For Example :
https://api.linkedin.com/uas/oauth/authorize?MyToken
Same for Twitter,using its own url. Both services are getting a correctly generated URL, and the window that pops up when i copy it in the browser is correcly.
After the user hits the button, different things happens depending on the service.
1 - Twitter : The browser redirects me to the Callback Page, and on the url there is a Verifier that i am currently parsing and storing it. Perfect.
2 - LinkedIn : In the sample i have,everything works just as twitter does, but when i use my own lib, there is no redirect for the callback url,instead, i am getting redirected to a url with a oob? tag, and a verifier number is shown in the screen, instead of appearing in the querystring.
Doubt:
What should i do to make sure that the OAuth method i will be using is the Normal one,instead of the Out Of Band method. I am making sure that the CALLBACK URL that i set in the lib, is being used for the Signature on the First Request (REQUEST_TOKEN STEP). Also, twitter works when i do this.
Any idea of whats happening ? Let me know if there is any useful information i can add to make sure that my question will be as complete as possible.
Thanks in advance
I solved it.
I forgot to add the Callback parameter to the Signature in the BaseGenerator,instead, it was commented.
Thanks anyways for everyone