In general it would be great to get some sort of description of all possible errors returned by the API for any particular request. This would make implementations much more reliable and would improved the application feedback for the user.
Imagine that we need to display localized error messages to the user and not only "Request failed with error code xxx".
A good example is this error {"error":"flattr_once","error_description":"You are not allowed to flattr this thing more than once this period","error_uri":"http:\/\/developers.flattr.net\/api"}. There is no mention of it in the documentation, but an application needs to make sense of that and maybe refrain from giving the user the option to flattr this item in the future.
This is some responses I found when flattering around:
403 {"error":"flattr_once","error_description":"You are not allowed to flattr this thing more than once this period","error_uri":"http:\/\/developers.flattr.net\/api"}
401 {"error":"no_means","error_description":"You don't have any money to flattr with","error_uri":"http:\/\/developers.flattr.net\/api"}
{"error":"flattr_owner","error_description":"You are not allowed to flattr your own thing","error_uri":"http:\/\/developers.flattr.net\/api"}
There are several error descriptions in the developer documentation. For example error responses when a flattring failed and the standard errors that are universal to many of the resources.
Related
I was building my API when this question came out:
I am making an API to set or get stuff, for the example i try to set but i have two field with error, what's the best way to answer the errors ?
Answer only one error ?
Answer all the errors ?
In my opinion, answer all the errors is the best solution but not for my boss .
What's the best for this kind of work ?
Definitely all validation errors should be pass back to client.
Moreover, you should specify code of errors, while error message can vary for different situation. Standard error codes can help you to create
tests for your api.
Also you should add versioning for your api from the beginning, because when you open your api for clients it should be stable. And incompatible changes can be done only in next version
of your api
Does anybody know where documentation for the Metacritic api is/if it still works. There used to be a Metacritic API at https://market.mashape.com/byroredux/metacritic-v2#get-user-details which disappeared today.
Otherwise I'm trying to scrape the site myself but keeping getting a blocked by a 429 Slow down. I got data like 3 times this hour and haven't been able to get anymore in the last 20 minutes which is making testing difficult and application possibly useless. Please let me know if there's anything else I can be doing to scape I don't know about.
I was using that API as well for an app I wrote a while ago. Looks like the creator removed it from Mashape. I just sent him an email to ask whether it'll be back up. I did find this scraper online. It only has a few endpoints but following the examples given you could easily add more. Let me know if you make any progress!
Edit: Looks like CBS requested it to be taken down. The ToS prohibits scraping:
[…] you agree not to do the following, or assist others to do the following:
Engage in unauthorized spidering, “scraping,” data mining or harvesting of Content, or use any other unauthorized automated means to gather data from or about the Services;
Though I was hoping for a Javascript way of doing this, the creator of the API also told me some info.
He says I was getting blocked for not having a User agent in the header and should use a 429 handling procedure i.e. re-request with longer pauses in between.
A PHP plugin available as well: http://datalinx.io/shop/metacritic-api/
I had to add a user agent like JCDJulian said and now it allows me to scrape. So for Ruby:
agent = Mechanize.new
agent.user_agent_alias = "Mac Firefox"
Then it stopped giving me the 403 Forbidden error.
Is it a bad practice when writing a RESTful API to use custom HTTP response codes like:
417 - Password not provided
418 - Database error
I see there is a list of standard HTTP response codes. However, from looking at Twitter's API, it appears Twitter tries to return standard HTTP response codes when available but their own error codes when they cannot align the error with a standard HTTP response (correct me if I am wrong).
What is the best practice for response codes (especially for errors) while creating a RESTful API? Any comments on the practice which Twitter chose to use?
Yes, yes it is bad practice... mostly.
One of the tenets of REST is that you work with the underlying protocols, as such HTTP has already defined a good set of response codes.
However, not every situation is catered for perfectly. Take Twitters 'arrest your calm', that response code is used when the request was valid, it simply is not being handled due to too many request being made.
I don't see another response code that quite matches that. The other two options are to either lie, and tell the user the request failed for some other response or give a generic 400 'you did something bad' (then in the body give a more detailed explanation).
I would favour using the generic X00 codes, and use headers or the body to add more detail about what actually went wrong. This at least conforms better to standards and less brittle.
Note though, it is terrible to take an existing error code, and repurpose it. 404 should always be used only for 'not found' errors. Don't start using it because the user can't make that request at this time of day.
The problems in using your own codes are:
The code you choose may get officially assigned to something completely different, and that could break your API in the future. (e.g. compare a 306 with a 301)
Intermediaries don't know what your code means, so cannot optimise anything. The internet works so well because it is a distributed system, not an end-to-end system.
There are generic responses for each category, x00, which should be used if nothing better exists.
You can send your own more specific error code in either the response body or (not as good) a response header. There should be no need to make up your own codes. If you have truly found something that would benefit the rest of the internet and no-one else has thought of until now, you can always submit an Internet Draft to the IETF (this is fairly easy to do).
I would not hold up Twitter as a shining example of good internet practice, though. :)
I'm trying to retrieve a user timeline from Twitter using YQL's community Twitter table. The full REST url is
https://query.yahooapis.com/v1/public/yql?q=SELECT%20*%20FROM%20twitter.status.timeline.home%20WHERE%20oauth_consumer_key%20%3D%20'kt9wDTrDREjXzRhBMpw'%20AND%20oauth_consumer_secret%20%3D%20'zNnA76G3NhZSeaJdRv7munbyutlcqK8k0hazf6JrEo'%20AND%20oauth_token%20%3D%20'195tuy9661-yJFEsgA0VPCwg6gsNHtuy2y2Kq2LwTdKe4BRYa4j'%20AND%20oauth_token_secret%20%3D%20'myWfyDTtOHscMmJy6tuyU1XDyiZJiIIRkK7sIPvT2ngI'&diagnostics=true&env=store%3A%2F%2Fdatatables.org%2Falltableswithkeys
(keys have been mangled to protect the guilty)
The response I get is:
The current table
'twitter.status.timeline.user' has
been blocked. It exceeded the allotted
quotas of either time or instructions
As I seem to be doing the querying correctly, I'm at a bit of a loss as to why I should get this response, particularly since it works as it should through the YQL console. The only thing I can think of is that I need to authorize my query somehow with an API key, or oAuth credentials, but I haven't been able to find a comprehensible example of how to do this.
Can anyone possibly point me in the right direction on this? YQL's community tables seem to offer a marvelous way to do very complicated things with ease, so I'd hate to fall at the last hurdle so to speak.
According to the twitter docs the call to this API endpoint is supposed to return the last tweets from the authorized user, right? Not from any kind of user. Just checking that this is really what you want to achieve.
From: http://dev.twitter.com/doc/get/statuses/home_timeline
Returns the 20 most recent statuses,
including retweets if they exist,
posted by the authenticating user and
the user's they follow. This is the
same timeline seen by a user when they
login to twitter.com.
This is the definition of the datatable that you are using. I am a bit confused about the #id parameter in the example of that datatable because I don't see it being used anywhere.
www.datatables.org/twitter/twitter.status.timeline.home.xml
The error message you get sounds like an internal YQL error message and not like something that comes from Twitter, doesn't it?
Sorry for not being able to provide answer right now but maybe raising other related questions can help somebody else or you to figure it out. If I crack this later I will add to this again.
Authorize.net offers a "Silent POST" feature for their Automated Recurring Billing. It's supposed to POST data to a url of your choosing, telling you whether they were able to charge the customer, how much, etc. The problem is, it isn't very well documented.
Is there any way to test a post to that URL? I've signed up for a developer account, but there's no way to specify that URL like you could in the actual system. Hence, there doesn't seem to be a way to test it out.
If not, is there a list of possible values it could return? It appears to send x_first_name, x_amount - I've seen code that uses those values - but since I can't actually get it to send a response, I'm not sure.
Is there documentation for this feature anywhere? Or even class that implements it fully?
Better late then never: All About Authorize.Net’s Silent Post
I have not seen much on it only for AIM and SIM, you might just give them a call.
Log in to your Authorize.Net order processing account, and click on the Settings link (under ACCOUNT, in the left column). Then click on the "Silent Post URL" link in the Transaction Format Settings area. You can enter your silent post URL on the next page. The next page also contains a link to the documentation explaining the technical details. HTH
Here's a few more (somewhat) useful posts I found on the subject.
Merchant Account Services - gives some limited sample code (PHP)
Experts Exchange - lists a few helpful variables, gives an idea of what's being sent (ASP).
You still have to call your account rep for them to activate Silent Post URL with your account because that is not something that is enabled automatically
Our clients use the following tool to test silent post url requests sent from the Authorize.Net gateway.
Simply add the following url to your silent post settings and change the email address for the results to be delivered to an email of choice.
URL:
http://www.silentposturl.com/action/email/index.php?support#silentposturl.com