Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Vanilla API

2

Comments

  • edited January 2014

    @kasper, I am still stuck on Invalid Token error. On further checking I found that the Token created from the calling script changes while refreshing the page whereas signature generated from the authenticateRequest is the same. So it never matches. What could be the reason?

  • KasperKasper Vanilla Staff

    The token is supposed to change between every request as it's dependant on a timestamp. Please let me know (in code) exactly how you're generating the token and what the request you're sending off to the server looks like. I've used the token-based authenticating system for the past few months with great success and can verify that it works just as intended.

    Kasper Kronborg Isager (kasperisager) | Freelance Developer @Vanilla | Hit me up: Google Mail or Vanilla Mail | Find me on GitHub

  • @kasper I use the following code:

         $date = new DateTime();
         $dtimestamp= $date->getTimestamp();
    
      $secret='xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx';
        $Request = array();
        $Request['username'] = 'admin';
        $Request['email'] = 'admin@admin.com';
        $Request['timestamp'] = $dtimestamp;
    
             ksort($Request, SORT_STRING);
             // Delimit the data values with a dash
              $Request = implode('-', $Request);
    
               $Token = hash_hmac('sha256', strtolower($Request), $secret);
               $username='admin';
            $email='admin@admin.com';
    
            $curl_handle=curl_init();
             curl_setopt($curl_handle,CURLOPT_URL,'http://127.0.0.1/vanilla/api/discussions/');
                 $frequest = "username=$username&email=$email&timestamp=$dtimestamp&token=$Token";
                 curl_setopt($curl_handle, CURLOPT_POSTFIELDS, $frequest);
                 $buffer = curl_exec($curl_handle);
               curl_close($curl_handle);
                    if (empty($buffer)){
                            print "Nothing returned from url.<p>";
                               }
                        else{
                              print $buffer;
                       }
    
  • KasperKasper Vanilla Staff
    edited January 2014

    You're sending the data as POST fields - that's not what you're supposed to do. You need to append them to the URL as query parameters, as per the documentation:

    We can now add the token to our request and send it off to the server:

    >

    METHOD /api/endpoint/:id?query=value&username=johndoe&email=example@mail.com&timestamp= [timestamp]&token=[generated hash]

    Kasper Kronborg Isager (kasperisager) | Freelance Developer @Vanilla | Hit me up: Google Mail or Vanilla Mail | Find me on GitHub

  • edited January 2014

    @kasper, still no luck. I am trying this way

      $frequest = "?username=$username&email=$email&timestamp=$dtimestamp&token=$Token";
    
    
    $curl_handle=curl_init();
    curl_setopt($curl_handle,CURLOPT_URL,'http://127.0.0.1/vanilla/api/discussions/'.$frequest);
        curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, true); 
    curl_setopt($curl_handle, CURLOPT_HTTPGET, 1);
        $buffer = curl_exec($curl_handle);
    curl_close($curl_handle);
    if (empty($buffer)){
      print "Nothing returned from url.<p>";
           }
          else{
      print $buffer;
       }
    

    Interesting thing is that when I remove the $frequest parameter from the above code, all the discussions are printed.

  • @kasper, It is working now perfectly. The problem was I had a space in between the username. Thanks for your guidance.

  • edited January 2014

    @kasper, Can you tell me what's the reason behind the following error. This error is generated when I try to get the following request through Postman Client. Basically I want to create a new comment for the discussion id 6

    http://127.0.0.1/vanilla/api/discussions/:6/comments?email=admin@admin.com&timestamp=1390284867&token=xxxxxxx
    

    Response:

     {
    "Code": 400,
    "Exception": "API.Error.ContentType"
     }
    
  • KasperKasper Vanilla Staff
    edited January 2014

    The API operates purely in JSON or XML so that's what you'll need to send in all POST/PUT/DELETE requests – and remember to set the "Content Type" header of course. Per design, form data is not supported.

    P.S.: You may want to remove the locale_map.ini file in your cache directory. That should force the Vanilla API locale to be loaded, providing you with more descriptive error messages. In this case, the full error would be:

    "Exception": "Unsupported content type: [content-type]"
    

    Kasper Kronborg Isager (kasperisager) | Freelance Developer @Vanilla | Hit me up: Google Mail or Vanilla Mail | Find me on GitHub

  • @kasper, I've set Content-Type as application/json. Still getting the error

       {
          "Code": 400,
          "Exception": "Unsupported content type: "
      }
    
  • KasperKasper Vanilla Staff

    The content type isn't in the request, which is why the error looks like it does. Which web server are you using?

    Kasper Kronborg Isager (kasperisager) | Freelance Developer @Vanilla | Hit me up: Google Mail or Vanilla Mail | Find me on GitHub

  • @kasper, I am using Wamp server.

  • edited January 2014

    @kasper, I am using wamp server.

  • @kasper, I am using wamp server. I am attaching the screenshot of my postman request below.

  • KasperKasper Vanilla Staff

    I think you may have uncovered a bug – HTTP_CONTENT_TYPE seems to be non-standard, but just so happens to work in Nginx which I'm using. I'll put together a possible fix.

    Kasper Kronborg Isager (kasperisager) | Freelance Developer @Vanilla | Hit me up: Google Mail or Vanilla Mail | Find me on GitHub

  • @kasper, After your fix, please let me know. Thanks

  • KasperKasper Vanilla Staff
    edited January 2014

    Actually, could you try implementing the fix before I start changing stuff in the app? You simply need to edit the HTTP_CONTENT_TYPE part on this line https://github.com/kasperisager/vanilla-api/blob/master/library/class.apiengine.php#L379 and change it to CONTENT_TYPE, removing the HTTP_ prefix. I.e. this...

    $type = static::getServerArguments('HTTP_CONTENT_TYPE');
    

    ...needs to be this:

    $type = static::getServerArguments('CONTENT_TYPE');
    

    Let me know if that solves the issue!

    Kasper Kronborg Isager (kasperisager) | Freelance Developer @Vanilla | Hit me up: Google Mail or Vanilla Mail | Find me on GitHub

  • @kasper, I changed that line. Now getting the following error

         {
           "Code": 405,
           "Exception": "Method Not Allowed"
         } 
    
  • KasperKasper Vanilla Staff

    Perfect! I'll commit a fix ASAP.

    As for the new error, you can't send a POST to an existing discussion, which is why you're getting a 405.

    Kasper Kronborg Isager (kasperisager) | Freelance Developer @Vanilla | Hit me up: Google Mail or Vanilla Mail | Find me on GitHub

  • edited January 2014

    @kasper, Sorry. this is the error I am getting when I change that line removing http.

     {
    "Code": 400,
    "Exception": "Unsupported content type: text/plain;charset=utf-8"
     }
    

    The method not allowed I got earlier was when I experiemented directly assigned application/json to the $type. Sorry for the confusion.

  • edited January 2014

    @kasper, please ignore my above post. It was due to a specification in header instead of Content-type I had Accept in postman client. You can go ahead and commit the change.

Sign In or Register to comment.