Auth issues with API v2 requests

hey, friends. i'm in trouble with auth and POST requests on API v2. i generated a personal access token with an user which has all permissions on my forum.

GET requests are completely ok only when i use query string auth, using HTTP Header it doesn't work. when i try POST, both auth methods don't work too. this is my first time using this API. i read the docs but i didn't find any solutions. would you help me, please? i'm using vanilla 3.2.

examples:

query string parameter auth

request headers

POST /api/v2/comments?body=teste&discussionID=4&format=markdown&access_token=<my_access_token> HTTP/1.1
Host: <my_host>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

response headers

HTTP/1.1 400 Bad Request
Date: Sun, 26 Jul 2020 22:11:30 GMT
Server: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1g
P3P: CP="CAO PSA OUR"
Cache-Control: private, no-cache, max-age=0, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Vdk: 3.2
Content-Security-Policy:
Strict-Transport-Security: max-age=604800
Link:
Content-Length: 567
Connection: close
Content-Type: application/json; charset=utf-8

response content

{"message":"Validation Failed","status":400,"errors":[{"field":"body","code":"missingField","status":400,"message":"body is required."},{"field":"format","code":"missingField","status":400,"message":"format is required."},{"field":"discussionID","code":"missingField","status":400,"message":"discussionID is required."}]}

HTTP header auth

request headers

POST /api/v2/comments?body=teste&discussionID=4&format=markdown HTTP/1.1
Host: <my_host>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
Authorization: Bearer <my_access_token>

response headers

HTTP/1.1 302 Found
Date: Sun, 26 Jul 2020 22:18:37 GMT
Server: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1g
P3P: CP="CAO PSA OUR"
Location: https://<my_host>/entry/signin?Target=api%2Fv2%2Fcomments%3Fbody%3Dteste%26discussionID%3D4%26format%3Dmarkdown
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

response content

void and it redirected to sign-in page.

Comments

Sign In or Register to comment.