Auth issues with API v2 requests
garboso
New
hey, friends. i'm in trouble with auth and POST requests on API v2. i generated a personal access token with an user which has all permissions on my forum.
GET requests are completely ok only when i use query string auth, using HTTP Header it doesn't work. when i try POST, both auth methods don't work too. this is my first time using this API. i read the docs but i didn't find any solutions. would you help me, please? i'm using vanilla 3.2.
examples:
query string parameter auth
request headers
POST /api/v2/comments?body=teste&discussionID=4&format=markdown&access_token=<my_access_token> HTTP/1.1 Host: <my_host> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache Content-Length: 0
response headers
HTTP/1.1 400 Bad Request Date: Sun, 26 Jul 2020 22:11:30 GMT Server: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1g P3P: CP="CAO PSA OUR" Cache-Control: private, no-cache, max-age=0, must-revalidate Expires: Sat, 01 Jan 2000 00:00:00 GMT Pragma: no-cache Vdk: 3.2 Content-Security-Policy: Strict-Transport-Security: max-age=604800 Link: Content-Length: 567 Connection: close Content-Type: application/json; charset=utf-8
response content
{"message":"Validation Failed","status":400,"errors":[{"field":"body","code":"missingField","status":400,"message":"body is required."},{"field":"format","code":"missingField","status":400,"message":"format is required."},{"field":"discussionID","code":"missingField","status":400,"message":"discussionID is required."}]}
HTTP header auth
request headers
POST /api/v2/comments?body=teste&discussionID=4&format=markdown HTTP/1.1 Host: <my_host> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache Content-Length: 0 Authorization: Bearer <my_access_token>
response headers
HTTP/1.1 302 Found Date: Sun, 26 Jul 2020 22:18:37 GMT Server: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1g P3P: CP="CAO PSA OUR" Location: https://<my_host>/entry/signin?Target=api%2Fv2%2Fcomments%3Fbody%3Dteste%26discussionID%3D4%26format%3Dmarkdown Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8
response content
void and it redirected to sign-in page.
Tagged:
0
Comments
The fields you POST to the server should not be part of the query string but part of the (JSON encoded) body.
My themes: pure | minusbaseline - My plugins: CSSedit | HTMLedit | InfiniteScroll | BirthdayModule | [all] - PM me about customizations
VanillaSkins.com - Plugins, Themes and Graphics for Vanillaforums OS
that's it. it's so simple. thanks.