HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Auth issues with API v2 requests

hey, friends. i'm in trouble with auth and POST requests on API v2. i generated a personal access token with an user which has all permissions on my forum.

GET requests are completely ok only when i use query string auth, using HTTP Header it doesn't work. when i try POST, both auth methods don't work too. this is my first time using this API. i read the docs but i didn't find any solutions. would you help me, please? i'm using vanilla 3.2.

examples:

query string parameter auth

request headers

POST /api/v2/comments?body=teste&discussionID=4&format=markdown&access_token=<my_access_token> HTTP/1.1
Host: <my_host>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

response headers

HTTP/1.1 400 Bad Request
Date: Sun, 26 Jul 2020 22:11:30 GMT
Server: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1g
P3P: CP="CAO PSA OUR"
Cache-Control: private, no-cache, max-age=0, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Vdk: 3.2
Content-Security-Policy:
Strict-Transport-Security: max-age=604800
Link:
Content-Length: 567
Connection: close
Content-Type: application/json; charset=utf-8

response content

{"message":"Validation Failed","status":400,"errors":[{"field":"body","code":"missingField","status":400,"message":"body is required."},{"field":"format","code":"missingField","status":400,"message":"format is required."},{"field":"discussionID","code":"missingField","status":400,"message":"discussionID is required."}]}

HTTP header auth

request headers

POST /api/v2/comments?body=teste&discussionID=4&format=markdown HTTP/1.1
Host: <my_host>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
Authorization: Bearer <my_access_token>

response headers

HTTP/1.1 302 Found
Date: Sun, 26 Jul 2020 22:18:37 GMT
Server: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1g
P3P: CP="CAO PSA OUR"
Location: https://<my_host>/entry/signin?Target=api%2Fv2%2Fcomments%3Fbody%3Dteste%26discussionID%3D4%26format%3Dmarkdown
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

response content

void and it redirected to sign-in page.

Comments

Sign In or Register to comment.