Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #53876 > unrolled thread

python REST API access fails after adding date to URL

Back to article view | Back to comp.lang.python

Contents

  python REST API access fails after adding date to URL mahsan9861@gmail.com - 2013-09-09 09:36 -0700
    Re: python REST API access fails after adding date to URL dieter <dieter@handshake.de> - 2013-09-10 08:15 +0200
      Re: python REST API access fails after adding date to URL mahsan9861@gmail.com - 2013-09-10 07:33 -0700
        Re: python REST API access fails after adding date to URL mahsan9861@gmail.com - 2013-09-10 08:42 -0700
        Re: python REST API access fails after adding date to URL mahsan9861@gmail.com - 2013-09-10 08:44 -0700

#53876 — python REST API access fails after adding date to URL

Hi,

So the REST API calls work great with out the URL appended to the URL.However as soon as I do add the URL, because I want to retrieve the data on a daily basis, the calls fail and the server will return a 401 and say signature invalid.The code is below: 

import oauth2 as oauth
import time
from random import getrandbits
from base64 import b64encode
import hashlib
import urllib
import hmac
import base64
import urllib2
import httplib
import requests

CONSUMER_KEY='xxxx'
CONSUMER_SECRET='xxxx'
TOKEN_KEY='xxxx'
TOKEN_SECRET='xxxx'

def getURL(baseURL,params):
    sortedParams = sorted(params.items())
    for head in sortedParams:
        print head[0]
        print head[1]
        baseURL += '&' + head[0] + '="' + head[1] + '"'
    print baseURL
    return baseURL
#set header parameters
http_headers = {}
http_headers['oauth_version'] = '1.0'
http_headers['oauth_nonce'] = oauth.generate_nonce()
http_headers['oauth_consumer_key'] = CONSUMER_KEY
http_headers['oauth_signature_method'] = 'HMAC-SHA1'
http_headers['oauth_token'] = TOKEN_KEY
http_headers['oauth_timestamp'] = str(int(time.time()))

#base url
base_url = 'https://dacv.liveperson.net/dataAccess/account/accountNumber/visitorSession'

#sort headers in lexicographical order and encode url
params = urllib.urlencode(sorted(http_headers.items()))
encoded_url = urllib.quote_plus(base_url)

#generate base string with all headers,encoded and ready to generate signature
signature_base_string = 'GET&' + encoded_url + '&' + urllib.quote_plus(params)

#generate signiture
key = CONSUMER_SECRET + '&' + TOKEN_SECRET
hashed = hmac.new(key, signature_base_string, hashlib.sha1)
http_headers['oauth_signature'] = urllib.quote_plus(base64.b64encode(hashed.digest()))

#set up header
oauth_header = 'OAuth oauth_consumer_key="' + http_headers['oauth_consumer_key'] + '",' +'oauth_nonce="' + http_headers['oauth_nonce'] + '",' +'oauth_signature_method="' + http_headers['oauth_signature_method'] + '",' +'oauth_token="' + http_headers['oauth_token'] + '",' +'oauth_timestamp="' + http_headers['oauth_timestamp'] + '",' +'oauth_version="' + http_headers['oauth_version'] + '",' +'oauth_signature="' + http_headers['oauth_signature'] + '"'

req = urllib2.Request(base_url)
req.add_header('Authorization',oauth_header)
response = urllib2.urlopen(req)

print response

[toc] | [next] | [standalone]

#53903

mahsan9861@gmail.com writes:

> So the REST API calls work great with out the URL appended to the URL.However as soon as I do add the URL, because I want to retrieve the data on a daily basis, the calls fail and the server will return a 401 and say signature invalid.

Apparently, you do something wrong with the signing.

It is highly likely that you must append any request parameters (as
a query string) to the url before you determine the signature.

Alternatively, the web service you contact might not expect
a query string and might therefore not consider it when it
recreates the signature. Then, the signature check would fail
as you and the service compute it in a different way.

Check the available documentation for your web service.
Does it support request parameters (query strings). What
does it (or the "oauth" spec) about signature requirements
for those parameters.

[toc] | [prev] | [next] | [standalone]

#53918

Sorry about the typo I meant append the date to the URL. So at the end of the current URL adding ?date=ddmmyyyy. But I will go through the documentation to see if I missed anything, but as far as I remember it said to just append the date in that format.

[toc] | [prev] | [next] | [standalone]

#53922

Found a solution. For query string you have to add it to both the http_headers dictionary AND to the URL when making the Request.

<h2>old line:</h2>
http_headers = {} 
http_headers['oauth_version'] = '1.0' 
<h2>new line:</h2>
http_headers = {} 
http_headers['date'] = 'ddmmyyyy' #add this line
http_headers['oauth_version'] = '1.0' 

<h2>old line:</h2>
req = urllib2.Request(base_url) 
<h2>new line:</h2>
req = urllib2.Request(base_url + '?date=ddmmyyyy') 

[toc] | [prev] | [next] | [standalone]

#53923

Found a solution. For query string you have to add it to both the http_headers dictionary AND to the URL when making the Request. 

old line:
http_headers = {} 
http_headers['oauth_version'] = '1.0' 

new line:
http_headers = {} 
http_headers['date'] = 'ddmmyyyy' #add this line 
http_headers['oauth_version'] = '1.0' 

old line:
req = urllib2.Request(base_url) 

new line:
req = urllib2.Request(base_url + '?date=ddmmyyyy') 

Everything else remains the same.

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web