python REST API access fails after adding date to URL


M

mahsan9861

Hi,

So the REST API calls work great with out the URL appended to the URL.However as soon as I do add the URL, because I want to retrieve the data on a daily basis, the calls fail and the server will return a 401 and say signature invalid.The code is below:

import oauth2 as oauth
import time
from random import getrandbits
from base64 import b64encode
import hashlib
import urllib
import hmac
import base64
import urllib2
import httplib
import requests

CONSUMER_KEY='xxxx'
CONSUMER_SECRET='xxxx'
TOKEN_KEY='xxxx'
TOKEN_SECRET='xxxx'

def getURL(baseURL,params):
sortedParams = sorted(params.items())
for head in sortedParams:
print head[0]
print head[1]
baseURL += '&' + head[0] + '="' + head[1] + '"'
print baseURL
return baseURL
#set header parameters
http_headers = {}
http_headers['oauth_version'] = '1.0'
http_headers['oauth_nonce'] = oauth.generate_nonce()
http_headers['oauth_consumer_key'] = CONSUMER_KEY
http_headers['oauth_signature_method'] = 'HMAC-SHA1'
http_headers['oauth_token'] = TOKEN_KEY
http_headers['oauth_timestamp'] = str(int(time.time()))

#base url
base_url = 'https://dacv.liveperson.net/dataAccess/account/accountNumber/visitorSession'

#sort headers in lexicographical order and encode url
params = urllib.urlencode(sorted(http_headers.items()))
encoded_url = urllib.quote_plus(base_url)

#generate base string with all headers,encoded and ready to generate signature
signature_base_string = 'GET&' + encoded_url + '&' + urllib.quote_plus(params)

#generate signiture
key = CONSUMER_SECRET + '&' + TOKEN_SECRET
hashed = hmac.new(key, signature_base_string, hashlib.sha1)
http_headers['oauth_signature'] = urllib.quote_plus(base64.b64encode(hashed.digest()))

#set up header
oauth_header = 'OAuth oauth_consumer_key="' + http_headers['oauth_consumer_key'] + '",' +'oauth_nonce="' + http_headers['oauth_nonce'] + '",' +'oauth_signature_method="' + http_headers['oauth_signature_method'] + '",'+'oauth_token="' + http_headers['oauth_token'] + '",' +'oauth_timestamp="' + http_headers['oauth_timestamp'] + '",' +'oauth_version="' + http_headers['oauth_version'] + '",' +'oauth_signature="' + http_headers['oauth_signature'] + '"'

req = urllib2.Request(base_url)
req.add_header('Authorization',oauth_header)
response = urllib2.urlopen(req)

print response
 
Ad

Advertisements

D

dieter

So the REST API calls work great with out the URL appended to the URL.However as soon as I do add the URL, because I want to retrieve the data on a daily basis, the calls fail and the server will return a 401 and say signature invalid.

Apparently, you do something wrong with the signing.

It is highly likely that you must append any request parameters (as
a query string) to the url before you determine the signature.

Alternatively, the web service you contact might not expect
a query string and might therefore not consider it when it
recreates the signature. Then, the signature check would fail
as you and the service compute it in a different way.

Check the available documentation for your web service.
Does it support request parameters (query strings). What
does it (or the "oauth" spec) about signature requirements
for those parameters.
 
M

mahsan9861

Sorry about the typo I meant append the date to the URL. So at the end of the current URL adding ?date=ddmmyyyy. But I will go through the documentation to see if I missed anything, but as far as I remember it said to just append the date in that format.
 
M

mahsan9861

Found a solution. For query string you have to add it to both the http_headers dictionary AND to the URL when making the Request.

<h2>old line:</h2>
http_headers = {}
http_headers['oauth_version'] = '1.0'
<h2>new line:</h2>
http_headers = {}
http_headers['date'] = 'ddmmyyyy' #add this line
http_headers['oauth_version'] = '1.0'

<h2>old line:</h2>
req = urllib2.Request(base_url)
<h2>new line:</h2>
req = urllib2.Request(base_url + '?date=ddmmyyyy')
 
Ad

Advertisements

M

mahsan9861

Found a solution. For query string you have to add it to both the http_headers dictionary AND to the URL when making the Request.

old line:
http_headers = {}
http_headers['oauth_version'] = '1.0'

new line:
http_headers = {}
http_headers['date'] = 'ddmmyyyy' #add this line
http_headers['oauth_version'] = '1.0'

old line:
req = urllib2.Request(base_url)

new line:
req = urllib2.Request(base_url + '?date=ddmmyyyy')

Everything else remains the same.
 

Top