I am trying to get the Indeed vacanties of my company via API with python. I am following https://developer.indeed.com/docs/authorization/3-legged-oauth and https://mathiashaentjens.medium.com/how-do-you-extract-data-using-the-indeed-api-and-build-your-own-indeed-campaign-reporting-8127252ef073.
I create Indeed API keys and recevive the Authorization Code. But i couldnt get Access Token. I send the same POST as documents via curl and python requests but i got this error;
{'error_description': 'Your request might include sensitive information passed in the URL query string. Parameters must be passed in the HTTP request body using the application/x-www-form-urlencoded format (See https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3). For increased security, we recommend that you periodically rotate your application secret at https://secure.indeed.com/account/apikeys.', 'error': 'invalid_request'}
My python code is like;
headers = {'content-type': 'application/x-www-form-urlencoded','accept':'application/json'}
payload = {'code':'XXXX', 'client_id':'XXXX', 'client_secret':'XXXX', 'redirect_uri': 'http://localhost', 'grant_type':'authorization_code'}
response = requests.post('https://apis.indeed.com/oauth/v2/tokens', params=urllib.parse.urlencode(payload), headers=headers)
response.json()
and via command line;
curl -X POST -H "Content-Length: 0" -H "Content-Type: application/x-www-form-urlencoded" -H "Accept: application/json" "https://apis.indeed.com/oauth/v2/tokens?code=XXXX&client_id=XXXX&client_secret=XXXX&redirect_uri=http://localhost&grant_type=authorization_code"
Is there anyone familiar with this error?
Related
I need to POST data to an API endpoint using the python requests library with application/json content-type but am getting errors due to the API key having a space in it.
API Key format:
Authorization: Token d6bf96a81a58bf6e99ad1f819b244242797c0c07
Successful curl request:
curl -k -H "Authorization: Token d6bf96a81a58bf6e99ad1f819b244242797c0c07" "https://myurlhere.com/api/status/" --data "status=Good&value=foobar"
Failed Python:
import requests
url="https://myurlhere.com/api/status/"
headers={"Authorization": "Token d6bf96a81a58bf6e99ad1f819b244242797c0c07","content-type":"application/json}
data="status=Good&value=foobar"
requests.post(url, headers=headers, data=data)
The python request returns a 403, additional debugging shows "Authentication details were not provided."
It appears as if the space is causing issues due to being a json object? Is there any clean way to work around this? I must use the application/json type as I use the same program with a lot more code for other api requests which require the application/json type.
I'm trying to retrive some data from apptopia but I'm finding it pretty tricky (due to my lack of experience). In their authentication page: https://dev.apptopia.com/#authentication there are some instructions, but I just can't make it work.
I need a client and a secret (these bellow are not mine but the ones on the company's site)
client: JFqXPDhiLuvY
secret: L2nerprCksacBoFzUqtfHz8v
And I must use those information in order to obtain a Session token via HTTPS POST request:
curl -X "POST" "https://integrations.apptopia.com/api/login" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "client=<client>" \
--data-urlencode "secret=<secret>"
I just don't know how to do it. I tried using the answen on this post: Python Request Post with param data but it didn't work. Could someone help me please? Thanks!
Did you try passing credentials as data in your request?
import requests
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
}
data = {
'client':your_client,
'secret':your_secret'
}
response = requests.post('https://integrations.apptopia.com/api/login', headers=headers, data=data)
I have an API which is currently on HTTP, I moved the API using SSLify library in python flask.
Now when I send data using curl request
curl -v -k -H "Content-Type: application/json" -X POST \
--data '{"title":"foobar","body": "This body"}' \
-L http://X.Y.Z.W.us-west-2.compute.amazonaws.com/test
It returns an empty string to me by using request.data
If I make the request to begin with https it returns correct value. If there is a redirect how can I send data ?
SSLify issues a 301 or 302 redirect status code depending on your configuration. So you need to pass --post301 or --post302 to curl.
The reason for this can be found in the curl man page:
When curl follows a redirect and the request is not a plain GET (for
example POST or PUT), it will do the following request with a GET
if the HTTP response was 301, 302, or 303. If the response code was
any other 3xx code, curl will re-send the following request using
the same unmodified method.
You can tell curl to not change the non-GET request method to GET
after a 30x response by using the dedicated options for that: --post301, --post302 and -post303.
I have use curl in linux to post data to asana and its work fine.
curl -H "Authorization: Bearer <mytoken>" https://app.asana.com/api/1.0/tasks/101/stories -d "text=hello world"
but if I use requests library for python the result is 400
response = requests.post("https://app.asana.com/api/1.0/tasks/101/stories", auth=(self.asana.token_uri, ""), params = "text=repo_name")
You need to add the same "Authorization: Bearer" token header to your request in python. Similar to this answer:
https://stackoverflow.com/a/29931730/6080374
The auth argument to requests methods produces a Authorization: Basic header, not a Authorization: Bearer header.
Set a headers dictionary with a manually created Authorization header instead. POST data (the -d command line switch for curl) should be passed as a dictionary to the data argument:
response = requests.post(
"https://app.asana.com/api/1.0/tasks/101/stories",
headers={'Authorization': 'Bearer {}'.format(self.asana.token_uri),
data={'text': 'repo_name'})
I am interfacing with an API using requests and requests_oauthlib.
I successfully authenticate and access all the GET methods of the API, but get error 500 with POST methods. For example:
r = oauth.post("https://api.timelyapp.com/1.0/1/clients",
data={"client":{"name":"newclient", "color":"c697c0" }},
allow_redirects=False, headers={"Content-Type": "application/json"})
The issue is that I tested the same exact call with curl and it works correctly, here the curl code:
curl -v -X POST -H "Content-Type: application/json" -H "Authorization: Bearer XXXXXXXXXXXX" --data '{"client": { "name": "newclient", "color":"c697c0" }}' "https://api.timelyapp.com/1.0/1/clients"
how can I dig deeper in requests to compare its call with curl?
UPDATE:
Also, noticed that if I do not specify content type:
r = oauth.post("https://api.timelyapp.com/1.0/1/clients",
data={"client":{"name":"newclient", "color":"c697c0" }},
allow_redirects=True)
I get instead a 302 with redirection to the site homepage, where I fetch the content of the page. In any case the new client is not added.
You might want to try this instead:
data=json.dumps(payload)
From python-requests doc:
There are many times that you want to send data that is not
form-encoded. If you pass in a string instead of a dict, that data
will be posted directly.