[ANNOUNCE] New values in OAuth sign page URLs
84 views
Skip to first unread message
Justin Kerr Sheckler
Jun 27, 2011, 9:10:10 PM6/27/11
to etsy-...@googlegroups.com
Hi everyone,
Today we deployed some infrastructure improvements to our OAuth platform.
According to OAuth spec, we return a "login URL" with OAuth request
tokens. This is found in the login_url field of the request token
response.
Prior to today, the login URL was a static value:
"http://www.etsy.com/oauth/signin". Clients were instructed to
manually append "?oauth_token=XXXXX" to the URL.
As of today, the login URL has all needed values pre-populated. We've
added two new fields, "oauth_consumer_key", and "service". Please use
the login URL verbatim, as it's returned by the request token service,
for example:
best,
Justin Kerr Sheckler
Developer API Lead
Etsy.com
jus...@etsy.com
Cameron
Jun 27, 2011, 9:38:04 PM6/27/11
to etsy-...@googlegroups.com
Really? We're we warned about this at some point and I just missed it?
Until now I've been making a POST to http://openapi.etsy.com/v2/oauth/request_token and then appending oauth_consumer_key and oauth_token to the login_url returned. So now my app is broken for all new users wanting to authenticate their shop until I make a code change to account for this. I'm feeling a bit blindsided, but maybe I was just sleeping at the wheel and missed the warning for this.
I would like to deploy this change soon so my app isn't broken, the problem is that the POST to the sandbox http://openapi.etsy.com/v2/sandbox/oauth/request_token is still returning 503s, so I have no real way to test.
-Cameron
Until now I've been making a POST to http://openapi.etsy.com/v2/oauth/request_token and then appending oauth_consumer_key and oauth_token to the login_url returned. So now my app is broken for all new users wanting to authenticate their shop until I make a code change to account for this. I'm feeling a bit blindsided, but maybe I was just sleeping at the wheel and missed the warning for this.
I would like to deploy this change soon so my app isn't broken, the problem is that the POST to the sandbox http://openapi.etsy.com/v2/sandbox/oauth/request_token is still returning 503s, so I have no real way to test.
-Cameron
Justin Kerr Sheckler
Jun 27, 2011, 9:48:45 PM6/27/11
to etsy-...@googlegroups.com
We've just patched a small bug that should alleviate this problem.
The signin URLs now have a hash mark appended-- this will prevent any
manually appended parameters from breaking apps. Our apologies for
this oversight.
The signin URLs now have a hash mark appended-- this will prevent any
manually appended parameters from breaking apps. Our apologies for
this oversight.
Justin Kerr Sheckler
Developer API Lead
Etsy.com
jus...@etsy.com
> --
> You received this message because you are subscribed to the Google Groups
> "Etsy API V2" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/etsy-api-v2/-/i7MG-XCzeMAJ.
> To post to this group, send email to etsy-...@googlegroups.com.
> To unsubscribe from this group, send email to
> etsy-api-v2...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/etsy-api-v2?hl=en.
>
Chris Copeland
Jun 27, 2011, 10:00:11 PM6/27/11
to etsy-...@googlegroups.com
Big +1 on this. There was no announcement of this change.
I've only been working with the Etsy API for a few months but I am starting to seriously question the time and money I have invested in build my application.
-Chris
I've only been working with the Etsy API for a few months but I am starting to seriously question the time and money I have invested in build my application.
-Chris
--
You received this message because you are subscribed to the Google Groups "Etsy API V2" group.
kevinyc
Jun 27, 2011, 10:11:27 PM6/27/11
to Etsy API V2
What do you mean by "prevent any manually appended parameters from
breaking apps." Does this mean that the previous method of appending
the token to the URL will still work? Because it doesn't.
Anyway, I've switched my dev build over to use the returned login_url
field but clicking "Allow Access" brings me back to the error page
that says "Request token value is unknown."
How can you guys deploy a significant change like this without
advanced warning. Changes like this just broke every single Etsy app
that uses OAuth to sign in.
Kevin
On Jun 27, 6:48 pm, Justin Kerr Sheckler <jus...@etsy.com> wrote:
> We've just patched a small bug that should alleviate this problem.
> The signin URLs now have a hash mark appended-- this will prevent any
> manually appended parameters from breaking apps. Our apologies for
> this oversight.
>
> Justin Kerr Sheckler
> Developer API Lead
> Etsy.com
> jus...@etsy.com
>
>
>
>
>
>
>
> On Mon, Jun 27, 2011 at 9:38 PM, Cameron <came...@etsyonsale.com> wrote:
> > Really? We're we warned about this at some point and I just missed it?
>
> > Until now I've been making a POST to
> >http://openapi.etsy.com/v2/oauth/request_tokenand then appending
breaking apps." Does this mean that the previous method of appending
the token to the URL will still work? Because it doesn't.
Anyway, I've switched my dev build over to use the returned login_url
field but clicking "Allow Access" brings me back to the error page
that says "Request token value is unknown."
How can you guys deploy a significant change like this without
advanced warning. Changes like this just broke every single Etsy app
that uses OAuth to sign in.
Kevin
On Jun 27, 6:48 pm, Justin Kerr Sheckler <jus...@etsy.com> wrote:
> We've just patched a small bug that should alleviate this problem.
> The signin URLs now have a hash mark appended-- this will prevent any
> manually appended parameters from breaking apps. Our apologies for
> this oversight.
>
> Justin Kerr Sheckler
> Developer API Lead
> Etsy.com
> jus...@etsy.com
>
>
>
>
>
>
>
> On Mon, Jun 27, 2011 at 9:38 PM, Cameron <came...@etsyonsale.com> wrote:
> > Really? We're we warned about this at some point and I just missed it?
>
> > Until now I've been making a POST to
> > oauth_consumer_key and oauth_token to the login_url returned. So now my app
> > is broken for all new users wanting to authenticate their shop until I make
> > a code change to account for this. I'm feeling a bit blindsided, but maybe
> > I was just sleeping at the wheel and missed the warning for this.
>
> > I would like to deploy this change soon so my app isn't broken, the problem
> > is that the POST to the sandbox
> >http://openapi.etsy.com/v2/sandbox/oauth/request_tokenis still returning
> > is broken for all new users wanting to authenticate their shop until I make
> > a code change to account for this. I'm feeling a bit blindsided, but maybe
> > I was just sleeping at the wheel and missed the warning for this.
>
> > I would like to deploy this change soon so my app isn't broken, the problem
> > is that the POST to the sandbox
Justin Kerr Sheckler
Jun 27, 2011, 10:18:32 PM6/27/11
to etsy-...@googlegroups.com
Hi Kevin,
Could you provide me with samples of the URLs that don't work?
thanks,
Justin Kerr Sheckler
Developer API Lead
Etsy.com
jus...@etsy.com
GraGra33
Jun 27, 2011, 10:28:14 PM6/27/11
to Etsy API V2
Same ... No warning ... Just like when they took treasuries offline...
We need atleast 24 hours warning so as we can prep... I feel sorry for
those who have paid Apple Store Apps that take up to a week to update!
G.
On Jun 28, 12:00 pm, Chris Copeland <ch...@cope360.com> wrote:
> Big +1 on this. There was no announcement of this change.
>
> I've only been working with the Etsy API for a few months but I am starting
> to seriously question the time and money I have invested in build my
> application.
>
> -Chris
>
>
>
> On Mon, Jun 27, 2011 at 8:38 PM, Cameron <came...@etsyonsale.com> wrote:
> > Really? We're we warned about this at some point and I just missed it?
>
> > Until now I've been making a POST to
> >http://openapi.etsy.com/v2/oauth/request_tokenand then appending
>
> - Show quoted text -
We need atleast 24 hours warning so as we can prep... I feel sorry for
those who have paid Apple Store Apps that take up to a week to update!
G.
On Jun 28, 12:00 pm, Chris Copeland <ch...@cope360.com> wrote:
> Big +1 on this. There was no announcement of this change.
>
> I've only been working with the Etsy API for a few months but I am starting
> to seriously question the time and money I have invested in build my
> application.
>
> -Chris
>
>
>
> On Mon, Jun 27, 2011 at 8:38 PM, Cameron <came...@etsyonsale.com> wrote:
> > Really? We're we warned about this at some point and I just missed it?
>
> > Until now I've been making a POST to
> > oauth_consumer_key and oauth_token to the login_url returned. So now my app
> > is broken for all new users wanting to authenticate their shop until I make
> > a code change to account for this. I'm feeling a bit blindsided, but maybe
> > I was just sleeping at the wheel and missed the warning for this.
>
> > I would like to deploy this change soon so my app isn't broken, the problem
> > is that the POST to the sandbox
> >http://openapi.etsy.com/v2/sandbox/oauth/request_tokenis still returning
> > is broken for all new users wanting to authenticate their shop until I make
> > a code change to account for this. I'm feeling a bit blindsided, but maybe
> > I was just sleeping at the wheel and missed the warning for this.
>
> > I would like to deploy this change soon so my app isn't broken, the problem
> > is that the POST to the sandbox
> > 503s, so I have no real way to test.
>
> > -Cameron
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Etsy API V2" group.
> > To view this discussion on the web visit
> >https://groups.google.com/d/msg/etsy-api-v2/-/i7MG-XCzeMAJ.
>
> > To post to this group, send email to etsy-...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > etsy-api-v2...@googlegroups.com.
> > For more options, visit this group at
> >http://groups.google.com/group/etsy-api-v2?hl=en.- Hide quoted text -
>
> > -Cameron
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Etsy API V2" group.
> > To view this discussion on the web visit
> >https://groups.google.com/d/msg/etsy-api-v2/-/i7MG-XCzeMAJ.
>
> > To post to this group, send email to etsy-...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > etsy-api-v2...@googlegroups.com.
> > For more options, visit this group at
>
> - Show quoted text -
GraGra33
Jun 27, 2011, 10:32:59 PM6/27/11
to Etsy API V2
Sandbox is still throwing a 503... Can't test.
On Jun 28, 11:48 am, Justin Kerr Sheckler <jus...@etsy.com> wrote:
> We've just patched a small bug that should alleviate this problem.
> The signin URLs now have a hash mark appended-- this will prevent any
> manually appended parameters from breaking apps. Our apologies for
> this oversight.
>
> Justin Kerr Sheckler
> Developer API Lead
> Etsy.com
> jus...@etsy.com
>
>
>
> On Mon, Jun 27, 2011 at 9:38 PM, Cameron <came...@etsyonsale.com> wrote:
> > Really? We're we warned about this at some point and I just missed it?
>
> > Until now I've been making a POST to
> >http://openapi.etsy.com/v2/oauth/request_tokenand then appending
On Jun 28, 11:48 am, Justin Kerr Sheckler <jus...@etsy.com> wrote:
> We've just patched a small bug that should alleviate this problem.
> The signin URLs now have a hash mark appended-- this will prevent any
> manually appended parameters from breaking apps. Our apologies for
> this oversight.
>
> Justin Kerr Sheckler
> Developer API Lead
> Etsy.com
> jus...@etsy.com
>
>
>
> On Mon, Jun 27, 2011 at 9:38 PM, Cameron <came...@etsyonsale.com> wrote:
> > Really? We're we warned about this at some point and I just missed it?
>
> > Until now I've been making a POST to
> > oauth_consumer_key and oauth_token to the login_url returned. So now my app
> > is broken for all new users wanting to authenticate their shop until I make
> > a code change to account for this. I'm feeling a bit blindsided, but maybe
> > I was just sleeping at the wheel and missed the warning for this.
>
> > I would like to deploy this change soon so my app isn't broken, the problem
> > is that the POST to the sandbox
> >http://openapi.etsy.com/v2/sandbox/oauth/request_tokenis still returning
> > is broken for all new users wanting to authenticate their shop until I make
> > a code change to account for this. I'm feeling a bit blindsided, but maybe
> > I was just sleeping at the wheel and missed the warning for this.
>
> > I would like to deploy this change soon so my app isn't broken, the problem
> > is that the POST to the sandbox
> > 503s, so I have no real way to test.
>
> > -Cameron
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Etsy API V2" group.
> > To view this discussion on the web visit
> >https://groups.google.com/d/msg/etsy-api-v2/-/i7MG-XCzeMAJ.
> > To post to this group, send email to etsy-...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > etsy-api-v2...@googlegroups.com.
> > For more options, visit this group at
>
> > -Cameron
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Etsy API V2" group.
> > To view this discussion on the web visit
> >https://groups.google.com/d/msg/etsy-api-v2/-/i7MG-XCzeMAJ.
> > To post to this group, send email to etsy-...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > etsy-api-v2...@googlegroups.com.
> > For more options, visit this group at
GraGra33
Jun 27, 2011, 10:41:50 PM6/27/11
to Etsy API V2
Hi Justin,
Live OAuth works fine now but Sandbox is still broken.
G.
On Jun 28, 11:10 am, Justin Kerr Sheckler <jus...@etsy.com> wrote:
> Hi everyone,
>
> Today we deployed some infrastructure improvements to our OAuth platform.
>
> According to OAuth spec, we return a "login URL" with OAuth request
> tokens. This is found in the login_url field of the request token
> response.
>
> Prior to today, the login URL was a static value:
> "http://www.etsy.com/oauth/signin". Clients were instructed to
> manually append "?oauth_token=XXXXX" to the URL.
>
> As of today, the login URL has all needed values pre-populated. We've
> added two new fields, "oauth_consumer_key", and "service". Please use
> the login URL verbatim, as it's returned by the request token service,
> for example:
>
> https://www.etsy.com/oauth/signin?oauth_consumer_key=XXX_API_KEY_XXX&...
Live OAuth works fine now but Sandbox is still broken.
G.
On Jun 28, 11:10 am, Justin Kerr Sheckler <jus...@etsy.com> wrote:
> Hi everyone,
>
> Today we deployed some infrastructure improvements to our OAuth platform.
>
> According to OAuth spec, we return a "login URL" with OAuth request
> tokens. This is found in the login_url field of the request token
> response.
>
> Prior to today, the login URL was a static value:
> "http://www.etsy.com/oauth/signin". Clients were instructed to
> manually append "?oauth_token=XXXXX" to the URL.
>
> As of today, the login URL has all needed values pre-populated. We've
> added two new fields, "oauth_consumer_key", and "service". Please use
> the login URL verbatim, as it's returned by the request token service,
> for example:
>
Jey B
Jun 27, 2011, 11:45:09 PM6/27/11
to Etsy API V2
Gotta say I am pretty damn disappointed with the lack of information
and number of changes which occur with little to no notice on this
API. I've never known an API that changes so much.
The worst part is that changes aren't bundled, there are many ad-hoc
releases. Etsy may be proud of their ability to push code releases so
fast but for an API it's a different method of working and right now
we are all expected to jump for each change without prior warning.
If we'd have had notice, you'd have found how many of us are manually
creating URLs to add in extra params like callbacks.
Jey
and number of changes which occur with little to no notice on this
API. I've never known an API that changes so much.
The worst part is that changes aren't bundled, there are many ad-hoc
releases. Etsy may be proud of their ability to push code releases so
fast but for an API it's a different method of working and right now
we are all expected to jump for each change without prior warning.
If we'd have had notice, you'd have found how many of us are manually
creating URLs to add in extra params like callbacks.
Jey
Jey B
Jun 28, 2011, 12:04:50 AM6/28/11
to Etsy API V2
I can't even get this to work at all. Even without adding a callback
URL, redirecting to the exact login_url parameter on iPhone that's now
returned just takes you to a "Request token value is unknown" page.
URL, redirecting to the exact login_url parameter on iPhone that's now
returned just takes you to a "Request token value is unknown" page.
Justin Kerr Sheckler
Jun 28, 2011, 12:06:05 AM6/28/11
to etsy-...@googlegroups.com
Hi Jey, can you send me an example (or preferably several) of those login URLs?
Justin Kerr Sheckler
Developer API Lead
Etsy.com
jus...@etsy.com
> --
> You received this message because you are subscribed to the Google Groups "Etsy API V2" group.
Jey B
Jun 28, 2011, 12:12:51 AM6/28/11
to Etsy API V2
Done (in PM).
Cameron
Jun 28, 2011, 12:15:14 AM6/28/11
to etsy-...@googlegroups.com
Same. I just confirmed production oAuth is working again for my app. Sandbox is still returning 503s. -Cameron
david olick
Jun 28, 2011, 12:57:52 AM6/28/11
to etsy-...@googlegroups.com
Some oauth calls seem to work for me while others don't. I'm continuing to get the weird error "oauth_problem=signature_invalid" followed by debug url parameters.
--
David Olick
CTO
Oriku Inc.
On Mon, Jun 27, 2011 at 11:15 PM, Cameron <cam...@etsyonsale.com> wrote:
Same. I just confirmed production oAuth is working again for my app. Sandbox is still returning 503s. -Cameron
--
You received this message because you are subscribed to the Google Groups "Etsy API V2" group.
To view this discussion on the web visit https://groups.google.com/d/msg/etsy-api-v2/-/KbY5ZsnUHJsJ.
To post to this group, send email to etsy-...@googlegroups.com.
To unsubscribe from this group, send email to etsy-api-v2...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/etsy-api-v2?hl=en.
--
David Olick
CTO
Oriku Inc.
FotoFuze Oriku
Jun 28, 2011, 1:03:04 AM6/28/11
to etsy-...@googlegroups.com
Is anybody else seeing the oauth_problem=signature_invalid ?
FotoFuze Oriku
Jun 28, 2011, 1:09:53 AM6/28/11
to etsy-...@googlegroups.com
Looks like this is only happening with POST requests. GET requests appear to be fine. Verifying this now.
GraGra33
Jun 28, 2011, 1:11:17 AM6/28/11
to Etsy API V2
I've checked all the live public/private API calls that our service
uses and we're fine. Mind you, we're not updating Listings & Images.
The sandbox however is another story... all sandbox POSTs are coming
back "503 - Temporarily Unavailable"...
I'd say that you'll have to wait now until morning "Etsy Time" for a
response.
G.
On Jun 28, 3:03 pm, FotoFuze Oriku <fotof...@gmail.com> wrote:
> Is anybody else seeing the oauth_problem=signature_invalid ?
>
>
>
> On Mon, Jun 27, 2011 at 11:57 PM, david olick <david.ol...@gmail.com> wrote:
> > Some oauth calls seem to work for me while others don't. I'm continuing to
> > get the weird error "oauth_problem=signature_invalid" followed by debug
> > url parameters.
>
uses and we're fine. Mind you, we're not updating Listings & Images.
The sandbox however is another story... all sandbox POSTs are coming
back "503 - Temporarily Unavailable"...
I'd say that you'll have to wait now until morning "Etsy Time" for a
response.
G.
On Jun 28, 3:03 pm, FotoFuze Oriku <fotof...@gmail.com> wrote:
> Is anybody else seeing the oauth_problem=signature_invalid ?
>
>
>
> On Mon, Jun 27, 2011 at 11:57 PM, david olick <david.ol...@gmail.com> wrote:
> > Some oauth calls seem to work for me while others don't. I'm continuing to
> > get the weird error "oauth_problem=signature_invalid" followed by debug
> > url parameters.
>
> > On Mon, Jun 27, 2011 at 11:15 PM, Cameron <came...@etsyonsale.com> wrote:
>
> >> Same. I just confirmed production oAuth is working again for my app.
> >> Sandbox is still returning 503s. -Cameron
>
> >> --
> >> You received this message because you are subscribed to the Google Groups
> >> "Etsy API V2" group.
> >> To view this discussion on the web visit
> >>https://groups.google.com/d/msg/etsy-api-v2/-/KbY5ZsnUHJsJ.
>
> >> To post to this group, send email to etsy-...@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> etsy-api-v2...@googlegroups.com.
> >> For more options, visit this group at
> >>http://groups.google.com/group/etsy-api-v2?hl=en.
>
> > --
> > David Olick
> > CTO
> > Oriku Inc.
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Etsy API V2" group.
> > To post to this group, send email to etsy-...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > etsy-api-v2...@googlegroups.com.
> > For more options, visit this group at
>
> >> Same. I just confirmed production oAuth is working again for my app.
> >> Sandbox is still returning 503s. -Cameron
>
> >> --
> >> You received this message because you are subscribed to the Google Groups
> >> "Etsy API V2" group.
> >> To view this discussion on the web visit
> >>https://groups.google.com/d/msg/etsy-api-v2/-/KbY5ZsnUHJsJ.
>
> >> To post to this group, send email to etsy-...@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> etsy-api-v2...@googlegroups.com.
> >> For more options, visit this group at
> >>http://groups.google.com/group/etsy-api-v2?hl=en.
>
> > --
> > David Olick
> > CTO
> > Oriku Inc.
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Etsy API V2" group.
> > To post to this group, send email to etsy-...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > etsy-api-v2...@googlegroups.com.
> > For more options, visit this group at
david olick
Jun 28, 2011, 1:13:14 AM6/28/11
to etsy-...@googlegroups.com
Are you using a real POST or a method=POST?
GraGra33
Jun 28, 2011, 1:19:05 AM6/28/11
to Etsy API V2
We use proper method of POSTing data and switch content types from
"application/x-www-form-urlencoded" to "multipart/form-data;" if
there's raw file data involved.
G.
> > > >http://groups.google.com/group/etsy-api-v2?hl=en.-Hide quoted text -
"application/x-www-form-urlencoded" to "multipart/form-data;" if
there's raw file data involved.
G.
>
> > > - Show quoted text -
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Etsy API V2" group.
> > To post to this group, send email to etsy-...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > etsy-api-v2...@googlegroups.com.
> > For more options, visit this group at
> >http://groups.google.com/group/etsy-api-v2?hl=en.
>
> --
> David Olick
> CTO
> Oriku Inc.- Hide quoted text -
> > > - Show quoted text -
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Etsy API V2" group.
> > To post to this group, send email to etsy-...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > etsy-api-v2...@googlegroups.com.
> > For more options, visit this group at
> >http://groups.google.com/group/etsy-api-v2?hl=en.
>
> --
> David Olick
> CTO
david olick
Jun 28, 2011, 1:51:05 AM6/28/11
to etsy-...@googlegroups.com
Hmm... Is it possible you could give us some raw POST data so we can compare?
GraGra33
Jun 28, 2011, 2:04:39 AM6/28/11
to Etsy API V2
Better Still ... you can run your keys in our comms Library... Source
code with sample code can be downloaded from here:
http://www.tools4etsy.com/Developer/Etsy/v2/Api/Download
G.
> > > > > >http://groups.google.com/group/etsy-api-v2?hl=en.-Hidequoted text
code with sample code can be downloaded from here:
http://www.tools4etsy.com/Developer/Etsy/v2/Api/Download
G.
FotoFuze Oriku
Jun 28, 2011, 2:15:24 AM6/28/11
to etsy-...@googlegroups.com
Sorry GraGra, we don't have ready access to visual studio and related stuff :( The best explanation that we can muster right now is that either Etsy is calculating oauth signatures differently than yesterday for POST data. We *only* use multipart/form-data, so perhaps the difference is there. We'll continue looking at it! Thanks for the help!
GraGra33
Jun 28, 2011, 2:21:29 AM6/28/11
to Etsy API V2
Tools are free ... http://www.microsoft.com/express
> >http://groups.google.com/group/etsy-api-v2?hl=en.- Hide quoted text -
Reply all
Reply to author
Forward
0 new messages