C# .NET GetAuthorizationList

[robsa...@gmail.com]

What am I missing?

I'm totally new to Channel Advisor and understand that I have to retrieve the Account GUID via GetAuthorizationList. I have used SOAP calls to other services in the past but am totally failing to get C# .NET to return anything from the interface. Can anyone help, please? I've enclosed the code I'm using below. Please let me know what I'm doing wrong or, if possible, provide some alternative c# code that works:

Thanks,

Rob

using System;

using System.Collections.Generic;

using System.IO;

using System.Linq;

using System.Net;

using System.Threading.Tasks;

using System.Windows.Forms;

using System.Xml;

namespace SOAPTest

{

public class Program

{

/// <summary>

/// Execute a Soap WebService call

/// </summary>

public static void Execute()

{

HttpWebRequest request = CreateWebRequest();

XmlDocument soapEnvelopeXml = new XmlDocument();

soapEnvelopeXml.LoadXml(@"<?xml version=""1.0"" encoding=""utf-8""?>

<soapenv:Envelope xmlns:soapenv=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:web=""http://api.channeladvisor.com/webservices/"">

<soapenv:Header>

<web:APICredentials>

<web:DeveloperKey>???????</web:DeveloperKey>

<web:Password>??????</web:Password>

</web:APICredentials>

</soapenv:Header>

<soapenv:Body>

<web:GetAuthorizationList />

</soapenv:Body>

</soapenv:Envelope>");

using (Stream stream = request.GetRequestStream())

{

soapEnvelopeXml.Save(stream);

}

using (WebResponse response = request.GetResponse())

{

using (StreamReader rd = new StreamReader(response.GetResponseStream()))

{

string soapResult = rd.ReadToEnd();

Console.WriteLine(soapResult);

}

}

}

/// <summary>

/// Create a soap webrequest to [Url]

/// </summary>

/// <returns></returns>

public static HttpWebRequest CreateWebRequest()

{

HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(@"https://api.channeladvisor.com/ChannelAdvisorAPI/v7/AdminService.asmx?WDSL");

webRequest.Headers.Add(@"SOAP:Action");

webRequest.ContentType = "text/xml;charset=\"utf-8\"";

webRequest.Accept = "text/xml";

webRequest.Method = "POST";

return webRequest;

}

static void Main(string[] args)

{

Execute();

}

}

}

[[ChannelAdvisor] Marshall McClure]

Hi Rob,

I see two problems and have one suggestion for you.

Problem 1) The endpoint URL should be https://api.channeladvisor.com/ChannelAdvisorAPI/v7/AdminService.asmx without the ?WSDL parameter at the end.

Problem 2) The SOAPAction header should look like this: SOAPAction: "http://api.channeladvisor.com/webservices/GetAuthorizationList"

Suggestion: The great thing about C#'s support for SOAP is that you can create a service reference or web reference to the WSDL URL, and Visual Studio will generate proxy classes for you that will allow you interact with objects and methods instead of manually building XML and parsing HTTP responses. Switching over to a service reference will reduce the occurrence of little problems like the ones I listed above and make your code much easier to read and write. We have provided an example in our documentation at https://developer.channeladvisor.com/soap-api-documentation/order-services/order-service/getorderlist/application-example-getorderlist-by-exportstate.

Regards,

M

[martin...@herschel.com]

Hi Marshall,

Like Rob, I'm new to ChannelAdvisor and I'm currently trying to create a simple .Net application to login and pull some data down.  I have created the web services reference as described in the link you provided.  When I try to run the code I get a 'The request failed with HTTP status 403: Forbidden.'.  I assume this is a problem in the account setup or credentials that I'm using.

Dev Key: -Developer key used to log into the developer console (https://developer.channeladvisor.com/the-developer-console)

Password: Password used along with the Developer Key to log into the developer console.

AccountID: AccountID generated when associating the developer application with the company in the channeladvisor portal.

There is also a lot of talk about using tokens.  Are they needed to run an example like this?

Thanks,

Martin

[[ChannelAdvisor] Marshall McClure]

Hi Martin,

If you are getting 403 responses, then you probably have not completed all of the steps required to become authorized. It is not clear to me if you are using the REST API or SOAP API, so I will give you documentation links for both. REST: https://developer.channeladvisor.com/authorization. SOAP: https://developer.channeladvisor.com/soap-api-documentation/understanding-security. If you are creating a new API integration, I strongly recommend you choose REST instead of our legacy SOAP platform, unless of course there are mitigating circumstances.

If any of the documentation is unclear, I would be happy to clarify.

Regards,

M

[Martin Palmer]

Hi Marshall,

Unfortunately I am finding the documentation unclear.  I don't care if I use SOAP or REST.  What I do need is a simple example to show me how in a .Net application that I can connect to CA.  I suspect the code samples are SOAP based and the documentation is focused on REST using Tokens for authentication.

What I'm trying to do is build an integration that will connect our back end system to CA and pull order information down.  This is a B2B system and will be polling regularly for new orders.

Can you point me to a .Net code sample of how to connect to CA with a clear explanation as to how to setup CA to allow authorization for the call.

Thanks,

Martin

--
You received this message because you are subscribed to a topic in the Google Groups "ChannelAdvisor Developer Network" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cadn/09C7GT9oKpA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cadn+unsubscribe@googlegroups.com.
To post to this group, send email to ca...@googlegroups.com.
Visit this group at https://groups.google.com/group/cadn.
For more options, visit https://groups.google.com/d/optout.

--

Martin Palmer

Integrations Developer

Herschel Supply Company

www.herschelsupply.com

This email (including any attachments) may contain confidential and/or privileged information. Any unauthorized distribution, copying or disclosure is prohibited

This email (including any attachments) may contain confidential and/or privileged information. Any unauthorized distribution, copying or disclosure is prohibited.

[[ChannelAdvisor] Marshall McClure]

Martin,

I cannot help unless you tell me what you don't understand, so please be more specific about what is unclear. Our REST API uses a standard OAuth 2.0 authorization flow. You can review the basics of OAuth 2.0 here if you are not familiar. Our documentation provides step by step instructions for our authorization flow here. If you would rather use the Developer Console UI to generate a refresh token, there are instructions for that here, and thereafter you can use the Token endpoint to generate access tokens as needed. Since a basic .Net HttpWebRequest is all you need to submit requests to the REST API, its documentation does not contain code samples. You may find it helpful to start out by using an API testing tool like ARC or Postman to interact with the API a bit before you move into code.

M

[Martin Palmer]

Hi Marshall,

OK can you answer this...  With the code example that you shared with Rob (https://developer.channeladvisor.com/soap-api-documentation/order-services/order-service/getorderlist/application-example-getorderlist-by-exportstate), which is a SOAP implementation, what are the values that I need to enter into the Dev Key, Password and Account ID fields?

Below is what I have tried using without success (The request failed with HTTP status 403: Forbidden exception).

Dev Key: -Developer key used to log into the developer console (https://developer.channeladvisor.com/the-developer-console)

Password: Password used along with the Developer Key to log into the developer console.

AccountID: AccountID generated when associating the developer application with the company in the channeladvisor portal.

Martin

On Thu, Oct 5, 2017 at 11:21 AM, '[ChannelAdvisor] Marshall McClure' via ChannelAdvisor Developer Network <ca...@googlegroups.com> wrote:

--

You received this message because you are subscribed to a topic in the Google Groups "ChannelAdvisor Developer Network" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cadn/09C7GT9oKpA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cadn+unsubscribe@googlegroups.com.
To post to this group, send email to ca...@googlegroups.com.
Visit this group at https://groups.google.com/group/cadn.
For more options, visit https://groups.google.com/d/optout.

--

Martin Palmer

Integrations Developer

Herschel Supply Company

www.herschelsupply.com

This email (including any attachments) may contain confidential and/or privileged information. Any unauthorized distribution, copying or disclosure is prohibited

[[ChannelAdvisor] Marshall McClure]

Those are the correct values. However, in the SOAP API, access to an account must be requested via the AdminService.RequestAccess method and then granted on the Account Authorizations page in the ChannelAdvisor UI. A 403 error indicates that access has not been granted, or some other step in the process has not been completed.

[Martin Palmer]

Hi Marshall,

Can you expand on the 'or some other step in the process has not been completed.'.  The screenshot is from the Account Authorizations page in the CA UI and the next column in the table form the screenshot states that the record (Account ID) is enabled.  So I believe I have completed the steps that are required.

I have successfully generated the Developer Key

I have successfully associated the Developer Key with a CA Profile and have generated an Account ID which is shown as 'Enabled'.

I'm running sample code from the CA site.

Here is the generated app config file showing the endpoints that are being used...

<?xml version="1.0" encoding="utf-8" ?>

<configuration>

    <configSections>

        <sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >

            <section name="InitialInvestidation.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />

        </sectionGroup>

    </configSections>

    <startup> 

        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />

    </startup>

    <system.serviceModel>

        <bindings>

            <basicHttpBinding>

                <binding name="OrderServiceSoap">

                    <security mode="Transport" />

                </binding>

                <binding name="OrderServiceSoap1" />

            </basicHttpBinding>

        </bindings>

        <client>

            <endpoint address="https://api.channeladvisor.com/ChannelAdvisorAPI/v6/OrderService.asmx"

                binding="basicHttpBinding" bindingConfiguration="OrderServiceSoap"

                contract="ChannelAdvisorClient.OrderServiceSoap" name="OrderServiceSoap" />

        </client>

    </system.serviceModel>

    <applicationSettings>

        <InitialInvestidation.Properties.Settings>

            <setting name="InitialInvestidation_com_channeladvisor_api_OrderService"

                serializeAs="String">

                <value>https://api.channeladvisor.com/ChannelAdvisorAPI/v6/OrderService.asmx</value>

            </setting>

        </InitialInvestidation.Properties.Settings>

    </applicationSettings>

</configuration>

What else needs to be configured/completed?

Martin

[[ChannelAdvisor] Marshall McClure]

If the authorization is enabled then you should be all set. When you submit a request, what is the error message in body of the response?

As an aside, V6 is an obsolete version of the SOAP API. Not that it would make a difference in auth+auth errors, but the current version is V7.

[Martin Palmer]

Hi Marshall,

The whole error message is "The request failed with HTTP status 403: Forbidden." and there is no inner exceptions.

This is the stack trace for the exception:

   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)

   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)

   at InitialInvestidation.com.channeladvisor.api.OrderService.GetOrderList(String accountID, OrderCriteria orderCriteria) in C:\HIP Herschel Integration Platform\AppService\ChannelAdvisorAppServices\InitialInvestidation\Web References\com.channeladvisor.api\Reference.cs:line 443

   at InitialInvestidation.Form1.btnGetOrders_Click(Object sender, EventArgs e) in C:\HIP Herschel Integration Platform\AppService\ChannelAdvisorAppServices\InitialInvestidation\Form1.cs:line 60

Fiddler captured this as the sent data:

<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Header><APICredentials xmlns="http://api.channeladvisor.com/webservices/"><DeveloperKey>XXXXXXXXXXXX</DeveloperKey><Password>XXXXXXX</Password></APICredentials></soap:Header><soap:Body><GetOrderList xmlns="http://api.channeladvisor.com/webservices/"><accountID>XXXXXXXXXXX</accountID><orderCriteria><OrderCreationFilterBeginTimeGMT xsi:nil="true" xmlns="http://api.channeladvisor.com/datacontracts/orders" /><OrderCreationFilterEndTimeGMT xsi:nil="true" xmlns="http://api.channeladvisor.com/datacontracts/orders" /><StatusUpdateFilterBeginTimeGMT xmlns="http://api.channeladvisor.com/datacontracts/orders">2017-09-05T16:37:38.0491065Z</StatusUpdateFilterBeginTimeGMT><StatusUpdateFilterEndTimeGMT xmlns="http://api.channeladvisor.com/datacontracts/orders">2017-10-05T16:37:38.0491065Z</StatusUpdateFilterEndTimeGMT><JoinDateFiltersWithOr xsi:nil="true" xmlns="http://api.channeladvisor.com/datacontracts/orders" /><DetailLevel xmlns="http://api.channeladvisor.com/datacontracts/orders">Complete</DetailLevel><ExportState xmlns="http://api.channeladvisor.com/datacontracts/orders">NotExported</ExportState><PaymentStatusFilter xmlns="http://api.channeladvisor.com/datacontracts/orders">Cleared</PaymentStatusFilter><ShippingStatusFilter xmlns="http://api.channeladvisor.com/datacontracts/orders">Unshipped</ShippingStatusFilter><PageNumberFilter xmlns="http://api.channeladvisor.com/datacontracts/orders">1</PageNumberFilter><PageSize xmlns="http://api.channeladvisor.com/datacontracts/orders">20</PageSize></orderCriteria></GetOrderList></soap:Body></soap:Envelope>

Response 

<soap:Envelope xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'>

                           <soap:Body>

                              <soap:Fault>

                                 <faultcode>soap:Server</faultcode>

                                 <faultstring>Server was unable to process request. Authorization failed.</faultstring>

                                 <detail/>

                              </soap:Fault>

                           </soap:Body>

                        </soap:Envelope>

Martin

[[ChannelAdvisor] Marshall McClure]

Thank you. A 403 from the SOAP API can be an authentication error or an authorization error, so this narrows things down. I was able to find your developer key in our system, and it does not have any SOAP authorizations, which you can verify by submitting a GetAuthorizationList request. The record you see in the Account Authorizations page is related to REST permissions. The authorization systems for SOAP and REST are separate, so being granted REST access does not also grant SOAP access to the same account(s). To aid our clients in transitioning from SOAP to REST, we do offer an authorization flow in the REST API that uses legacy SOAP permissions to grant the same permissions in the REST API, however that is not the recommended authorization flow for new clients since the proper OAuth 2.0 flow is more secure. I hope that clears things up.

M

[Martin Palmer]

Hi Marshall,

I have been working with CA's support team today and have a sample REST app working using oAuth.

Thanks, for your help.  It helped to clarify why I was having problems.  This in turn assisted me working towards a solution.

I would strongly suggest creating some sample code using REST and oAuth for people to get started on their integration.

Martin

Martin

[Derek Tremblay]

Hi Martin,

I find myself in the same exact situation as you.  Did you ever find any sample code using REST and oAuth that got your development kick started?

I am using Visual Studio and also have the API Postman tool to create simple requests outside of the VS environment.

Any help you could provide would be great!

Derek

To unsubscribe from this group and all its topics, send an email to ca...@googlegroups.com.

To post to this group, send email to ca...@googlegroups.com.
Visit this group at https://groups.google.com/group/cadn.
For more options, visit https://groups.google.com/d/optout.

--

Martin Palmer

Integrations Developer

Herschel Supply Company

www.herschelsupply.com

This email (including any attachments) may contain confidential and/or privileged information. Any unauthorized distribution, copying or disclosure is prohibited

This email (including any attachments) may contain confidential and/or privileged information. Any unauthorized distribution, copying or disclosure is prohibited.

--
You received this message because you are subscribed to a topic in the Google Groups "ChannelAdvisor Developer Network" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cadn/09C7GT9oKpA/unsubscribe.

To unsubscribe from this group and all its topics, send an email to ca...@googlegroups.com.

To post to this group, send email to ca...@googlegroups.com.
Visit this group at https://groups.google.com/group/cadn.
For more options, visit https://groups.google.com/d/optout.

--

Martin Palmer

Integrations Developer

Herschel Supply Company

www.herschelsupply.com

This email (including any attachments) may contain confidential and/or privileged information. Any unauthorized distribution, copying or disclosure is prohibited

This email (including any attachments) may contain confidential and/or privileged information. Any unauthorized distribution, copying or disclosure is prohibited.

--
You received this message because you are subscribed to a topic in the Google Groups "ChannelAdvisor Developer Network" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cadn/09C7GT9oKpA/unsubscribe.

To unsubscribe from this group and all its topics, send an email to ca...@googlegroups.com.

To post to this group, send email to ca...@googlegroups.com.
Visit this group at https://groups.google.com/group/cadn.
For more options, visit https://groups.google.com/d/optout.

--

Martin Palmer

Integrations Developer

Herschel Supply Company

www.herschelsupply.com

This email (including any attachments) may contain confidential and/or privileged information. Any unauthorized distribution, copying or disclosure is prohibited

This email (including any attachments) may contain confidential and/or privileged information. Any unauthorized distribution, copying or disclosure is prohibited.

--
You received this message because you are subscribed to a topic in the Google Groups "ChannelAdvisor Developer Network" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cadn/09C7GT9oKpA/unsubscribe.

To unsubscribe from this group and all its topics, send an email to ca...@googlegroups.com.

To post to this group, send email to ca...@googlegroups.com.
Visit this group at https://groups.google.com/group/cadn.
For more options, visit https://groups.google.com/d/optout.

--

Martin Palmer

Integrations Developer

Herschel Supply Company

www.herschelsupply.com

This email (including any attachments) may contain confidential and/or privileged information. Any unauthorized distribution, copying or disclosure is prohibited