GET requests to organizations and users fail

[Adam Lord]

My api key is 8670b092d3fc3a914dbbd38131caf0b43a39246ab6e3ee97dde81bcb8e1b80b2

I'm able to successfully get single and multiple petitions and petition ids, but every get request on the users and organizations resources return failure. For example:

https://api.change.org/v1/users/200?api_key={{ api_key }}&api_secret={{ api_secret }}

https://api.change.org/v1/users/get_id?api_key={{ api_key }}&api_secret={{ api_secret }}&user_url=http%3A%2F%2Fwww.change.org%2Fmembers%2F1365223

https://api.change.org/v1/organizations/298374?api_key={{ api_key }}&api_secret={{ api_secret }}

https://api.change.org/v1/organizations/get_id?api_key={{ api_key }}&api_secret={{ api_secret }}&organization_url=http%3A%2F%2Fwww.change.org%2Forganizations%2Fsierraclub

all return:

{
"result": "failure",
"messages": []
}

Are there required parameters that I need to include? Am I doing something else incorrectly? Or is something wrong with the API?

[alain]

Hi Adam,

Im sorry to hear that you're having difficulty. What is the response code that you are getting back from the API?

- Alain

[Adam Lord]

Hi Alain - Thanks for responding so quickly! 

I'm getting a response of 401, but I found that confusing because there was no "unauthorized request" message in the response.

[alain]

No problem, Adam. Im glad to help. Im looking into it at the moment and will get back to you shortly. 

[alain]

Hi Adam,

I did some testing and it looks like the API is working just fine. I even entered in your API key in order to make sure. This is most likely an implementation problem. Feel free to post your code and we can take a look.

- A

[Adam Lord]

I'm writing a Python wrapper to use in Django, and it's possible there's an implementation error in there, but I've implemented the organizations and users calls in exactly the same way as I did petitions. But I feel like I should at least be able to get some data in a browser.

Do you get a successful response at this address?

https://api.change.org/v1/users/200?api_key=8670b092d3fc3a914dbbd38131caf0b43a39246ab6e3ee97dde81bcb8e1b80b2&api_secret=API_SECRET_HERE

Assuming 200 is a valid user ID?

[alain]

Hi Adam.

I do get a successful response for orgs and user requests. It won't hurt but you're not supposed to put the secret into your API request query params. I also notice that your url doesn't include the timestamp, endpoint, and request signature (rsig) query parameters. Are you including those? 

[Adam Lord]

No, I wasn't including those -- I didn't know they were required for these requests. I will try that and get back to you. Thanks!

[alain]

Hi Adam.

For some requests, we don't require authorization since it is public information (petition id, petition info, etc.) But for other requests, we do require that the request be authorized. The API requests that were failing, were because of this. I do see a problem in that the failure messages were not appearing for you. I'll get back to you on that.

- Alain

[Adam Lord]

Is a request signature required for every request? The documentation says the rsig is only for requests that create or modify. I'm just trying to do a GET on an organization, and the response message is "Invalid request signature" whether or not I include the rsig I've generated, which I believe I've done correctly...

Sorry, I know I'm not making it easy to debug.

[alain]

Hi Adam,

No need to be sorry. I believe the API documentation is in error. The organization and user endpoints require a request signature. I'll see about getting it updated to reflect the current implementation. I apologize for the misinformation.

- Alain

[Adam Lord]

Sorry, Alain, still not working for me.

This is the url I'm hitting:

https://api.change.org/v1/organizations/200?api_key=8670b092d3fc3a914dbbd38131caf0b43a39246ab6e3ee97dde81bcb8e1b80b2&endpoint=/v1/organizations/200&timestamp=2012-11-09T22:34:04Z&api_secret=(SECRET)&rsig=f49e4eebec14b1cfd8c3cbf4403cd7b195b90c82610d122362c5c8c62daeb2a7

And I'm getting "Invalid request signature" as a response. For my request signature, this is my GET query string:

api_key=8670b092d3fc3a914dbbd38131caf0b43a39246ab6e3ee97dde81bcb8e1b80b2&endpoint=/v1/organizations/200&timestamp=2012-11-09T22:34:04Z(SECRET)

In python, I'm running that through hashlib.sha256(query string).hexdigest()

Is it safe to assume if I'm getting that response that the problem is in my rsig parameter? Do you see anything I'm obviously doing wrong?

Thanks!

-Adam

[Eric Lukoff]

Hi Adam - We just updated the API to drop the rsig requirement for organization and user information requests. It now follows the same pattern as petition information requests, which it should have from the outset. Sorry for the confusion. All you should need to do is call http://api.change.org/v1/organizations/:organization_id?api_key=[your key].

In terms of correctly building the rsig for other requests, at a quick glance, that appears to be the right sequence to build the rsig, but it would be easiest to look at source code to troubleshoot. If you want to share that here, we'd be happy to take a quick look.

Thanks,

Eric

-- 

Eric Lukoff

Product Manager

Change.org

[Eric Lukoff]

And that should have been https:// not http, just a typo!

One more thing is that we are currently experiencing a temporary issue on our end unrelated to the API. When that's resolved, this should work as normal. I will let you know when.

Eric

[Adam Lord]

Great, thanks Eric!