Unauthorized to delete files through API on demo.dataverse.org

[Joenio Costa]

I'm trying to delete a file from demo.dataverse.org using the SWORD API but I'm receiving a response code 401 'Unauthorized'.

I would like to know if I'm doing something wrong on the API or if the demo.dataverse.org instance in fact doesn't authorize deleting files using SWORD API?

I'm using node-fetch (javascript) and the endpoint I'm trying is the one below, also I have a TOKEN and I'm passing the token on the HTTP request header properly.

* https://demo.dataverse.org/dvn/api/data-deposit/v1.1/swordv2/edit-media/file/{file_id}

Thanks!

[danny...@g.harvard.edu]

Hi, 

Other more technical people may have some better answers, but I'll suggest something...

The workflow in the UI is that you delete a file,  a draft is created, and then you have to publish that draft to make the changes visible. Are you able to verify whether or not the draft was created and if we're just passing an incorrect response code? It may be helpful to try this process through the UI to see if there's some more robust error messaging. 

- Danny 

[Joenio Costa]

Thanks Danny for your time!

I found the problem, I was making a mistake on authorization because the way authentication is done differs between Dataverse Native API and SWORD API.

In Dataverse Native API it needed to send on HTTP request the header `X-Dataverse-key: ${TOKEN}`.

But in the SWORD API the header `X-Dataverse-key` doesn't work and it is needed to send the header to do a http basic authentication like `Authorization: Basic ${base64("TOKEN:")}`.

Follow my code as example in order to help someone else that eventually faces the same error:

```javascript

const fetch = require('node-fetch');

const SERVER = 'https://demo.dataverse.org';
const TOKEN = '********-****-****-****-************';

function deleteFile(fileId) {
  let options = {
    method: 'DELETE',
    headers: {
      "Authorization": "Basic " + Buffer.from(TOKEN + ':').toString('base64'),
    }
  };
  return fetch(`${SERVER}/dvn/api/data-deposit/v1.1/swordv2/edit-media/file/${fileId}`, options);
}

deleteFile('9999999').then(res => console.log(res)).catch((err) => { throw(err) })
```

[danny...@g.harvard.edu]

Thanks for the update and for adding the working example here! If there's something we can make more clear in the API Guide, we'd welcome any suggestions or pull requests. 

- Danny

[Joenio Costa]

I think would be nice to update the Dataverse API doc with some examples of using SWORD API by code (can be examples in javascript as I sent in last message or python, or other language). Specially to be clear about the authentication differences between native api and sword api.

[Philip Durbin]

Hi Joenio,

In general, we try to only use curl examples in the API Guide (to be language agnostic) but I'm aware of a Python example here or there. Please feel free to go ahead and create an issue at https://github.com/IQSS/dataverse/issues with your suggestion. At the very least I think we should do something to emphasize that the SWORD API does indeed have quite a different auth mechanism. I'm sorry you got tripped up but I'm glad you figured it out. Also, thanks for your recent contributions to dataverse-client-javascript!

Thanks,

Phil

--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-commu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/6f382a58-4bb0-4e0f-b0f7-c3029e0cd6a6n%40googlegroups.com.

--

Philip Durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin

[Joenio Costa]

Hi Philip,

I agree that emphasizing it on documentation would be good enough, I created a issue to track this point:

https://github.com/IQSS/dataverse/issues/7441

About my contributions on dataverse-client-javascript: You're welcome, I'm glad to help the project.

Best,