'Access Denied' message and so on
215 views
Skip to first unread message
Julian
Jul 14, 2010, 11:39:03 PM7/14/10
to Etsy API V2
Earlier I sent an email asking about an unusual response I'd seen
logged, 'Access Denied'. I noticed you can receive this error by
asking inaccurate fields. Fields that are not available on the public
endpoint give the same message as non-existent fields.
http://openapi.etsy.com/v2/public/users/horsey?api_key=9vyp5wthtuxsmht2myt3gb2c&limit=90&offset=0&fields=sandwich_preference
yields a 403 Forbidden with the message 'Access Denied'.
This is only if the field is the only field requested. You can ask for
http://openapi.etsy.com/v2/public/shops/mywaytosay/listings/active?api_key=9vyp5wthtuxsmht2myt3gb2c&limit=90&offset=0&fields=user_id,blood_type
and receive a valid result, as if you only specified the user_id. The
invalid field name is ignored. However, if you ask for only an
invalid field
http://openapi.etsy.com/v2/public/shops/mywaytosay/listings/active?api_key=9vyp5wthtuxsmht2myt3gb2c&limit=90&offset=0&fields=consuelos_grandmothers_maiden_name
Your receive the message about access being denied, which could hurt
some developer's feelings. I'm not sure what the right response here
would be. I guess HTTP 200, count 0, empty results would be
appropriate.
Unlike fields, invalid include names have no effect.
As another note about error mesages, specifying an invalid limit on
the Images association for a Listing gives a 400 saying
limit must be <= 100
It also says this when the message is less than 1, including negative
numbers. So, >0 and <=100 might be more accurate.
I also noticed associations like the image offset on
findAllShopListingsActive (&includes=Images:1:46724) accept numbers up
to 50000 before giving an error. The offset for that particular
association is unlikely to ever go over 4, of course.
So, not like these particular issues are causing problems, but I
thought they may be worth noting. Especially when you're starting out
with something like this, the more consistent the error messages the
better.
logged, 'Access Denied'. I noticed you can receive this error by
asking inaccurate fields. Fields that are not available on the public
endpoint give the same message as non-existent fields.
http://openapi.etsy.com/v2/public/users/horsey?api_key=9vyp5wthtuxsmht2myt3gb2c&limit=90&offset=0&fields=sandwich_preference
yields a 403 Forbidden with the message 'Access Denied'.
This is only if the field is the only field requested. You can ask for
http://openapi.etsy.com/v2/public/shops/mywaytosay/listings/active?api_key=9vyp5wthtuxsmht2myt3gb2c&limit=90&offset=0&fields=user_id,blood_type
and receive a valid result, as if you only specified the user_id. The
invalid field name is ignored. However, if you ask for only an
invalid field
http://openapi.etsy.com/v2/public/shops/mywaytosay/listings/active?api_key=9vyp5wthtuxsmht2myt3gb2c&limit=90&offset=0&fields=consuelos_grandmothers_maiden_name
Your receive the message about access being denied, which could hurt
some developer's feelings. I'm not sure what the right response here
would be. I guess HTTP 200, count 0, empty results would be
appropriate.
Unlike fields, invalid include names have no effect.
As another note about error mesages, specifying an invalid limit on
the Images association for a Listing gives a 400 saying
limit must be <= 100
It also says this when the message is less than 1, including negative
numbers. So, >0 and <=100 might be more accurate.
I also noticed associations like the image offset on
findAllShopListingsActive (&includes=Images:1:46724) accept numbers up
to 50000 before giving an error. The offset for that particular
association is unlikely to ever go over 4, of course.
So, not like these particular issues are causing problems, but I
thought they may be worth noting. Especially when you're starting out
with something like this, the more consistent the error messages the
better.
Julian
Jul 14, 2010, 11:41:35 PM7/14/10
to Etsy API V2
Hey, that's nice how I forgot to edit out my api key, by the way. Um,
well.... Etsy did say they weren't meant to be secret.
well.... Etsy did say they weren't meant to be secret.
James Lee
Jul 15, 2010, 12:35:51 AM7/15/10
to etsy-...@googlegroups.com
Hi Julian,
Thank you for your report. We are aware of this bug and are working to provide a more helpful error message for nonexistent fields and for nonexistent include fields. Hopefully we can come up with something more informative than hurtful. We'll also take a look at the other issues as well.
If you'd like, send me an email with your Developer API username, and I'll create new api keys for you. Remember to then update the keys for your application.
Best,
James Lee
Developer API Team
Etsy.com
Julian L.
Jul 15, 2010, 12:51:14 AM7/15/10
to etsy-...@googlegroups.com
Thanks James, just noting my random observations as I poke and prod the new API. I'll send an email and we can work out a solution for my indiscretion!
Have a nice nigt,
Julian
Julian L.
Jul 15, 2010, 1:40:38 AM7/15/10
to etsy-...@googlegroups.com
Oh, and I was mentioning the 'Access Denied' result because as noted in a previous report, I received this error for calls that were syntactically valid. When I asked earlier, Justin said perhaps it was the QPS limit. I haven't seen the text message for the new API, but I see that exceeding the limit returns a 403, as do these calls. This wasn't reproducible on those valid calls; after a period of time the same parameters produced a successful result. So, is the text message for exceeding the APS limit indeed 'Access Denied'? I'll post again if I note any situations in which Access Denied is returned when not expected.
Reply all
Reply to author
Forward
0 new messages