[ANNOUNCE] New Developer Community site and API have launched

151 views
Skip to first unread message

Justin Kerr Sheckler

unread,
Jun 28, 2011, 2:43:42 PM6/28/11
to etsy-...@googlegroups.com
Hi All,

I'm pleased to announce that our new Developer Community pages and API
are live now at http://www.etsy.com/developers!

Until yesterday, our API has been proxied by Mashery, who've handled
our API keys, rate limiting, and OAuth authentication. Our Developer
Community pages at developer.etsy.com have also been hosted by
Mashery. Mashery has been a great help to us over the past two
years, and we wish them the best for the future. However, for various
reasons, it makes sense for us now to take over hosting the full API
infrastructure from end-to-end.

Here are some important things to know:

* The production API has moved to http://openapi.etsy.com/v2. The
separate /v2/public and /v2/private entry points are now deprecated
(although we'll still support the old URLs for 90 days.) The API now
detects whether or not you are using OAuth automatically; so the
separate /private and /public paths are no longer needed.

* The sandbox API has moved to http://sandbox.openapi.etsy.com/v2/.
The http://openapi.etsy.com/v2/sandbox/* entry points are no longer
supported.

* Your production API keys have been migrated to the new platform. If
you had an App Gallery entry, your keys should already be associated
with your Etsy member account at
https://www.etsy.com/developers/your-apps.

* If you did not have an App Gallery entry, please visit
https://www.etsy.com/developers/account-migration to "claim" your
production API keys and associate them with your Etsy member account.

* Sandbox keys are no longer needed and have been discarded. The new
API uses the same keystrings and shared secrets for both the production and
sandbox APIs.

* If you did NOT yet have a production key, visit
https://www.etsy.com/developers/register to get a new API key.

* Request tokens now include a fully-populated 'login_url' element.
Please start using this verbatim and do not add or change any
parameters. We will support the old login URL patterns to the best of
our ability for the next 90 days.

We're also introducing an entirely new feature with this relaunch:
OAuth Permission Scopes. These allow you to narrow down the list of
permissions that Etsy members see on the OAuth signin page to just the
permissions you intend to use. To get started, see the documentation
at http://www.etsy.com/developers/documentation/getting_started/oauth.

To maintain backwards-compatibility, for the time being, we're
interpreting request tokens with no "scope" parameter to involve all
possible permissions (some of you noticed the expanded list visible
on the OAuth signin page yesterday.) Once everyone has updated their
apps, we'll redefine blank scopes to mean a very restrictive set of
permissions.

Because we are migrating the API to an entirely new platform, there
are bound to be some bumps along the way. As of this writing, 96%
of the requests coming through the new API are being served without
issue. We're aware of the following problems and are actively working
to resolve them:

* Problems with signing OAuth PUT requests (although we're able to
make successful POST requests with "method=PUT", which is equivalent.)

* Problems with signing OAuth POST requests with multipart form data.

Justin Kerr Sheckler
Developer API Lead
Etsy.com
jus...@etsy.com

R. S.

unread,
Jun 28, 2011, 3:25:35 PM6/28/11
to Etsy API V2
Hmm, my API calls are now failing at the new URLs. Have our API Keys
and shared secret keys changed? Also, I see that the app that I had
that was approved before is now no longer approved in the new
production environment? Did we have to submit our apps again? Right
now, all our apps are down until this can get fixed :(

On Jun 28, 2:43 pm, Justin Kerr Sheckler <jus...@etsy.com> wrote:
> Hi All,
>
> I'm pleased to announce that our new Developer Community pages and API
> are live now athttp://www.etsy.com/developers!
>
> Until yesterday, our API has been proxied by Mashery, who've handled
> our API keys, rate limiting, and OAuth authentication.  Our Developer
> Community pages at developer.etsy.com have also been hosted by
> Mashery.  Mashery has been a great help to us over the past two
> years, and we wish them the best for the future. However, for various
> reasons, it makes sense for us now to take over hosting the full API
> infrastructure from end-to-end.
>
> Here are some important things to know:
>
> * The production API has moved tohttp://openapi.etsy.com/v2.  The
> separate /v2/public and /v2/private entry points are now deprecated
> (although we'll still support the old URLs for 90 days.) The API now
> detects whether or not you are using OAuth automatically; so the
> separate /private and /public paths are no longer needed.
>
> * The sandbox API has moved tohttp://sandbox.openapi.etsy.com/v2/.
> Thehttp://openapi.etsy.com/v2/sandbox/*entry points are no longer
> supported.
>
> * Your production API keys have been migrated to the new platform. If
> you had an App Gallery entry, your keys should already be associated
> with your Etsy member account athttps://www.etsy.com/developers/your-apps.
>
> * If you did not have an App Gallery entry, please visithttps://www.etsy.com/developers/account-migrationto "claim" your
> production API keys and associate them with your Etsy member account.
>
> * Sandbox keys are no longer needed and have been discarded. The new
> API uses the same keystrings and shared secrets for both the production and
> sandbox APIs.
>
> * If you did NOT yet have a production key, visithttps://www.etsy.com/developers/registerto get a new API key.
>
> * Request tokens now include a fully-populated 'login_url' element.
> Please start using this verbatim and do not add or change any
> parameters. We will support the old login URL patterns to the best of
> our ability for the next 90 days.
>
> We're also introducing an entirely new feature with this relaunch:
> OAuth Permission Scopes.  These allow you to narrow down the list of
> permissions that Etsy members see on the OAuth signin page to just the
> permissions you intend to use.  To get started, see the documentation
> athttp://www.etsy.com/developers/documentation/getting_started/oauth.

Justin Kerr Sheckler

unread,
Jun 28, 2011, 3:28:03 PM6/28/11
to etsy-...@googlegroups.com
Ron, all the existing Production API keys and OAuth tokens should
still be active. Please let me know what your API key is, and I'll
check its status.

Justin Kerr Sheckler
Developer API Lead
Etsy.com
jus...@etsy.com

> --
> You received this message because you are subscribed to the Google Groups "Etsy API V2" group.
> To post to this group, send email to etsy-...@googlegroups.com.
> To unsubscribe from this group, send email to etsy-api-v2...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/etsy-api-v2?hl=en.
>
>

R. S.

unread,
Jun 28, 2011, 3:33:31 PM6/28/11
to Etsy API V2
Just sent you an email your direct email address. The keys that are
showing in our developer dashboard on the new dev site are nothing
like the keys we used to have, and it doesn't look like we have
production access?
> >> Thehttp://openapi.etsy.com/v2/sandbox/*entrypoints are no longer
> >> supported.
>
> >> * Your production API keys have been migrated to the new platform. If
> >> you had an App Gallery entry, your keys should already be associated
> >> with your Etsy member account athttps://www.etsy.com/developers/your-apps.
>
> >> * If you did not have an App Gallery entry, please visithttps://www.etsy.com/developers/account-migrationto"claim" your
> >> production API keys and associate them with your Etsy member account.
>
> >> * Sandbox keys are no longer needed and have been discarded. The new
> >> API uses the same keystrings and shared secrets for both the production and
> >> sandbox APIs.
>
> >> * If you did NOT yet have a production key, visithttps://www.etsy.com/developers/registertoget a new API key.

Jey B

unread,
Jun 28, 2011, 3:45:11 PM6/28/11
to Etsy API V2
This seems to have fixed up most things but I am still getting
invalid_signatures on a small number of write-calls, specifically
addToCart, createUserFavoriteListings and createUserFavoriteUsers.

I see that other apps are working fine with these calls, but I'm not
entirely sure what the problem can be since all our other requests are
not having the invalid signatures problem?

These methods are the only ones using POST. Can you help with
debugging these?

An example nonce and timestamp are F54EC52A21C94755ACAD0B1CE72DD5D2
and 1309289823 in case this helps. Do you have logging as to why these
are invalid signatures?

Thanks.
> >> Thehttp://openapi.etsy.com/v2/sandbox/*entrypoints are no longer
> >> supported.
>
> >> * Your production API keys have been migrated to the new platform. If
> >> you had an App Gallery entry, your keys should already be associated
> >> with your Etsy member account athttps://www.etsy.com/developers/your-apps.
>
> >> * If you did not have an App Gallery entry, please visithttps://www.etsy.com/developers/account-migrationto"claim" your
> >> production API keys and associate them with your Etsy member account.
>
> >> * Sandbox keys are no longer needed and have been discarded. The new
> >> API uses the same keystrings and shared secrets for both the production and
> >> sandbox APIs.
>
> >> * If you did NOT yet have a production key, visithttps://www.etsy.com/developers/registertoget a new API key.

Jey B

unread,
Jun 28, 2011, 3:57:30 PM6/28/11
to Etsy API V2
Okay, actually I've narrowed it down and I think(?) however you're
signing requests now isn't entirely obeying the OAuth 1.0
specification. The spec states:

"OAuth Protocol Parameters are sent from the Consumer to the Service
Provider in one of three methods, in order of decreasing preference:

- In the HTTP Authorization header as defined in OAuth HTTP
Authorization Scheme.
- As the HTTP POST request body with a content-type of application/x-
www-form-urlencoded.
- Added to the URLs in the query part (as defined by [RFC3986] section
3).

In addition to these defined methods, future extensions may describe
alternate methods for sending the OAuth Protocol Parameters. The
methods for sending other request parameters are left undefined, but
SHOULD NOT use the OAuth HTTP Authorization Scheme header."

For POST request, we use a content-type of application/x-www-form-
urlencoded however, as stated above we include the OAuth protocol
parameters in the preferred method of the Authorization header. The
other request parameters are included in the POST body as mentioned
below.

I believe Etsy is seeing the content-type and either looking for the
OAuth parameters in the POST body or calculating the signature by
including the other request variables which are within the POST body.

Thoughts?
> > >> Thehttp://openapi.etsy.com/v2/sandbox/*entrypointsare no longer
> > >> supported.
>
> > >> * Your production API keys have been migrated to the new platform. If
> > >> you had an App Gallery entry, your keys should already be associated
> > >> with your Etsy member account athttps://www.etsy.com/developers/your-apps.
>
> > >> * If you did not have an App Gallery entry, please visithttps://www.etsy.com/developers/account-migrationto"claim" your
> > >> production API keys and associate them with your Etsy member account.
>
> > >> * Sandbox keys are no longer needed and have been discarded. The new
> > >> API uses the same keystrings and shared secrets for both the production and
> > >> sandbox APIs.
>
> > >> * If you did NOT yet have a production key, visithttps://www.etsy.com/developers/registertogeta new API key.

Jey B

unread,
Jun 28, 2011, 4:06:46 PM6/28/11
to Etsy API V2
I realize I'm just monologuing here, but anyway... maybe including the
post body parameters in the signature IS the official way of doing it?
Either way, Mashery used to deal with these requests fine. I'll be
switching over to this way of signing requests...
> > > >> Thehttp://openapi.etsy.com/v2/sandbox/*entrypointsareno longer
> > > >> supported.
>
> > > >> * Your production API keys have been migrated to the new platform. If
> > > >> you had an App Gallery entry, your keys should already be associated
> > > >> with your Etsy member account athttps://www.etsy.com/developers/your-apps.
>
> > > >> * If you did not have an App Gallery entry, please visithttps://www.etsy.com/developers/account-migrationto"claim" your
> > > >> production API keys and associate them with your Etsy member account.
>
> > > >> * Sandbox keys are no longer needed and have been discarded. The new
> > > >> API uses the same keystrings and shared secrets for both the production and
> > > >> sandbox APIs.
>
> > > >> * If you did NOT yet have a production key, visithttps://www.etsy.com/developers/registertogetanew API key.

FotoFuze Oriku

unread,
Jun 28, 2011, 4:07:44 PM6/28/11
to etsy-...@googlegroups.com
This is fantastic :) I'm glad to see Etsy taking a larger responsibility with regards to the API and Etsy Apps. In the long run, this should be great for everyone! 

david olick

unread,
Jun 28, 2011, 5:11:51 PM6/28/11
to etsy-...@googlegroups.com
Jey, I believe you are right in that they should not include the data in signing the request.  I'm not 100% sure the oauth library I am using even supports that.
--
David Olick
CTO
Oriku Inc.

Justin Kerr Sheckler

unread,
Jun 28, 2011, 10:05:22 PM6/28/11
to etsy-...@googlegroups.com
Hi All,

Thanks for this information; we're still looking into it.

Justin Kerr Sheckler
Developer API Lead
Etsy.com
jus...@etsy.com

GraGra33

unread,
Jun 28, 2011, 11:15:54 PM6/28/11
to Etsy API V2
Congrats on the big move... It's a shame that no warning was given.

Here's hoping to speed gains and better reliability...

G.

On Jun 29, 4:43 am, Justin Kerr Sheckler <jus...@etsy.com> wrote:
> Hi All,
>
> I'm pleased to announce that our new Developer Community pages and API
> are live now athttp://www.etsy.com/developers!
>
> Until yesterday, our API has been proxied by Mashery, who've handled
> our API keys, rate limiting, and OAuth authentication.  Our Developer
> Community pages at developer.etsy.com have also been hosted by
> Mashery.  Mashery has been a great help to us over the past two
> years, and we wish them the best for the future. However, for various
> reasons, it makes sense for us now to take over hosting the full API
> infrastructure from end-to-end.
>
> Here are some important things to know:
>
> * The production API has moved tohttp://openapi.etsy.com/v2.  The
> separate /v2/public and /v2/private entry points are now deprecated
> (although we'll still support the old URLs for 90 days.) The API now
> detects whether or not you are using OAuth automatically; so the
> separate /private and /public paths are no longer needed.
>
> * The sandbox API has moved tohttp://sandbox.openapi.etsy.com/v2/.
> Thehttp://openapi.etsy.com/v2/sandbox/*entry points are no longer
> supported.
>
> * Your production API keys have been migrated to the new platform. If
> you had an App Gallery entry, your keys should already be associated
> with your Etsy member account athttps://www.etsy.com/developers/your-apps.
>
> * If you did not have an App Gallery entry, please visithttps://www.etsy.com/developers/account-migrationto "claim" your
> production API keys and associate them with your Etsy member account.
>
> * Sandbox keys are no longer needed and have been discarded. The new
> API uses the same keystrings and shared secrets for both the production and
> sandbox APIs.
>
> * If you did NOT yet have a production key, visithttps://www.etsy.com/developers/registerto get a new API key.
>
> * Request tokens now include a fully-populated 'login_url' element.
> Please start using this verbatim and do not add or change any
> parameters. We will support the old login URL patterns to the best of
> our ability for the next 90 days.
>
> We're also introducing an entirely new feature with this relaunch:
> OAuth Permission Scopes.  These allow you to narrow down the list of
> permissions that Etsy members see on the OAuth signin page to just the
> permissions you intend to use.  To get started, see the documentation
> athttp://www.etsy.com/developers/documentation/getting_started/oauth.

kevinyc

unread,
Jun 29, 2011, 2:21:59 PM6/29/11
to Etsy API V2
Any ideas when the issues with multipart POST requests will be
resolved? Are we talking hours, days or weeks? I need to tell my users
something.


On Jun 28, 11:43 am, Justin Kerr Sheckler <jus...@etsy.com> wrote:
> Hi All,
>
> I'm pleased to announce that our new Developer Community pages and API
> are live now athttp://www.etsy.com/developers!
>
> Until yesterday, our API has been proxied by Mashery, who've handled
> our API keys, rate limiting, and OAuth authentication.  Our Developer
> Community pages at developer.etsy.com have also been hosted by
> Mashery.  Mashery has been a great help to us over the past two
> years, and we wish them the best for the future. However, for various
> reasons, it makes sense for us now to take over hosting the full API
> infrastructure from end-to-end.
>
> Here are some important things to know:
>
> * The production API has moved tohttp://openapi.etsy.com/v2.  The
> separate /v2/public and /v2/private entry points are now deprecated
> (although we'll still support the old URLs for 90 days.) The API now
> detects whether or not you are using OAuth automatically; so the
> separate /private and /public paths are no longer needed.
>
> * The sandbox API has moved tohttp://sandbox.openapi.etsy.com/v2/.
> Thehttp://openapi.etsy.com/v2/sandbox/*entry points are no longer
> supported.
>
> * Your production API keys have been migrated to the new platform. If
> you had an App Gallery entry, your keys should already be associated
> with your Etsy member account athttps://www.etsy.com/developers/your-apps.
>
> * If you did not have an App Gallery entry, please visithttps://www.etsy.com/developers/account-migrationto "claim" your
> production API keys and associate them with your Etsy member account.
>
> * Sandbox keys are no longer needed and have been discarded. The new
> API uses the same keystrings and shared secrets for both the production and
> sandbox APIs.
>
> * If you did NOT yet have a production key, visithttps://www.etsy.com/developers/registerto get a new API key.
>
> * Request tokens now include a fully-populated 'login_url' element.
> Please start using this verbatim and do not add or change any
> parameters. We will support the old login URL patterns to the best of
> our ability for the next 90 days.
>
> We're also introducing an entirely new feature with this relaunch:
> OAuth Permission Scopes.  These allow you to narrow down the list of
> permissions that Etsy members see on the OAuth signin page to just the
> permissions you intend to use.  To get started, see the documentation
> athttp://www.etsy.com/developers/documentation/getting_started/oauth.

Justin Kerr Sheckler

unread,
Jun 29, 2011, 2:25:21 PM6/29/11
to etsy-...@googlegroups.com
Hi Kevin,

We're using the PECL OAuth extension
(http://pecl.php.net/package/oauth) to provide OAuth services. So
far, we're unable to find a fix on our end for the multipart POST
issue. We do know that multipart POSTs made using PECL OAuth as both
the client and server are successful.

In the meantime, you should try switching your OAuth param-passing
style from headers to query string parameters.

Our apologies that we're unable to find a fix on our end. We realize
that you will need to resubmit to the App Store.

best,

Justin Kerr Sheckler
Developer API Lead
Etsy.com
jus...@etsy.com

david olick

unread,
Jun 29, 2011, 2:38:40 PM6/29/11
to etsy-...@googlegroups.com
Hey Justin,

We need to use multipart/form-data so we can upload images to your API.  In the past we've used a GET with method=POST to update listings, but occasionally users would have very long descriptions and it would fail due to the url length.  In your new system, can we have url strings potentially in the megabytes of size (I believe your file size limit is 10 megabytes)?  Otherwise, this url workaround does not help our service to Etsy store owners.

- David

R. S.

unread,
Jun 29, 2011, 2:41:03 PM6/29/11
to Etsy API V2
We're having some problems with OAuth GETs in PHP that used to work,
but now give 403 Unauthorized errors. We *did* manage to get things to
work, but only by using the POST method for GET requests, which is
odd.

This doesn't work anymore:

$oauth = new OAuth($this->APIKey, $this->sharedSecret,
OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
$oauth->setAuthType(OAUTH_AUTH_TYPE_URI);
$oauth->setToken($this->access_token, $this->access_token_secret);
$url='http://openapi.etsy.com/v2/shops/[shop]/receipts?
api_key=[apikey]&limit=100&includes=Transactions/Country';
$data = $oauth->fetch($url);

This gives an unauthorized 403 error for a valid API Key and valid
OAuth Parameters

This works for requesting the same information:
$oauth = new OAuth($this->APIKey, $this->sharedSecret,
OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
$oauth->setAuthType(OAUTH_AUTH_TYPE_URI);
$oauth->setToken($this->access_token, $this->access_token_secret);
$url='http://openapi.etsy.com/v2/shops/[shop]/receipts';
$params['limit']='100';
$params['includes']='Transactions/Country';
$data = $oauth->fetch($url, $params, OAUTH_HTTP_METHOD_POST,
array("Content-Type" => "'application/x-www-form-urlencoded"));

This works with a POST, even though we're doing a GET.

Any insight into why this might be? This used to work until the API
change.
R
> >> Thehttp://openapi.etsy.com/v2/sandbox/*entrypoints are no longer
> >> supported.
>
> >> * Your production API keys have been migrated to the new platform. If
> >> you had an App Gallery entry, your keys should already be associated
> >> with your Etsy member account athttps://www.etsy.com/developers/your-apps.
>
> >> * If you did not have an App Gallery entry, please visithttps://www.etsy.com/developers/account-migrationto"claim" your
> >> production API keys and associate them with your Etsy member account.
>
> >> * Sandbox keys are no longer needed and have been discarded. The new
> >> API uses the same keystrings and shared secrets for both the production and
> >> sandbox APIs.
>
> >> * If you did NOT yet have a production key, visithttps://www.etsy.com/developers/registertoget a new API key.

Aaron Gardner

unread,
Jun 29, 2011, 2:46:22 PM6/29/11
to etsy-...@googlegroups.com
Hi. I'm going to assume your code is for the PHP PECL OAuth client...

I'm pretty sure you need to pass your GET query string parameters into
the client fetch method using its 2nd (optional) parameter, as a PHP
array. This is the same way I see you pass parameters to your POST
example. This tells the client these parameters should be part of the
"sbs" for signing the request.

Can you try that and let us know if that works.

Best regards,
Aaron Gardner
Developer API Team
Etsy.com

FotoFuze Oriku

unread,
Jun 29, 2011, 3:16:11 PM6/29/11
to etsy-...@googlegroups.com
Looking at the pecl code. If Etsy calls http_build_query, they entirely control which parameters get put into the signing url. If that is the case, then shouldn't just omitting the multipart/form-data elements from the parameters to that function fix the problem?

FotoFuze Oriku

unread,
Jun 29, 2011, 3:40:15 PM6/29/11
to etsy-...@googlegroups.com
For example, from looking at the pecl OAuth code, if you put @'s in front of the names & values of variables, then they will not be included in the signing. We have verified that this works and signatures are correctly verified by Etsy after putting the @ symbols. Problem is, Etsy doesn't recognize @title or @descrtiption for listings, so this workaround will not work.

kevinyc

unread,
Jun 29, 2011, 4:04:08 PM6/29/11
to Etsy API V2
I managed to get an image uploaded by removing the optional rank
parameter. Problem is that Etsy expects the rank parameter to be in
the signing url and I only have this issue with multipart requests.
> >> Thehttp://openapi.etsy.com/v2/sandbox/*entrypoints are no longer
> >> supported.
>
> >> * Your production API keys have been migrated to the new platform. If
> >> you had an App Gallery entry, your keys should already be associated
> >> with your Etsy member account athttps://www.etsy.com/developers/your-apps.
>
> >> * If you did not have an App Gallery entry, please visithttps://www.etsy.com/developers/account-migrationto"claim" your
> >> production API keys and associate them with your Etsy member account.
>
> >> * Sandbox keys are no longer needed and have been discarded. The new
> >> API uses the same keystrings and shared secrets for both the production and
> >> sandbox APIs.
>
> >> * If you did NOT yet have a production key, visithttps://www.etsy.com/developers/registertoget a new API key.

david olick

unread,
Jun 29, 2011, 5:10:40 PM6/29/11
to etsy-...@googlegroups.com
Thanks for the heads up, kevin.  I'm in the middle of some obtuse hacking to get our site compatible with Etsy.

For more options, visit this group at http://groups.google.com/group/etsy-api-v2?hl=en.

GraGra33

unread,
Jun 30, 2011, 2:16:48 AM6/30/11
to Etsy API V2
Hmm... I can update LIVE Listing data but uploadListingImage is
throwing a 500 error...

G.

REQUEST:

POST
http://openapi.etsy.com/v2/listings/68006656/images?method=POST&oauth_consumer_key=[key]&oauth_nonce=4829992&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1309414373&oauth_token=[token]&oauth_version=1.0&sbs_modified=1&oauth_signature=dBiAitT%2BgMUR5bKp2ekWfVPCQsI%3D

-- or --

POST
http://openapi.etsy.com/v2/listings/68006656/images?oauth_consumer_key=[key]&oauth_nonce=6238149&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1309413219&oauth_token=[token]&oauth_version=1.0&sbs_modified=1&oauth_signature=93Nac2PV1QuStIUSKs9sjgVMTvY%3D

HTTP/1.1
Content-Type: multipart/form-data; boundary=f7986f50-
a7c1-49b7-8f77-3917eae25947
Host: openapi.etsy.com
Content-Length: 428136

--f7986f50-a7c1-49b7-8f77-3917eae25947
Content-Disposition: form-data; name=image; filename=C:\tmp
\spunkyarn_mohair.jpg
Content-type: image/jpeg

[image data]
--f7986f50-a7c1-49b7-8f77-3917eae25947--

RESPONSE:

HTTP/1.1 500 Server Error
Date: Thu, 30 Jun 2011 05:53:41 GMT
Server: Apache
X-Error-Detail: Server Error
Content-Length: 12
X-Cnection: close
Content-Type: text/plain;charset=UTF-8

Server Error
> > >> Thehttp://openapi.etsy.com/v2/sandbox/*entrypointsare no longer
> > >> supported.
>
> > >> * Your production API keys have been migrated to the new platform. If
> > >> you had an App Gallery entry, your keys should already be associated
> > >> with your Etsy member account athttps://www.etsy.com/developers/your-apps.
>
> > >> * If you did not have an App Gallery entry, please visithttps://www.etsy.com/developers/account-migrationto"claim" your
> > >> production API keys and associate them with your Etsy member account.
>
> > >> * Sandbox keys are no longer needed and have been discarded. The new
> > >> API uses the same keystrings and shared secrets for both the production and
> > >> sandbox APIs.
>
> > >> * If you did NOT yet have a production key, visithttps://www.etsy.com/developers/registertogeta new API key.
> > > For more options, visit this group athttp://groups.google.com/group/etsy-api-v2?hl=en.- Hide quoted text -
>
> - Show quoted text -

GraGra33

unread,
Jun 30, 2011, 2:22:54 AM6/30/11
to Etsy API V2
WARNING: The below error has made two live listings inactive!

G.

On Jun 30, 4:16 pm, GraGra33 <gragr...@gmail.com> wrote:
> Hmm... I can update LIVE Listing data but uploadListingImage is
> throwing a 500 error...
>
> G.
>
> REQUEST:
>
> POSThttp://openapi.etsy.com/v2/listings/68006656/images?method=POST&oauth...[key]&oauth_nonce=4829992&oauth_signature_method=HMAC-SHA1&oauth_timestamp=­1309414373&oauth_token=[token]&oauth_version=1.0&sbs_modified=1&oauth_signa­ture=dBiAitT%2BgMUR5bKp2ekWfVPCQsI%3D
>
>  -- or --
>
> POSThttp://openapi.etsy.com/v2/listings/68006656/images?oauth_consumer_key=[key]&oauth_nonce=6238149&oauth_signature_method=HMAC-SHA1&oauth_timestamp=­1309413219&oauth_token=[token]&oauth_version=1.0&sbs_modified=1&oauth_signa­ture=93Nac2PV1QuStIUSKs9sjgVMTvY%3D
> > > >> Thehttp://openapi.etsy.com/v2/sandbox/*entrypointsareno longer
> > > >> supported.
>
> > > >> * Your production API keys have been migrated to the new platform. If
> > > >> you had an App Gallery entry, your keys should already be associated
> > > >> with your Etsy member account athttps://www.etsy.com/developers/your-apps.
>
> > > >> * If you did not have an App Gallery entry, please visithttps://www.etsy.com/developers/account-migrationto"claim" your
> > > >> production API keys and associate them with your Etsy member account.
>
> > > >> * Sandbox keys are no longer needed and have been discarded. The new
> > > >> API uses the same keystrings and shared secrets for both the production and
> > > >> sandbox APIs.
>
> > > >> * If you did NOT yet have a production key, visithttps://www.etsy.com/developers/registertogetanew API key.
> > > > For more options, visit this group athttp://groups.google.com/group/etsy-api-v2?hl=en.-Hide quoted text -
>
> > - Show quoted text -- Hide quoted text -

david olick

unread,
Jun 30, 2011, 6:56:23 AM6/30/11
to etsy-...@googlegroups.com
Make sure you're not using the image data for the signature (but use everything else, including the rank).

For more options, visit this group at http://groups.google.com/group/etsy-api-v2?hl=en.

GraGra33

unread,
Jun 30, 2011, 8:10:28 AM6/30/11
to Etsy API V2
Hi David,

Thanks for the suggestion but I'm afraid not. The filename doesn't get
handled until after the signature hash is calculated. If it was a hash
calculation error, Etsy usually throws back a
"oauth_problem=signature_invalid". In this case, I'm receiving a 500
"Server Error" which doesn't tell me much at all.

At first I thought it was an image size issue as my Sandbox test image
has always been small. But the image is within the recommended size
requirements. I've had to set the method in the request to POST as
well as in the querystring otherwise the runtime throws an exception
when trying to send the multipart form data.

I've stepped through the code again, after receiving your suggestion,
watched the URL+Querystring/Hash/PostData generation, and it looks
well formed. It's the same code except I'm attaching all the data to
the querystring rather than in the header and body of the response
packet - in the case of the image upload, the filename/file is handled
seperately and placed in the body and the correct content type
"multipart/form-data; boundary=Xyz" is set. For those who are
interested, the encoding of a querystring and the encoding for Header/
PostData with content type "application/x-www-form-urlencoded" is
different!

It appears that Etsy accepts the image uploaded, tries to update the
active Listing, encounters a problem, and the Listing is set to
inactive as "something" (???) is invalid. If there was a signature
hash problem ("oauth_problem=signature_invalid"), the image would not
be accepted and no attempt would be made to update the listing as it
appears to be in this case.

I'm kinda stumped at the moment as the Sandbox is broken and testing
with LIVE data is causing Listings to go inactive. Until the sandbox
is fixed, I'd be relegated to the sofa and on no speaking terms with
my wife if I deactive any more of her listings!

G.


On Jun 30, 8:56 pm, david olick <david.ol...@gmail.com> wrote:
> Make sure you're not using the image data for the signature (but use
> everything else, including the rank).
>
>
>
>
>
> On Thu, Jun 30, 2011 at 1:22 AM, GraGra33 <gragr...@gmail.com> wrote:
> > WARNING: The below error has made two live listings inactive!
>
> > G.
>
> > On Jun 30, 4:16 pm, GraGra33 <gragr...@gmail.com> wrote:
> > > Hmm... I can update LIVE Listing data but uploadListingImage is
> > > throwing a 500 error...
>
> > > G.
>
> > > REQUEST:
>
> > > POSThttp://
> > openapi.etsy.com/v2/listings/68006656/images?method=POST&oauth...[key]&oaut­h_nonce=4829992&oauth_signature_method=HMAC-SHA1&oauth_timestamp=
> > ­1309414373&oauth_token=[token]&oauth_version=1.0&sbs_modified=1&oauth_sign­a­ture=dBiAitT%2BgMUR5bKp2ekWfVPCQsI%3D
>
> > >  -- or --
>
> > > POSThttp://
> > openapi.etsy.com/v2/listings/68006656/images?oauth_consumer_key=[key]&oauth­_nonce=6238149&oauth_signature_method=HMAC-SHA1&oauth_timestamp=
> > ­1309413219&oauth_token=[token]&oauth_version=1.0&sbs_modified=1&oauth_sign­a­ture=93Nac2PV1QuStIUSKs9sjgVMTvY%3D
> Oriku Inc.- Hide quoted text -

Marc Abramowitz

unread,
Jun 30, 2011, 2:20:43 PM6/30/11
to etsy-...@googlegroups.com
I for one would like to say that I am disappointed with how this has been executed. There have been a LOT of significant changes to the Etsy API in a very short period of time. I would recommend doing one thing at a time and taking time to resolve the issues and let things stabilize before doing another change. That makes it way easier to know which changes were problematic. Migrating off of Mashery (a major platform change in itself I would imagine) while also changing endpoints, deprecating URLs, adding login_url, and permission scopes, and changing keys -- I don't know -- that seems kind of insane. I could understand pushing a bunch of new stuff to the sandbox and letting that stabilize before pushing to production. Pushing to both simultaneously -- that seems like asking for trouble.

Also, correct me if I'm wrong, as I could've overlooked it, but I didn't see advance warning about these changes? These changes coincided me with trying to onboard a new user of my app and have resulted in a pretty bad experience. Had I known about these changes, I would've planned around them. Also, key things were broken like the sandbox and multi-part POST, which is essential for uploading images.

These changes resulted in me having to spend many unplanned hours troubleshooting. Being that this is not my day job and I make no money off of this, this is discouraging. If this becomes the norm, then I will probably stop developing my app.

Sorry if this comes across a little harsh. I have been very pleased with the Etsy API up until this latest round of changes. I just think that we should acknowledge that this did not go very smoothly and Etsy should learn from the experience and do things differently the next time.

My two cents. Again I've long thought that the Etsy API is quite nice -- it's just these last few days that have shaken my confidence.

Marc

-- 
Marc Abramowitz
Sent with Sparrow

Justin Kerr Sheckler

unread,
Jun 30, 2011, 4:49:22 PM6/30/11
to etsy-...@googlegroups.com
Hi David (and Ron)

When I said "In the meantime, you should try switching your OAuth param-passing
style from headers to query string parameters," I didn't mean to
switch to all GET methods. I just meant that you should configure
your OAuth client to pass oauth_* parameters in the query string
instead of the Authorization: header. This should still be possible,
even with POST requests. For example, see "OAUTH_AUTH_TYPE_URI" in
the PECL OAuth docs: http://php.net/manual/en/oauth.constants.php.

Justin Kerr Sheckler
Developer API Lead
Etsy.com
jus...@etsy.com

Reply all
Reply to author
Forward
0 new messages