Example Search API request with authentification

[Vincent Fritzsche]

Hi all,

I am currently trying to access the Search API using Python, but the authentification fails.

Here is the code:

#https://stackoverflow.com/questions/12977604/how-do-i-send-a-post-using-2-legged-oauth2-in-python

import oauth2

import urllib #for url-encode

#import urllib2 already included in python 3

import time #Unix timestamp import oauth2

import requests

import re

resourceUrl = "https://rest.immobilienscout24.de/restapi/api/search/v1.0/search/region?realestatetype=apartmentrent&geocodes=1276"

def build_request(url, method):

   params = {                                            

       'oauth_version': "1.0",

       'oauth_nonce': oauth2.generate_nonce(),

       'oauth_timestamp': int(time.time())

   }

    consumer = oauth2.Consumer(key='ConsumerKey',secret='ConsumerSecret')

    params['oauth_consumer_key'] = consumer.key

   print("method: "+method)

   print("url: "+url)

   print("params: "+str(params))

   req = oauth2.Request(method=method, url=url, parameters=params)

    print("req: "+str(req))

    signature_method = oauth2.SignatureMethod_HMAC_SHA1()

    req.sign_request(signature_method, consumer, None)

   return req

#end build_request

request = build_request(resourceUrl,'GET')

request = re.sub(r"oauth_body_hash=.*&", "oauth_signature_method=HMAC-SHA1&", str(request.to_url())) #The parameter [oauth_body_hash] is not supported by is24

print("request: "+str(request))

r = requests.get(request.encode(encoding='UTF-8',errors='strict'))

print(r.text)

Here are some logs and the error message:

method: GET
url: https://rest.immobilienscout24.de/restapi/api/search/v1.0/search/region?realestatetype=apartmentrent&geocodes=1276
params: {'oauth_version': '1.0', 'oauth_nonce': '77556460', 'oauth_timestamp': 1570286153, 'oauth_consumer_key': 'ConsumerKey'}
req: {'oauth_version': '1.0', 'oauth_nonce': '77556460', 'oauth_timestamp': 1570286153, 'oauth_consumer_key': 'ConsumerKey'}
request: https://rest.immobilienscout24.de/restapi/api/search/v1.0/search/region?realestatetype=apartmentrent&geocodes=1276&oauth_version=1.0&oauth_nonce=77556460&oauth_timestamp=1570286153&oauth_consumer_key=ConsumerKey&oauth_signature_method=HMAC-SHA1&oauth_signature=P%2BgqDj2iuHtSAWwuOTi0NDG6T1s%3D

<common:messages xmlns:common="http://rest.immobilienscout24.de/schema/common/1.0">
    <message>
        <messageCode>ERROR_AUTHENTICATION_REQUIRED</messageCode>
        <message>Invalid signature for signature method HMAC-SHA1</message>
    </message>
</common:messages>

I found those information regarding the error message:

"Check that it complies with the following rules:

all OAuth parameters set in the signature base string must be set in the Authorization header as well the oauth_signature must: 

a) not be part of the signature base string, but it must 

b) be part of the Authorization header

except the oauth_signature the Authorization header must not contain more/other OAuth parameters than the signature base string"

 

I have no clue, whats going on and would be very thankful, if someone could help me to make an api request, which works.

Thank you all for reading

Vincent

[Or Barel]

Hi Vincent,

You are using OAuth2 for the authentification and currently Immoscout24 services are not supporting OAuth2 so try it with OAuth1.

Best regards,

Or 

[Vincent Fritzsche]

Hi Or,

Thanks for that hint - I assumed, that it would be ok, to generate an oauth1 request with the oauth2 library, but probably there are some differences.

Do you have an python example for an oauth1 get request?
Can't find anything and the libraries are quite different.

Best,

Vincent

[Or Barel]

Hi Vincent,

Yes it is a bit different.

We have a short example of a GET request using python and OAuth1 (https://api.immobilienscout24.de/our-apis/valuation/BasicValuationAPI/basivaluation-api.html). You will also need to search for an OAuth1 library, there are few in Python. For example https://github.com/requests/requests-oauthlib. 

Best,

Or

[Vincent Fritzsche]

Hi Or,

Thank you so much for those helpful and super fast answers.

Best,
Vincent