API returning 401 Unauthorized
2,020 views
Skip to first unread message
JohnO
Aug 1, 2013, 4:46:47 PM8/1/13
to merchantos-a...@googlegroups.com
Hello all,
I have developed a custom application that pulls orders from the Magento GO API and creates Sales in LightSpeed using that API in order to do a 1-way sync of inventory levels. Checking my logs, on or around 7/31/13 I began to receive HTTP 401 Unauthorized errors.
The URL causing the error is: https://api.merchantos.com/API/Account/31858/Item?systemSku=xxxxx
(replace xxxxx with a sku)
I believe I should be able to put that URL into my web browser and, after entering my credentials to the prompt, see the xml response. That's how it worked when I was developing the application. Now if i plug in that URL, I get no dialog for entering credentials and all I see is " 401 Unauthorized Invalid username/password or API key."
I have also tried passing credentials in the form (https://LongHexStringRemoved:api...@api.merchantos.com/API/Account/31858/Item?systemSku=xxxxx) but again to no avail. I'm not sure what could have happened for this process to all of a sudden start receiving these 401 errors, as there haven't been changes to the code (or the API account).
Any light that could be shed on this would be appreciated.
I have developed a custom application that pulls orders from the Magento GO API and creates Sales in LightSpeed using that API in order to do a 1-way sync of inventory levels. Checking my logs, on or around 7/31/13 I began to receive HTTP 401 Unauthorized errors.
The URL causing the error is: https://api.merchantos.com/API/Account/31858/Item?systemSku=xxxxx
(replace xxxxx with a sku)
I believe I should be able to put that URL into my web browser and, after entering my credentials to the prompt, see the xml response. That's how it worked when I was developing the application. Now if i plug in that URL, I get no dialog for entering credentials and all I see is " 401 Unauthorized Invalid username/password or API key."
I have also tried passing credentials in the form (https://LongHexStringRemoved:api...@api.merchantos.com/API/Account/31858/Item?systemSku=xxxxx) but again to no avail. I'm not sure what could have happened for this process to all of a sudden start receiving these 401 errors, as there haven't been changes to the code (or the API account).
Any light that could be shed on this would be appreciated.
Kalen Petersen
Aug 1, 2013, 5:43:24 PM8/1/13
to merchantos-a...@googlegroups.com
Hello John,
We recently made some updates to authentication in our system in order to fix some problems with rate limiting. What sort of authentication and client do you use to access the API?
It is a known issue that the browser will no longer prompt you for credentials. Try using curl to make your call, passing it an option like "-u user:pass". This way you are guaranteed to use Basic authentication, unlike in the browser. We have a fix for this, so that the browser will prompt for credentials if necessary, and it should be out soon.
--Kalen
--
You received this message because you are subscribed to the Google Groups "LightSpeed Cloud API Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to merchantos-api-dev...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
JohnO
Aug 2, 2013, 9:30:54 AM8/2/13
to merchantos-a...@googlegroups.com
Hey Kalen,
The application is developed using .NET framework. It uses basic http authentication. I have confirmed that using curl the API works normally, but that is not an option for my application.
The application is developed using .NET framework. It uses basic http authentication. I have confirmed that using curl the API works normally, but that is not an option for my application.
To unsubscribe from this group and stop receiving emails from it, send an email to merchantos-api-developers+unsub...@googlegroups.com.
Munira Mahmud
Aug 2, 2013, 9:50:55 AM8/2/13
to merchantos-a...@googlegroups.com
Hi, is this problem fixed?
I am trying to use the url to find out my Account ID. I am programming in JAVA, here is my sample code. The apikey i am using is generated from settings in Lightspeed cloud
JAVA code:
String authtoken = <apikey generated in lightspeed cloud settings>;
String targetURL = "https://api.merchantos.com/API/Account/";
GetMethod get = new GetMethod(targetURL);
get.setRequestHeader("apikey",authtoken);
HttpClient httpclient = new HttpClient();
PrintWriter myout = null;
Response is 401
Kind regards,
Munira M.
Munira Mahmud
Aug 2, 2013, 2:10:49 PM8/2/13
to merchantos-a...@googlegroups.com
Hi, is this problem fixed? I am also getting a 401 response when trying to request for API Account number using the following URL. I am programming in JAVA and using the api key generated in the LightSpeed Cloud settings. Here is a sample of my code:
</Error>
JAVA code:
String authtoken = <apikey generated from LightSpeed Cloud settings>;
String targetURL = "https://api.merchantos.com/API/Account/";
GetMethod get = new GetMethod(targetURL);
get.setRequestHeader("apikey",authtoken);
HttpClient httpclient = new HttpClient();
PrintWriter myout = null;
Response is 401 as follows:
getResp=======>
<?xml version="1.0"?>
<Error>
<httpCode>401
</httpCode>
<httpMessage>Unauthorized
</httpMessage>
<message>Invalid username/password or API key.
</message>
Kalen Petersen
Aug 2, 2013, 2:33:54 PM8/2/13
to merchantos-a...@googlegroups.com
Hello Munira,
It looks like you are using the apache httpclient for java? If so, you shouldn't send an "apikey" header, but instead perform basic auth using your key as the user and the string "apikey" as the password. See this page for how to configure your client to do basic auth.
--
You received this message because you are subscribed to the Google Groups "LightSpeed Cloud API Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to merchantos-api-dev...@googlegroups.com.
Kalen Petersen
Aug 2, 2013, 2:35:12 PM8/2/13
to merchantos-a...@googlegroups.com
Hello John,
How are you doing the basic authentication? If curl is working for you, that's a good sign that your credentials are correct and that basic auth is working, but it might be an error in your client. How are you sending the authorization information from your client?
--Kalen
To unsubscribe from this group and stop receiving emails from it, send an email to merchantos-api-dev...@googlegroups.com.
JohnO
Aug 2, 2013, 2:49:07 PM8/2/13
to merchantos-a...@googlegroups.com
Kalen,
Here is a code excerpt:
----
Dim wreq As HttpWebRequest = WebRequest.Create(Helpers.MOS_API_ITEM_SKU_LOOKUP_URL + sku)
wreq.Credentials = New NetworkCredential(Helpers.MOS_API_USER, "apikey")
wreq.Method = "GET"
wreq.KeepAlive = True
wreq.PreAuthenticate = True
Dim wresp As HttpWebResponse = wreq.GetResponse()
Using respStream As New StreamReader(wresp.GetResponseStream())
xmlResponse = respStream.ReadToEnd()
End Using
----
On Friday, August 2, 2013 2:35:12 PM UTC-4, Kalen Petersen wrote:
Here is a code excerpt:
----
Dim wreq As HttpWebRequest = WebRequest.Create(Helpers.MOS_API_ITEM_SKU_LOOKUP_URL + sku)
wreq.Credentials = New NetworkCredential(Helpers.MOS_API_USER, "apikey")
wreq.Method = "GET"
wreq.KeepAlive = True
wreq.PreAuthenticate = True
Dim wresp As HttpWebResponse = wreq.GetResponse()
Using respStream As New StreamReader(wresp.GetResponseStream())
xmlResponse = respStream.ReadToEnd()
End Using
----
On Friday, August 2, 2013 2:35:12 PM UTC-4, Kalen Petersen wrote:
Hello John,How are you doing the basic authentication? If curl is working for you, that's a good sign that your credentials are correct and that basic auth is working, but it might be an error in your client. How are you sending the authorization information from your client?--Kalen
On Fri, Aug 2, 2013 at 6:30 AM, JohnO <jo...@gypsywarrior.com> wrote:
Hey Kalen,
The application is developed using .NET framework. It uses basic http authentication. I have confirmed that using curl the API works normally, but that is not an option for my application.
On Thursday, August 1, 2013 5:43:24 PM UTC-4, Kalen Petersen wrote:
Hello John,We recently made some updates to authentication in our system in order to fix some problems with rate limiting. What sort of authentication and client do you use to access the API?It is a known issue that the browser will no longer prompt you for credentials. Try using curl to make your call, passing it an option like "-u user:pass". This way you are guaranteed to use Basic authentication, unlike in the browser. We have a fix for this, so that the browser will prompt for credentials if necessary, and it should be out soon.--Kalen
On Thu, Aug 1, 2013 at 1:46 PM, JohnO <jo...@gypsywarrior.com> wrote:
Hello all,
I have developed a custom application that pulls orders from the Magento GO API and creates Sales in LightSpeed using that API in order to do a 1-way sync of inventory levels. Checking my logs, on or around 7/31/13 I began to receive HTTP 401 Unauthorized errors.
The URL causing the error is: https://api.merchantos.com/API/Account/31858/Item?systemSku=xxxxx
(replace xxxxx with a sku)
I believe I should be able to put that URL into my web browser and, after entering my credentials to the prompt, see the xml response. That's how it worked when I was developing the application. Now if i plug in that URL, I get no dialog for entering credentials and all I see is " 401 Unauthorized Invalid username/password or API key."
I have also tried passing credentials in the form (https://LongHexStringRemoved:api...@api.merchantos.com/API/Account/31858/Item?systemSku=xxxxx) but again to no avail. I'm not sure what could have happened for this process to all of a sudden start receiving these 401 errors, as there haven't been changes to the code (or the API account).
Any light that could be shed on this would be appreciated.
--
You received this message because you are subscribed to the Google Groups "LightSpeed Cloud API Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to merchantos-api-developers+unsubsc...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
JohnO
Aug 5, 2013, 11:03:25 AM8/5/13
to merchantos-a...@googlegroups.com
Kalen,
From my standpoint the API has been broken since 7/31. I have 1000+ orders that are needing to be synced.
Do you have any other suggestions than rewriting my application? You said there was a fix in the works-- do you have an expected roll out date?
On Thursday, August 1, 2013 5:43:24 PM UTC-4, Kalen Petersen wrote:
From my standpoint the API has been broken since 7/31. I have 1000+ orders that are needing to be synced.
Do you have any other suggestions than rewriting my application? You said there was a fix in the works-- do you have an expected roll out date?
On Thursday, August 1, 2013 5:43:24 PM UTC-4, Kalen Petersen wrote:
To unsubscribe from this group and stop receiving emails from it, send an email to merchantos-api-developers+unsub...@googlegroups.com.
Kalen Petersen
Aug 5, 2013, 2:22:37 PM8/5/13
to merchantos-a...@googlegroups.com
Hi John,
The curl request shows us that Basic Auth is working and that you've got valid credentials. Doing a bit of searching about information on HttpWebRequest and Basic Authentication, I found this article which explains what you are seeing:
As you have seen when using the browser, we are not currently prompting for credentials and so the HttpWebRequest never uses its authentication information. You can either force basic authentication as shown in that article, or wait until we have the fix to prompting out.
We don't usually give estimates on bugfixes, but we are anticipating getting this fix out in the next day or two.
Hope that helps explain what's going on here.
--Kalen
To unsubscribe from this group and stop receiving emails from it, send an email to merchantos-api-dev...@googlegroups.com.
justin...@lightspeedretail.com
Aug 5, 2013, 2:24:49 PM8/5/13
to merchantos-a...@googlegroups.com
Sorry about all these troubles!
We going to push out a fix tonight. Hopefully it will fix these auth issues. It's hard to know 100% because we haven't been able to replicate all the issues ourselves, but we have on a few.
JohnO
Aug 5, 2013, 3:34:43 PM8/5/13
to merchantos-a...@googlegroups.com
Kalen,
Thanks for your link. Since that change was minor, I have modified my code to do the authorization in the way shown in the article. I am no longer receiving 401 errors.
Thanks for your assistance.
Thanks for your link. Since that change was minor, I have modified my code to do the authorization in the way shown in the article. I am no longer receiving 401 errors.
Thanks for your assistance.
To unsubscribe from this group and stop receiving emails from it, send an email to merchantos-api-developers+unsubsc...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Reply all
Reply to author
Forward
0 new messages