OAuth broken for some for a while this afternoon

[Jan Fabry]

If you use OAuth to access our API, you might have noticed that your requests failed between 13:00 and 17:00 today. If this was the case, you are connecting to https://www.mobilevikings.com/api/ instead of https://mobilevikings.com/api/. We try to use only one domain name, https://mobilevikings.com, so we redirect http://(www.)mobilevikings.(com|be|nl) to this single domain name. However, we forgot https://www.mobilevikings.com, and we added that redirect today around noon.

This means that all OAuth calls to www.mobilevikings.com were also redirected, but the OAuth signature is based on the full URL, including the domain name - and thus the signature was based on https://www.mobilevikings.com, not https://mobilevikings.com, giving invalid signature checks on our side (which compared it with mobilevikings.com) and error codes for your calls. Because invalid signatures can happen if an API developer is trying stuff out, this is not logged as an error but only as a warning on our side. It takes a while for the warnings to build up and escalate into an error, so we only started investigating the problem later in the afternoon. The fix is simple: we will not redirect calls starting with https://www.mobilevikings.com/api/2.0/oauth/, so your apps can continue working.

Sorry for the confusion this might have caused!

Jan Fabry