Whitelisting API Access Key

169 views
Skip to first unread message

Joe Diaz

unread,
Jul 30, 2023, 9:47:45 AM7/30/23
to mtadeveloperresources
Hi MTA Devs, 

I just created an account and wanted to test the API feed after. Noticed I got accessed denied and read through most of the comments (about 9 years ago) and saw there was a way to white list this? 
Can you assist with this? 
Or point to further information that can? 
Any info appreciated

JD 

Sunny

unread,
Aug 1, 2023, 11:37:56 AM8/1/23
to mtadeveloperresources
Hi,

The process you are referring to sending keys for whitelisting was for an old feed system that we no longer use. Just to confirm, you created an account on api.mta.info and are trying to access the GTFS-RT feeds located at api-endpoint.mta.info?

Joe Diaz

unread,
Aug 1, 2023, 11:57:17 AM8/1/23
to mtadevelop...@googlegroups.com
Hi Sunny, 

Good morning, 

Yes I am trying to access  api-endpoint.mta.info feeds and I was scrolling through old threads to find solutions hoping they are still usable. 
Thank you for your response! 

Best, 

Joe Diaz 

--
You received this message because you are subscribed to a topic in the Google Groups "mtadeveloperresources" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/mtadeveloperresources/GPYDayWvtpk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to mtadeveloperreso...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mtadeveloperresources/22f4fdf3-c645-4982-ba9d-aedf317821b4n%40googlegroups.com.

Sunny

unread,
Aug 1, 2023, 1:59:55 PM8/1/23
to mtadeveloperresources
Make sure you are passing the API key as an HTTP header (not a GET parameter), and that the header name is lowercase "x-api-key". Mixed-case header names won't work.

Joe Diaz

unread,
Aug 1, 2023, 2:31:12 PM8/1/23
to mtadevelop...@googlegroups.com
Hi Sunny, 

I was using the http header first to test connections before moving forward. Below is the url for the 1 - 7 train lines I was using to test connections: 

https://api-endpoint.mta.info/Dataservice/mtagtfsfeeds/nyct%2Fgtfs?api_key=xxxxx


Joe Diaz

unread,
Aug 2, 2023, 9:38:01 AM8/2/23
to mtadevelop...@googlegroups.com
Good morning, 
Let me know if there is something that is being missed from my end 

Thank you, 

Joe Diaz 

Joe Diaz

unread,
Aug 5, 2023, 1:45:12 PM8/5/23
to mtadeveloperresources
Hi Sunny and MTA Dev

Is there anything you can check on your end? This is a blocker for me. Header has not been upper case since the first time I tried. Generated key was correct. 

Sunny

unread,
Aug 7, 2023, 1:22:21 PM8/7/23
to mtadeveloperresources
From the example above, it looks like you are passing the key as a URL parameter. The system requires the key be present as an HTTP header (x-api-key), not as a parameter.

Can you send a snippet of the code you're using to make the request?

Joe Diaz

unread,
Aug 8, 2023, 7:30:09 PM8/8/23
to mtadevelop...@googlegroups.com
Hi Sunny, 

Sorry, I forgot to show what I was using to test the incoming data. 

I had passed the key as header and made a request to the server. While the server understood the request, it still didn't let me receive the payload.

Could this be a cloud front error? 

curl command to test api: curl -H "x-api-key: xxxxxxxxxxxxxxxx" "https://api-endpoint.mta.info/Dataservice/mtagtfsfeeds/nyct%2Fgtfs"


Truncated response from server: 

* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 403
< content-type: application/json
< content-length: 23
< date: Tue, 08 Aug 2023 23:19:23 GMT
< x-amzn-requestid: adce94bb-4fe1-4fd1-8b31-fbb82fd8f5cd
< access-control-allow-origin: *
< access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
< x-amzn-errortype: ForbiddenException
< x-amz-apigw-id: JXULVHJ3oAMFlcw=
< access-control-allow-methods: GET
< x-amzn-trace-id: Root=1-64d2cd7b-7f5fc8fe20c60eee75ad3c3c
< access-control-allow-credentials: true
< x-cache: Error from cloudfront
< via: 1.1 968753ca270b3abbf31cdfc00e23b162.cloudfront.net (CloudFront)
< x-amz-cf-pop: EWR53-C2
< x-amz-cf-id: re6Nzr_njVuUVxXoRjM9jXyzZAB_cSvB-X7dknYBcnTgceZZfHRhjw==
<
* Connection #0 to host api-endpoint.mta.info left intact

Sunny

unread,
Aug 11, 2023, 2:05:09 PM8/11/23
to mtadeveloperresources
We've tested with your API key (ending in 8ua0) both with curl and the browser and were able to access the file successfully. If you're running on a server, does it work locally?

Joe Diaz

unread,
Aug 13, 2023, 11:38:49 PM8/13/23
to mtadevelop...@googlegroups.com
Hi Sunny, 
Thanks for the suggestion. 
I ran this from another server and the payload came through. 

I really appreciate you taking the time out to assist me with this

Best, 

Joe Diaz 

Reply all
Reply to author
Forward
0 new messages