Production responds to bad token with 401, sandbox with 403?

98 views
Skip to first unread message

Jason

unread,
May 30, 2021, 9:22:51 PM5/30/21
to ORCID API Users
Hi ORCID Inc,

Have just noticed that sandbox has reverted to again responding with 403 FORBIDDEN to a read request trying a bad access token cf production's 401 UNAUTHORISED.

Is that intended?

Cheers,
Jason.




Pedro Costa

unread,
May 31, 2021, 9:40:28 AM5/31/21
to ORCID API Users
Hi Jason,

I'm seeing the sandbox member API respond with 401 to requests with an invalid access token. Could you please try again and share the call you're using?

Here's one of the calls I've tried:

curl -i -H "Accept: application/vnd.orcid+xml" -H 'Authorization: Bearer invalid-access-token' 'https://api.sandbox.orcid.org/v3.0/0000-0002-4315-9391/works'

And here's the response:

HTTP/1.1 401  {"error":"invalid_token","error_description":"Invalid access token: invalid-access-token"}

Note the response will be 403 if the call doesn't include "Bearer" in it e.g. -H 'Authorization: invalid-access-token' as opposed to -H 'Authorization: Bearer invalid-access-token'.

Thanks,

Jason

unread,
May 31, 2021, 5:06:10 PM5/31/21
to ORCID API Users
Thanks for the response Pedro, my mistake.  

The 403 was actually our intermediate service (NZ ORCID Hub's ORCID API proxy) giving this response when there was a call for an ORCID iD but the token had been deleted; it didn't pass the request onto sandbox.

Cheers,
Jason.

Dulip Withanage

unread,
Oct 10, 2021, 4:55:44 PM10/10/21
to ORCID API Users
Hi Team,

I am developing the OJS orcid Plugin and would like to add the reviewer credit support using the the ORCID API.

After going through the following documentation, I have created the  underlying request to generate a peer-review record using the  member sandbox id. However my request creates a 500 Internal server Error. 



Can someone pinpoint me where I am doing wrong?

curl -X POST -H 'Authorization: Bearer <access-token-received-from-the-group-creation>' --header 'Content-Type: application/vnd.orcid+json; qs=4' --header 'Accept: text/html' -d '@json-file-example-from-the-swagger-api.json' 'https://api.sandbox.orcid.org/v3.0/0000-0002-5308-4346/peer-review'


<!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><hr class="line" /><h3>Apache Tomcat/9.0.43</h3></body></html>%  


Thanks  a lot for for any ideas ?

Dulip Withanage







Fran Alsina

unread,
Oct 11, 2021, 9:44:44 AM10/11/21
to ORCID API Users
Hi Dulip. 

Thank you for getting in touch. 

From what we can see, you are getting a 403 error code when using the XML schema and a 500 error message when using the JSON schema. 

For the 403 error, make sure that you are using the access token obtained from authentication process. 

In your post you write: 

"'Authorization: Bearer <access-token-received-from-the-group-creation>'"

The access token received from the group id creation is only used to create a group identifier (or to modify it). Bear in mind that if you use ISSN, it is not needed for you to create a new group id. Check out this guide to get more details about the group ids on peer reviews: 


When creating a peer review item (POST /peer-review) you should use the access token that you receive during the 3-legged OAuth process. To POST a peer review you need to request authorization for the scope activities/update. 

Regarding the 500 error message, you are accepting "text/html" when you should be accepting JSON. Please, change the Accept header to: 

--header 'Accept:application/json'
 
This should allow you to properly push a peer review item using JSON. 

Please, let me know if this helps and if you were able to successfully add a peer review item into an ORCID record. If you keep facing difficulties, we will be here to help.

Cheers,

Reply all
Reply to author
Forward
0 new messages