No private posts included in fully authenticated /posts response
240 views
Skip to first unread message
Daniel Jalkut
Aug 15, 2012, 9:54:03 AM8/15/12
to tumbl...@googlegroups.com
I'm excited by the prospect of getting private posts in /posts responses, but so far I have not been able to achieve this behavior with the recent API updates.
John, a specific, just created private post ID 29479141945, serves as a reference in the network activity summary below.
See that I use the /post endpoint to create the new reference post, and that I am able to fetch it via /posts IF I specify
the precise ID of the post. The fact that I'm able to fetch it with specific ID demonstrates the fully authenticated nature
of my requests. But when I ask for all posts from /posts with paging at offsets of 20, the newly created private post, and
all other existing private posts on this blog, are omitted from the output.
Is there something subtle I'm missing here, either in what the new claimed behavior is, or how I'm trying to take advantage
of it? I want to be able to fetch ALL posts for a Tumblr blog, including Private posts, without knowing the post ID ahead of time.
Thanks!
Daniel
Network message sent: 2012-08-15 13:39:48 +0000
Method name: POST
Request text:
type=text&private=1&format=html&title=Another%20new%20private%20post&body=Hello...
Network reply received: 2012-08-15 13:39:49 +0000
Status code: 201
Succeeded: YES
Response text:
{"meta":{"status":201,"msg":"Created"},"response":{"id":29479141945}}
Network message sent: 2012-08-15 13:39:49 +0000
URL: http://api.tumblr.com/v2/blog/marstesting.tumblr.com/posts/?api_key=xxx&filter=raw&id=29479141945
Method name: GET
Network reply received: 2012-08-15 13:39:49 +0000
Status code: 200
Succeeded: YES
Response text:
{"meta":{"status":200,"msg":"OK"},"response":{"blog":{"title":"MarsTesting","posts":234,"name":"marstesting","url":"http:\/\/marstesting.tumblr.com\/","updated":1344657042,"description":"","ask":false},"posts":[{"blog_name":"marstesting","id":29479141945,"post_url":"http:\/\/marstesting.tumblr.com\/post\/29479141945\/another-new-private-post","slug":"another-new-private-post","type":"text","date":"2012-08-15 13:39:49 GMT","timestamp":1345037989,"state":"private","format":"html","reblog_key":"3AZY7b8y","tags":[],"highlighted":[],"title":"Another new private post","body":"Hello..."}],"total_posts":1}}
Network message sent: 2012-08-15 13:43:29 +0000
Method name: POST
Network reply received: 2012-08-15 13:43:29 +0000
Status code: 200
Succeeded: YES
Response text:
{"meta":{"status":200,"msg":"OK"},"response":{"blog":{"title":"MarsTesting","posts":234,"name":"marstesting","url":"http:\/\/marstesting.tumblr.com\/","updated":1344657042,"description":"","ask":false},"posts":[{"blog_name":"marstesting","id":29172190040,"post_url":"http:\/\/marstesting.tumblr.com\/post\/29172190040","slug":"","type":"photo","date":"2012-08-11 03:50:42 GMT","timestamp":1344657042,"state":"published","format":"html","reblog_key":"FPJk8pjZ","tags":[],"highlighted":[],"note_count":0,"caption":"","photos":[{"caption":"","alt_sizes":[{"width":75,"height":75,"url":"http:\/\/24.media.tumblr.com\/tumblr_m8ko0ibOfL1qzxz9bo1_75sq.png"}],"original_size":{"width":1,"height":1,"url":"http:\/\/25.media.tumblr.com\/tumblr_m8ko0ibOfL1qzxz9bo1_100.png"}}]},
Etc... with no private posts at all over all 234 posts, including the just-created post ID 29479141945.
John Bunting
Aug 15, 2012, 5:16:00 PM8/15/12
to tumbl...@googlegroups.com
The request you are showing me is not a fully authenticated OAuth request, it is an API Key authenticated request. You have to make a fully OAuthed request meaning using your access tokens and consumer tokens to sign the request and send it off.
Simply using your API Key will only give you the publicly accessible information. Does that make sense?
--
John Bunting
Simplicity is a prerequisite for reliability
--Edsger W. Dijkstra
Daniel Jalkut
Aug 15, 2012, 6:47:41 PM8/15/12
to tumbl...@googlegroups.com
Hi John - thanks for the reply. I do think what you're saying makes sense. In fact I'm "fully authenticating" all of my requests to the Tumblr 2.0 API. I abbreviated the requests and responses quite a bit to make them more email-friendly. I meant to imply by the fact that e.g. I can get drafts and was able to publish a private post AND retrieve it, that my requests are fully authenticated. But I will triple-check to ensure that the /posts request that doesn't return private posts is in fact contain a valid OAuth authentication.
Daniel
Message has been deleted
John Bunting
Aug 18, 2012, 5:44:22 PM8/18/12
to tumbl...@googlegroups.com
That's really really really strange. OK, I'll poke around and see what I can find out.
--
John Bunting
Simplicity is a prerequisite for reliability
--Edsger W. Dijkstra
On Saturday, August 18, 2012 at 5:42 PM, Daniel Jalkut wrote:
John, for example, the exact same code executed against a FULLY PRIVATE Tumblr blog returns all the posts, as you described. This strongly implies that my requests are fully authenticated and that they meet the requirements of the server to vend private posts.However, when I request posts from /posts on marstesting.tumblr.com, none of the private *posts* on that blog are returned.
Daniel
On Wednesday, August 15, 2012 5:16:00 PM UTC-4, John Bunting wrote:
Daniel Jalkut
Aug 18, 2012, 5:52:08 PM8/18/12
to tumbl...@googlegroups.com
Thanks for the incredibly fast response :) I just deleted my post moments after sending it because I double-checked and realized I had apparently changed the "private" test blog to no longer have a password. So that's not a valid test case.
I'm still poking around some more here to see what I can figure out. Judging from my success in doing all manner of other OAuth-requisite requests, including /delete, etc., it would seem my OAuth is sound. But maybe there is something subtle in the /posts requests.
Please don't waste any time poking around at this until I update with a more complete summary of what's still confirmed failing. Thanks!
Daniel
John Bunting
Aug 18, 2012, 5:54:29 PM8/18/12
to tumbl...@googlegroups.com
Alright, let me know as soon as you're done. I've got no problems poking around :)
Let me know!
--
John Bunting
Simplicity is a prerequisite for reliability
--Edsger W. Dijkstra
Daniel Jalkut
Aug 21, 2012, 1:41:50 PM8/21/12
to tumbl...@googlegroups.com
John, thanks again for your patience with me while I tracked this down. It turns out to be something very subtly wrong in my OAuth signature generation: if the request path ends in a trailing / like:
Then I am stripping out the trailing "/" during normalization for the base string. If I just use the URL without a trailing slash:
My signature matches Tumblr's expectations and Tumblr vends the private posts!
So it looks like I'll be able to fix this by addressing the issue in my OAuth signature generation for this case where there's a trailing slash in the URL path.
Daniel
John Bunting
Aug 21, 2012, 1:44:19 PM8/21/12
to tumbl...@googlegroups.com
Ah! Excellent! glad you figured it out :D Let me know if you hit any other snags :)
Simplicity is prerequisite for reliability
--Edsger W. Dijkstra
--Edsger W. Dijkstra
Reply all
Reply to author
Forward
0 new messages