403 Invalid token error on GET users

[David Cheng]

Hello.  I'm new to Valence.  I have some Salesforce Apex code (written by someone else) that creates a D2L user.  The code is working fine.

I want to add an Apex method to retrieve info for an existing D2L user using the userName parameter.  I've copied the existing method, changed to a GET, set the query parameter to userName, and kept everything else the same.

When I call my method, I get a 403 Invalid Token error.

Do I need to use different authorization parameters for a GET?  For example, do I still need to include a timestamp?

Thanks

David

[David Cheng]

Here's a portion of the Salesforce Apex code:

public static final String USERS = '/d2l/api/lp/1.0/users/';

String TIMESTAMP_PARAM_VALUE = String.valueOf(Datetime.now().getTime()).substring(0,10);

String method = GETMETHOD;

String action = USERS;

String signData = method + '&' + action + '&' + TIMESTAMP_PARAM_VALUE;

String userSignature = sign(signData,USER_KEY);

String appSignature = sign(signData,APP_KEY);

String SIGNED_USER_PARAM_VALUE = userSignature;

String SIGNED_APP_PARAM_VALUE = appSignature;

String endPoint = DOMAIN + action + '?' + 

APP_ID_PARAM + '=' + APP_ID + '&' + 

USER_ID_PARAM + '=' + USER_ID + '&' +

SIGNED_USER_PARAM + '=' + SIGNED_USER_PARAM_VALUE + '&' + 

SIGNED_APP_PARAM + '=' + SIGNED_APP_PARAM_VALUE + '&' + 

TIMESTAMP_PARAM + '=' + TIMESTAMP_PARAM_VALUE; 

HttpRequest req = new HttpRequest();

req.setMethod(method);

req.setTimeout(30000);

req.setEndpoint(endPoint);

req.setBody('{ "orgDefinedId"' + ':' + '"' + person.Id + '" }');

[Desire2Learn Staff: Sarah-Beth]

Hi David

To answer your question, every call requires a timestamp within the authorization parameters. That requirement doesn't differ based on whether you're doing a GET, PUT, POST, etc.

I'd recommend trying out the calls you want to make using the API Test Tool. This utility allows you to point to your own LMS, use your App ID\Key Pair and authenticate as the appropriate user. Then you can test individual API calls, knowing that the authentication piece and issues with your own code aren't causing erroneous results. Once you confirm that you can successfully make the calls given the user account and query parameters, you can return to your code to troubleshoot from there.

I also notice that you are using a 1.0 version of the route. Be aware that older versions of the API are currently Deprecated - see release notes for more detail. As a best practice, you should use the latest available version of the API routes you're calling. You can verify the versions available in your environment by doing a Get Versions call. This call can be easily done with the API Test Tool as well - it's one of the pre-configured calls in that utility.

~S-BB

[David Cheng]

Thanks, that got me on the right track and I figured out what I did wrong.   I thought I needed to pass a JSON string but of course I needed to pass regular URL parameters instead.

[Desire2Learn Staff: Sarah-Beth]

Great! Glad to know you're back on track. If you can share any details, it'd be great to hear what you're doing with the APIs with this project.