Back to OAuth General Discussion YDN SDKs Forum

python with api.del.icio.us/v2/

I'm trying to get the v2 delicious api working for me using Python. For now, I don't need or want to implement a callback. I just want to run the script locally and work with results. I signed up for oauth and got the key, secret. I set the Application URL but I don't intend to have a public url at this point so I set it to a domain I own.

y_app_url = 'http://www.wigglback.com/bkn'
params = ''
params += 'oauth_signature='+y_secret # this value is from my YDN project
params += '&oauth_consumer_key='+y_key # this value is from my YDN project
params += '&oauth_signature_method=plaintext'
params += '&oauth_version=1.0'
params += '&oauth_callback=oob' # I don't need a callback so this is a dummy suggested by a forum response
params += '&oauth_nonce='+'whatthe' # random string
params += '&oauth_timestamp='+str(time.time()) # must be +-600 seconds current time.
req = 'https://api.login.yahoo.com/oauth/v2/get_request_token?'
print req+params
x = urllib2.urlopen(req+params)
print 'x: ',x.read()

I get the error:

urllib2.HTTPError: HTTP Error 401: Forbidden

I get the same result using Python 2.5 and 2.6

Jim
Mar 23, 2010

9 Replies

- omiga
- Mar 23, 2010
Hi Jim,

The get_request_token API returns detailed error information in the
HTTP response headers and body. Can you please paste it here?

There is at least one problem with your request: The signature method
should be "PLAINTEXT" because all OAuth parameters are case-sensitive.

FYI, you can print out the whole URL and then use either wget
(http://www.gnu.org/software/wget/) or curl (http://curl.haxx.se/) to
fetch the URL. Then you can see the detailed HTTP response. E.g.,

wget -S -d 'https://api.login.yahoo.com/oauth/v2/get_request_token?oauth_version=1.0&oauth_nonce=8c76a87ffd3e4f48b53ed4b669b0b35f&oauth_timestamp=1268432350&oauth_consumer_key=dj0yJmk9TUJETmxhUG9WbDlPJmQ9WVdrOWR6Um9kRkl3TXpRbWNHbzlNV
GszTVRBM05USXhOQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02MQ--&oauth_signature_method=PLAINTEXT&oauth_signature=821ce9362da7d3d441265e77469a1339c42097612526&oauth_callback=oob'

curl -v 'https://api.login.yahoo.com/oauth/v2/get_request_token?oauth_version=1.0&oauth_nonce=8c76a87ffd3e4f48b53ed4b669b0b35f&oauth_timestamp=1268432350&oauth_consumer_key=dj0yJmk9TUJETmxhUG9WbDlPJmQ9WVdrOWR6Um9kRkl3TXpRbWNHbzlNV
GszTVRBM05USXhOQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02MQ--&oauth_signature_method=PLAINTEXT&oauth_signature=821ce9362da7d3d441265e77469a1339c42097612
526&oauth_callback=oob'

I hope this helps.

Thanks,
Yu Wang
Yahoo! Membership

Report Abuse

0
- Jim
- Mar 30, 2010
Here is what I get back when I use wget,

Resolving api.login.yahoo.com... 72.30.12.29
Connecting to api.login.yahoo.com|72.30.12.29|:443... connected.
ERROR: cannot verify api.login.yahoo.com's certificate, issued by `/C=US/O=Equifax/OU=Equifax Secure Certificate Authority':
Unable to locally verify the issuer's authority.
To connect to api.login.yahoo.com insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.

When I use wget with --no-check-certificate I get,

Resolving api.login.yahoo.com... 72.30.12.29
Connecting to api.login.yahoo.com|72.30.12.29|:443... connected.
WARNING: cannot verify api.login.yahoo.com's certificate, issued by `/C=US/O=Equifax/OU=Equifax Secure Certificate Authority':
Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 401 Authorization Required
Authorization failed.

Report Abuse

0
- omiga
- Mar 30, 2010
Can you please try with the curl command? It should print more information than wget.

Report Abuse

0
- Jim
- Mar 31, 2010
The key and secret are from my app page, http://developer.apps.yahoo.com/projects/F...iew=permissions. On that page I also set the radio button "Private user data selected below (Your end users must consent to each of these scopes):" and have Delicious set to Read/Write. All others set to No Access.

With curl

curl -H "Accept: text/plain" "https://api.login.yahoo.com/oauth/v2/get_request_token" -d "oauth_signature=<MY CONSUMER SECRET PASTED HERE>&oauth_consumer_key=<MY CONSUMER KEY PASTED HERE>&oauth_signature_method=PLAINTEXT&oauth_version=1.0&oauth_callback=oob&oauth_nonce=whatthe&oauth_timestamp=1270080043.42" -v

I get,

* About to connect() to api.login.yahoo.com port 443 (#0)
* Trying 72.30.12.29... connected
* Connected to api.login.yahoo.com (72.30.12.29) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /usr/share/curl/curl-ca-bundle.crt
CApath: none
* SSLv2, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=*.login.yahoo.com
* start date: 2009-08-06 16:15:22 GMT
* expire date: 2014-09-07 01:34:02 GMT
* common name: *.login.yahoo.com (matched)
* issuer: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
* SSL certificate verify ok.
> POST /oauth/v2/get_request_token HTTP/1.1
> User-Agent: curl/7.16.3 (powerpc-apple-darwin9.0) libcurl/7.16.3 OpenSSL/0.9.7l zlib/1.2.3
> Host: api.login.yahoo.com
> Accept: text/plain
> Content-Length: 304
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 401 Forbidden
< Date: Wed, 31 Mar 2010 23:53:46 GMT
< P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
< WWW-Authenticate: OAuth oauth_problem=signature_invalid
< Connection: close
< Transfer-Encoding: chunked
< Content-Type: application/x-www-form-urlencoded
<
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
oauth_problem=signature_invalid[1]- Exit 2

Report Abuse

0
- omiga
- Apr 1, 2010
Hi Jim,

I think the oauth_signature should be concatenation of your ckey secret and '%26'.
You can check the OAuth spec for details:
http://oauth.net/core/1.0a/#anchor21

Thanks,
Yu Wang

Report Abuse

0
- Jim
- Apr 9, 2010
I tried,

params += 'oauth_signature='+y_secret+'%26'+y_key

and still get a 401 forbidden response.

Does anyone have a python example that works?

Report Abuse

0
- omiga
- Apr 9, 2010
Hi Jim,

If you do another URL encoding on "params", then you should change
"%26" to "&".

Thanks,
Yu Wang
Yahoo! Membership Team

Report Abuse

0
- omiga
- Apr 9, 2010
Hi Jim,

Please see the following Python code that works for me:

import time
import urllib2

params = ''
y_key = 'dj0yJmk9OGlwUzJJT0Z2WUlkJmQ9WVdrOU9HbHFla05pTnpRbWNHbzlOREl6TURFMk5EWXkmcz1j
b25zdW1lcnNlY3JldCZ4PWMy'

y_secret = 'b801cc9933b394ad7d8c3763af4f5f3db6747957'

params += 'oauth_signature='+y_secret + '%26' # this value is from my YDN project
params += '&oauth_consumer_key='+y_key # this value is from my YDN project
params += '&oauth_signature_method=PLAINTEXT'
params += '&oauth_version=1.0'
params += '&oauth_callback=oob' # I don't need a callback so this is a dummy suggested by a forum response
params += '&oauth_nonce='+'whatthe' # random string
params += '&oauth_timestamp='+str(int(time.time())) # must be +-600 seconds current time.
req = 'https://api.login.yahoo.com/oauth/v2/get_request_token?'
print req+params
x = urllib2.urlopen(req+params)
print 'x: ',x.read()

Please try it out.

Thanks,
Yu Wang
Yahoo! Membership Team

Report Abuse

0
- Jim
- Apr 13, 2010
THANKS !!!!!!!!!!!!!!!!

It was the magic '%26' needed after the secret.

params += 'oauth_signature='+y_secret +'%26'

Report Abuse

0

Ask a Question

Yahoo! Developer Network

python with api.del.icio.us/v2/

Recent Posts