Can't login via the API

rtopitt · May 21, 2013, 11:19pm

I’m sending the required parameters as per https://www.newsblur.com/api#/api/login and correct password, but the response is always “authenticated”.

Example:

$ curl -i -X POST -d ‘{“username”: “MYUSERNAME”, “password”: “MYPASSWORD”}’ ‘https://www.newsblur.com/api/login’

HTTP/1.1 200 OK
Server: gunicorn/0.17.2
Date: Tue, 21 May 2013 23:16:43 GMT
Transfer-Encoding: chunked
Vary: Cookie
X-Mr-Burns: I don’t like being outdoors, Smithers. For one thing, there’s too many fat children.
Content-Type: application/json
X-gunicorn-server: app17

{“code”: -1, “authenticated”: false, “errors”: {“username”: [“Please enter a username.”]}, “result”: “ok”}

samuelclay · May 22, 2013, 12:04am

I don’t think that’s how you send a POST request with curl.

rtopitt · May 22, 2013, 12:23am

Yes, it is. But I forgot to add the Accept and Content-type headers before, so another try:

$ curl -i -X POST -H ‘Accept: application/json’ -H ‘Content-type: application/json’ -d ‘{“username”: “MYUSERNAME”, “password”: “MYPASSWORD”}’ ‘https://www.newsblur.com/api/login’
HTTP/1.1 200 OK
Server: gunicorn/0.17.2
Date: Wed, 22 May 2013 00:19:47 GMT
Transfer-Encoding: chunked
X-Homer: How could you?! Haven’t you learned anything from that guy who gives those sermons at church? Captain Whatshisname? We live in a society of laws! Why do you think I took you to all those Police Academy movies? For fun? Well, I didn’t hear anybody laughing, did you? Except at that guy who made sound effects. Makes sound effects and laughs. Where was I? Oh yeah! Stay out of my booze.
Content-Type: application/json
X-gunicorn-server: app21
Vary: Cookie

{“code”: -1, “authenticated”: false, “errors”: {“username”: [“Please enter a username.”]}, “result”: “ok”}

Same problem. Of course I’m supplying my real username and password on my tests.

Also, shouldn’t it respond with a 401 status code instead of 200, if it is an authentication error?

rtopitt · May 22, 2013, 12:25am

Oh, I figured it out! The problem is that the API responds with JSON data but expects the inputs as form-url-encoded data

So this works:

$ curl -i -X POST -H ‘Accept: application/json’ -d ‘username=MYUSERNAME&password=MYPASSWORD’ ‘https://www.newsblur.com/api/login’
HTTP/1.1 200 OK
Server: gunicorn/0.17.2
Date: Wed, 22 May 2013 00:24:00 GMT
Transfer-Encoding: chunked
X-Homer: And here I am using my own lungs like a sucker.
Content-Type: application/json
X-gunicorn-server: app21
Vary: Cookie
Set-Cookie: newsblur_sessionid=MYSESSIONID; Domain=.newsblur.com; expires=Fri, 22-May-2015 00:24:00 GMT; httponly; Max-Age=63072000; Path=/

{“code”: 1, “authenticated”: true, “errors”: null, “result”: “ok”}

The documentation should say this clearly.

AndrewMittereder · May 31, 2013, 6:33am

I am having this same issue. I’m trying to use the API to login using Fiddler, and I get the same error as above. This is the exact request Fiddler is sending:

POST https://www.newsblur.com/api/login HTTP/1.1
User-Agent: Fiddler
Accept: application/json
Content-Type: x-www-form-urlencoded
Host: www.newsblur.com
Content-Length: 47

username=USERNAME&password=PASSWORD

What am I doing wrong?

AndrewMittereder · June 1, 2013, 7:08pm

I figured it out. Content-Type should have been “application/x-www-form-urlencoded”. Oops.