Oauth Issues

woody64 · Dec 16, 2016

Maybe this request summarizes questions raised in several threads:

1) I can't use Oauth since my provider does not offer Oauth

.... I have started to use this, since you can upload it to the server as pure php
https://www.phpclasses.org/package/7700-PHP-Authorize-and-access-APIs-using-OAuth.html
2) I get a "signature invalid" ... or maybe the sticky "Authorization error"

I get a 401 error and debugging shows that the string used for signature is built like:

GET&https%3A%2F%2Fapi.shapeways.com%2Fmodels%2F5302680%2Fv1&oauth_consumer_key%3<mykey>a%26oauth_nonce%3<....>%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1481872054%26oauth_token%<mytoken>1%26oauth_version%3D1.0

in the Wireshark protocol of a working example I have found in the Authorization header:
OAuth oauth_consumer_key=\"<mykey>",oauth_signature_method=\"HMAC-SHA1\",oauth_nonce=\"....\",oauth_timestamp=\"1481834111\",oauth_version=\"1.0\",oauth_token=\"<mytoken>",oauth_signature=\"NjNZqHNgoSUUS6YWQdNRqa8aNEk%3D\"
0
Is the problem in the url?
Is it guaranteed that the options are sorted as stated by the Oauth protocal before building the key?

3) The provided example in php-curl runs also in an authentication failure when requesting the token.

https://api.shapeways.com/oauth1/re...oauth_signature=L4Kn9tkdl7pNHnjwmzIz6p0WX8Q=<

Woody64

woody64 · Dec 16, 2016

Topic closed (initialization failure).

I was able to request the data of a model successfully via Oauth from
https://www.phpclasses.org/package/7700-PHP-Authorize-and-access-APIs-using-OAuth.html

That's for all, who can't use pecl-oauth.

woody64 · Dec 17, 2016

Here's my code example using the above given oauth (<> pecl) to retrieve the parameter of a model.
It uses the same token files as the pecl examples.

Code:

<?php
/*
* GetSWModel.php
*/

    /*
     *  Get the http.php file from https://www.phpclasses.org/httpclient
     */
    require('http.php');
    require('oauth_client.php');
    require "../php-pecl/consumer_key.php";
    require "../php-pecl/access_token.php";
    require "../php-pecl/api_url_base.php";
    require "../php-pecl/error.php";

        function printModel($model) {
   
        global $access_token, $access_secret, $consumer_key, $consumer_secret;

    $client = new oauth_client_class;
    $client->debug = true;
    $client->debug_http = true;
    //$client->server = '';
        $client->oauth_version = "1.0";
        //$client->request_token_url = "https://api.shapeways.com/oauth1/request_token/v1";
        $client->access_token_authentication = "basic";
        $client->authorization_header = true;
        $client->access_token    = $access_token;
        $client->access_token_secret   = $access_secret;
        $client->signature_method = 'HMAC-SHA1';


    // set the reauthenticate access only if you need to force the user to
    // authenticate again even after the user has authorized the application
    // before.
    $client->reauthenticate = false;

    $client->redirect_uri = 'oob';

    $client->client_id = $consumer_key; $application_line = __LINE__;
    $client->client_secret = $consumer_secret;


    if(strlen($client->client_id) == 0
    || strlen($client->client_secret) == 0)
        die('Please go to Shapeways Apps page https://developers.shapeways.com/apps , '.
            'create an application, and in the line '.$application_line.
            ' set the client_id to App ID/API Key and client_secret with App Secret');


    if(($success = $client->Initialize()))
    {

        $success = $client->CallAPI(
            'https://api.shapeways.com/models/' . $model . '/v1',
            'GET', array(), array('FailOnAccessError'=>true, 'ResponseContentType'=>'application/json'), $response);
        echo "<pre>";
        var_dump($response);
        echo "</pre>";
       
        $success = $client->Finalize($success);
    }
        print(HtmlSpecialChars(print_r($client->debug_output, 1)));

    if($client->exit) exit;
}
?>
<body>
<form action="?" method="post">
    <input type="text" name="model" placeholder="ModelID" />
    <input type="submit" value="submit" onclick="test()" />
</form>
</body>

<?php
if (isset($_POST["model"])){ //If it is the first time, it does nothing   
  printModel($_POST["model"]);
}
   
?>

woody64 · Dec 18, 2016

With the example above as base I can do all GET requests. Only for GET /models/v1 I receive the following negative answer.

Code:

object(stdClass)#3 (2) {
  ["result"]=>
  string(7) "failure"
  ["reason"]=>
  string(72) "Model id 4369921 uses variants and cannot be accessed from this endpoint"
}

OAuth client: Accessing the API call at https://api.shapeways.com/models/v1 OAuth client: Could not retrieve the OAuth access token. Error: it was not possible to access the API call: it was returned an unexpected response status 400 Response: {"result":"failure","reason":"Model id 4369921 uses variants and cannot be accessed from this endpoint"}

But there's no model requested in this request, any ideas on that?

The same happens with SW'as pecl example when I use the path /models/v1 in the GetModel code.

Code:

Exception : Invalid auth/bad request (got a 400, expected HTTP/1.1 20X or a redirect)
Error : stdClass Object
(
    [result] => failure
    [reason] => Model id 4369921 uses variants and cannot be accessed from this endpoint
)

woody64 · Dec 22, 2016

API /get/models is currently broken requesting pages where variants are in

Maybe some have already recognised that calls for models using variants fail in the same way. For getting the model list that is not quite obvious.
But remembering my times for first failure analysis responsible in a very big broadband switch application I can smell failures like that. Trying a page number containing no variants results in no problem and I get back the list of models on this page.

1064125_deleted · Feb 13, 2017

hey @woody64 , there is a lot going on here, can you provide more color here: bit.ly/api-issues-form? Or could you give me a sense of what you're trying to accomplish and what platforms you're working with?

woody64 · Feb 13, 2017

At least the last time I've tried it the /get/models call failed when requesting a side where a item with variant is in. Then it results in the failure above.
That's an incomplete implementation for variants (which are not supported yet) but should not lead to a failure during /get/models call.
Think I asked back and also some other user had the same experience.
It seems that that is an implementation issue on your side and platform independent.
Due to my provider I can't use php with Oauth, I have a source php Oauth implementation (which does not cause the error since it is able to load any sides without variants).

Woody64

P.S.: don't know if the error still exists since I haven't checked it since my last post

1064125_deleted · Feb 13, 2017

@woody64 yep, the current implementation of variants causes issues on the API side. We are discussing it and are in the process of allowing you to request the models that are not variant enabled.

This issue is larger than a simple dump of your model files since the API does not yet distinguish between products (which can have multiple variants) and models (which multiple could be associated to a single product). This is something we're working towards in Q2/Q3 this year. The reason this will take a while is, while we offer tremendous flexibility, (we are allowing for a very broad range of options - including the notion of product sets...) it comes at the cost of a more complex data model. So in order to properly structure that in a usable fashion for the API, it's going to take some further definition.

However, if you're hoping just to work with your non-variant products, I agree we should not throw an error just because a single model was enabled for variants.

All in all, know that this is an issue we're taking seriously and are earnestly working towards a suggestion.

woody64 · Feb 13, 2017

In /get/models we are speaking about a page of models. And this request fails if one model with variants enabled is in. That's a bug and should be corrected, maybe by simple not listing the model. Otherwise the complete /get/models is broken.

1064125_deleted · Feb 14, 2017

@woody64 we're working on a fix to allow you to use GET /models as expected. However, if you request more detail on a specific model (/model/{modelId}/info/v1) that is variant enabled, that may return a warning messge.

woody64 · Feb 14, 2017

Currently I have stopped using it because of this failure (it hinders to get all models of your shop). So if /get/modes will be working again it's at least once more a starting position

stonysmith · Feb 14, 2017

It would be best if GET /models would return a list of all Model_Ids and the SPIN where each of them is in use. It would be a many-to-many relationship.

1064125_deleted · Mar 28, 2017

@stonysmith @woody64 Hi all, /models has been amended to return models regardless if they are variant-ed or not. However, requesting /models/{modelId} and /models/{modelId}/info will still fail, due to the current coupling between models and products in API

However, for most use cases, this may be the quickest resolution based on your feedback! Thanks everyone.

I am hoping to provide a dedicated /products endpoint sometime this year (*fingers crossed*). In the meanwhile, I hope to introduce myself to you and get more of your feedback. I want to leverage our combined voice to raise up more of these needs to the org for better visibility and prioritization. Will you join me? If so, please DM me

stonysmith · Mar 30, 2017

Thank you for fixing that. That helps because I can now get a full list of my models instead of the limited listing before.

However, I still need a good way to cross-reference ModellNo versus SPIN. I wish that /models would return the SPIN, and present the cartesian product of ModelNo vs SPIN

Log in

Additive Manufacturing

Traditional Manufacturing

Selective Laser Sintering (SLS)

Binder Jetting

Multi Jet Fusion (MJF)

Stereolithography (SLA)

Selective Laser Melting (SLM)

Material Jetting

Wax Casting

About

Resources

My Shapeways

Oauth Issues

Ready to get started?

Services

Support

Shapeways