0

I'm using the BullionVault API to view my orders.

I have to be logged in to view it.
My issue is that when I try to login with an HTTP request, my console output is the HTML DOM of the BUllionVault login page.

I use the requests from the official documentation https://www.bullionvault.com/help/xml_api.html and python language.

My request to login :

payload2 = {'j_username': 'myusername', 'j_password': 'mypassword'}
requests.get("https://or.bullionvault.fr/secure/login.do", params=payload2)

My request to view my orders : 

requests.get("https://or.bullionvault.fr/secure/view_orders_xml.do")

EDIT :
Thanks to @Vikas I updated my code.

login_page_url = "https://or.bullionvault.fr/secure/login.do"
login_page_url2 = "https://live.bullionvault.com/secure/j_security_check"
payload2 = {'j_username': 'myusername', 'j_password': 'mypassword'}

with requests.Session() as s:

    a = s.get(login_page_url)
    print(s.cookies)
    b = s.get(login_page_url2, params = payload2)
    c = s.get("https://or.bullionvault.fr/secure/view_orders_xml.do")

    print(a)      #output status 200
    print(b)      #output status 200
    print(c)      #output status 200
    print(c.text) #output HTML DOM

However I still have my issue : last request response is the HTML DOM of the login page.

SOLUTION :

Bullionvault updated its API to version 2.0. There were also parameters missing in my code.

login_page_url = "https://or.bullionvault.fr/secure/login.do"
login_page_url2 = "https://live.bullionvault.com/secure/j_security_check"
payload2 = {'j_username': 'myusername', 'j_password': 'mypassword'}
payload3 = {'confirmed': 'true'}
payload4 = {'simple': 'true'}

with requests.Session() as s:
    a = s.get(login_page_url)       
    b = s.post(login_page_url2, data = payload2)
    c = s.get("https://live.bullionvault.com/secure/api/v2/view_orders_xml.do", params = payload3)
    d = s.get("https://live.bullionvault.com/secure/api/v2/view_balance_xml.do", params = payload4)
Johnrednex
  • 305
  • 5
  • 17

1 Answers1

1

Are You passing the JSESSIONID with subsequent requests? In documentation it is clearly mentioned that after login you get a JESSIONID

Please note that our webservers use a session cookie to track your login session (JSESSIONID)

You should pass them in header

headers =  { 'Cookie': 'JSESSIONID=<value>'}
requests.get("https://or.bullionvault.fr/secure/view_orders_xml.do", headers=headers)
Vikas Madhusudana
  • 1,482
  • 1
  • 10
  • 20
  • Indeed I'm not passing any JESSIONID. I think I'll use python Session Objects to persist cookies across all requests made from the Session instance. – Johnrednex May 24 '16 at 12:07
  • Are you seeing the JESSIONID when you print cookies – Vikas Madhusudana May 25 '16 at 08:38
  • Also can you do a `print s.request.headers` to what headers you have sent? – Vikas Madhusudana May 25 '16 at 08:45
  • I see a JSESSIONID and `print s.headers` outputs `{'User-Agent': 'python-requests/2.9.1', 'Connection': 'keep-alive', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*'}` – Johnrednex May 25 '16 at 09:04
  • shouldn't the header have the cookie? – Vikas Madhusudana May 25 '16 at 09:05
  • You're right : `a.headers` and `b.headers` should contain the JSESSIONID. I checked. Only `a.headers` contains it. Does it mean cookies are not persisted ? – Johnrednex May 25 '16 at 09:25
  • This means that the server is not sending a set-cookie in response header. Can you check the response header of your login. Gnerally Sessions can only handle set-cookie headers if your server is sending simply a string the client will not know it has to set the cookie – Vikas Madhusudana May 25 '16 at 09:27
  • The reponse header of my login doesn't contain the cookie ID. I am also wondering if a post request shouldn't be more appropriate with for the login request, as explained here [link](https://stackoverflow.com/questions/21736970/using-requests-module-how-to-handle-set-cookie-in-request-response). What do you think ? – Johnrednex May 25 '16 at 09:52
  • Yes you can try that. Not sure how post and get will differ on the same session object. If that does not work you should get the cookie and set it in header – Vikas Madhusudana May 25 '16 at 10:24
  • I tried POST, now the cookie seems set. `mypostrequest.hearders` output cointains `'Set-Cookie': 'visits=1; Expires=Thu, 25-May-2017 12:00:46 GMT;` But I still have my issue. – Johnrednex May 25 '16 at 12:10
  • I found the solution and edited my post. Thanks for your help. – Johnrednex May 25 '16 at 12:38