2

I'm trying to get data from my SendGrid account via their API. I'm using classic ASP. I found some code that works except that I need to add authorization for SendGrids API as described in their documentation.

I've found several examples that seem to suggest I need to add xmlhttp.setRequestHeader after the xmlhttp.open and before the xmlhttp.send but when I uncomment the line "xmlhttp.setRequestHeader" below I get a 500 error in my browser. Can anyone tell me now to add the authorization part to the xmlhttp object?

Edit for clarity: When I comment the line "xmlhttp.setRequestHeader..." the script runs and returns the expected json result that says I need to authenticate. When I uncomment that line I get a 500 error. I have replaced my working api key (tested with a cURL command) with a generic placeholder in my code below. The real key is in place in the file on my server.

Heres the code I'm using:

<%@ Language=VBScript %>
<%
Set xmlhttp = CreateObject("Msxml2.ServerXMLHTTP.6.0")
xmlhttp.open "GET", "https://api.sendgrid.com/v3/campaigns?limit=10&offset=0 HTTP/1.1", false
'xmlhttp.setRequestHeader "Authorization", "Bearer my-correct-sendgrid-api-key"
xmlhttp.send ""
Response.AddHeader "Content-Type", "application/json;charset=UTF-8"
Response.Charset = "UTF-8"
pageReturn = xmlhttp.responseText

Set xmlhttp = Nothing 
response.write pageReturn
%>

It seems the basics are working because the code above returns the expected json results, the error message that says I need to authenticate:

{
    errors: [
        {
        field: null,
        message: "authorization required"
        }
    ]
}

SendGrids documentation uses this example:

GET https://api.sendgrid.com/v3/resource HTTP/1.1
Authorization: Bearer Your.API.Key-HERE
Community
  • 1
  • 1
slamslam102
  • 63
  • 2
  • 8
  • 1
    In your code, the `xmlhttp.setRequestHeader...` line is commented? – Flakes Jun 07 '16 at 06:47
  • 1
    Have [added correct syntax highlighting](http://stackoverflow.com/revisions/37669768/2) which should emphasise @SearchAndResQ's point. The `'` character is used in VBScript to comment out a line which means VBScript will ignore it when executing, so at the moment `xmlhttp.setRequestHeader "Authorization", "Bearer my-correct-sendgrid-api-key"` is being ignored. Remove the `'` comment. – user692942 Jun 07 '16 at 10:21
  • Thanks for the replys, the line is commented because when I uncomment it a 500 error is produced. I'm trying to ask if this is the correct way to add the authentication, and if so, how can I troubleshoot the line? – slamslam102 Jun 07 '16 at 12:53
  • It's an `Authorization` header which Yes is a correct way to check authorization and is used by many mainstream APIs. If they want you to pass an HTTP `Authorization` header then that is what you pass but obviously `Your.API.Key-HERE` needs to be replaced with a real API key you have been provided with by the API creators *(usually there is some [registration process for acquiring keys](https://app.sendgrid.com/settings/api_keys))*. – user692942 Jun 07 '16 at 14:32
  • I should have noted in my original question that in the code I'm using on my server, the correct api key is in place. I have tested it with a cURL command which returns the expected results. – slamslam102 Jun 07 '16 at 15:07

4 Answers4

2

Thanks everyone! Credit goes to Kul-Tigin for pointing out my error, which was misinterpreting the comment "HTTP/1.1" for part of the url in SendGrids example.

When I changed:

xmlhttp.open "GET", "https://api.sendgrid.com/v3/campaigns?limit=10&offset=0 HTTP/1.1", false
xmlhttp.setRequestHeader "Authorization", "Bearer my-correct-sendgrid-api-key"

to:

xmlhttp.open "GET", "https://api.sendgrid.com/v3/campaigns?limit=10&offset=0", false
xmlhttp.setRequestHeader "Authorization", "Bearer my-correct-sendgrid-api-key"

It started working without errors. Here's the working code:

<!-- language: lang-js -->
<%@ Language=VBScript %>
<%
Set xmlhttp = CreateObject("Msxml2.ServerXMLHTTP.6.0")
xmlhttp.open "GET", "https://api.sendgrid.com/v3/campaigns?limit=10&offset=0", false
xmlhttp.setRequestHeader "Authorization", "Bearer my-correct-sendgrid-api-key"
xmlhttp.send ""
Response.AddHeader "Content-Type", "application/json;charset=UTF-8"
Response.Charset = "UTF-8"
pageReturn = xmlhttp.responseText

Set xmlhttp = Nothing 
response.write pageReturn
%>

SearchAndResQ I'll read the link you provided on error trapping. Thanks!

Community
  • 1
  • 1
slamslam102
  • 63
  • 2
  • 8
1

After some discussion in the comments, it seems the issue is this line

xmlhttp.setRequestHeader "Authorization", "Bearer my-correct-sendgrid-api-key"

This is the correct way to set a HTTP Authorization header on a IServerXMLHTTPRequest instance.

The Bearer my-correct-sendgrid-api-key will need to be replaced with your actual API key or you'll likely have an error response.

According to the documentation;

From How To Use The Web API v3 - Authentication
API Keys can be generated in your account - visit https://app.sendgrid.com/settings/api_keys. To use keys, you must set a plain text header named “Authorization” with the contents of the header being “Bearer XXX” where XXX is your API Secret Key.

Community
  • 1
  • 1
user692942
  • 16,398
  • 7
  • 76
  • 175
  • I have a working api key tested with a cURL command. I just didn't include it in the code I posted. It is in place in the version on my server. Sorry for the confusion. – slamslam102 Jun 07 '16 at 15:10
  • @slamslam102 In that case what is the error you are receiving?, you are not being very clear. We are here to help but we aren't mind readers, you need to meet us some of the way. – user692942 Jun 07 '16 at 15:11
  • When I uncomment the line i get a 500 error in my browser. I must be missing something basic. I dont have access to the logs so I cant be more specific. Sorry for the confusion. I guess I didn't formulate my question well. – slamslam102 Jun 07 '16 at 15:16
  • @slamslam102 If your not getting a detailed error message make sure [Send Errors to Browser](http://stackoverflow.com/a/29962918/692942) is set to `True`. – user692942 Jun 07 '16 at 15:21
  • Thanks Lankymart, I don't have access to do that myself, so I'll ask my associate who does if he can set that. He's traveling for a week right now though. – slamslam102 Jun 07 '16 at 15:38
  • @slamslam102 Depending on the IIS version you have it should be possible to modify the `web.config` so no need to do it on the server, if that helps. – user692942 Jun 07 '16 at 15:41
  • 3
    @slamslam102 remove `HTTP/1.1` from your URL, it's not part of URLs, just for information. – Kul-Tigin Jun 08 '16 at 01:34
1

If you cannot access the error logs, you could trap the error using On Error Resume Next and see what the error description tells you.

<%@ Language=VBScript %>
<%
Set xmlhttp = CreateObject("Msxml2.ServerXMLHTTP.6.0")

xmlhttp.open "GET", "https://api.sendgrid.com/v3/campaigns?limit=10&offset=0", false
On Error Resume Next
xmlhttp.setRequestHeader "Authorization", "Bearer xx.xxxxx.xxxx"
If Err.Number<>0 Then
    Response.Write "Error:" & Err.Description & "<br>"
End If
On Error GoTo 0
xmlhttp.send ""
Response.AddHeader "Content-Type", "application/json;charset=UTF-8"
Response.Charset = "UTF-8"
pageReturn = xmlhttp.responseText

Set xmlhttp = Nothing 
response.write pageReturn
%>

See : On Error Statement

Flakes
  • 2,422
  • 8
  • 28
  • 32
0

this works for getting access to a remote api from classic asp.

the inverse is creating an api en classic asp and the client needs to send us a token auth

in this case you get this value: Request.ServerVariables("HTTP_Authorization")

this one takes to me weeks and weeks inderstanding, but i know how to and want to share with all te asp developers. asp forever

dina
  • 1
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Oct 23 '21 at 08:34