0

I want to call one API from another API. So external API is having jwt token based authentication .

import requests
response = requests.get('http://host:port/api/users', auth= ("username","password"))

I am getting error :

{"error":"authentication failed: jwt parse error: token contains an invalid number of segments","code":16,"message":"authentication failed: jwt parse error: token contains an invalid number of segments","details":[]}

Or , First i need to call login API ,get the token and while calling another API apply that token in header. If it so then why 'auth' param is there in requests.get(URL, auth=(username,password))?

dejanualex
  • 3,872
  • 6
  • 22
  • 37
Vivek Kumar
  • 159
  • 3
  • 13
  • Do you know when the token expires? If it expires frequently, you may have to call login API and get the token. – Sri Apr 28 '20 at 13:59
  • Did you get the token? if yes then prefix "Bearer " to the token value and pass as authorization header in the next request (Note the space after bearer) . You can add headers as specified here https://requests.readthedocs.io/en/master/user/quickstart/#custom-headers – Luv Apr 28 '20 at 14:02
  • FYI https://stackoverflow.com/questions/29931671/making-an-api-call-in-python-with-an-api-that-requires-a-bearer-token – Luv Apr 28 '20 at 14:03
  • @Sri , Token will expire in some time. If you have to call login API in order to get token then what is the use of 'auth' param in requests.get(URL, auth=(username,password))? – Vivek Kumar Apr 28 '20 at 14:06
  • @Luv please find my above comment . – Vivek Kumar Apr 28 '20 at 14:09
  • 1
    Usually auth API is a post request. Can you reconfirm it is a get. Then the server should not be looking for a token. – Luv Apr 28 '20 at 14:13
  • @Luv Actually i need to call a API which auth token. For get request also same error will come because its required auth token. – Vivek Kumar Apr 28 '20 at 14:59
  • The auth request you are making, try requests.post instead of requests.get and then use that auth token you receive in further API calls. – Luv Apr 28 '20 at 15:19
  • @Luv Fetching token from login api and pass it in another api header will work , but my point here is "what is the use of 'auth' param in requests.get(URL, auth=(username,password))?" – Vivek Kumar Apr 28 '20 at 15:28

1 Answers1

0

Here is (from a high-level point of view) the mechanism behind requests:

When the request is constructed request(method, url, **kwargs) only the method and url arguments are mandatory the rest are optional:

:param auth: (optional) Auth tuple to enable Basic/Digest/Custom HTTP Auth.

Afterwards from the methods perspective:

def get(url, params=None, **kwargs):
    r"""Sends a GET request.
    :param url: URL for the new :class:`Request` object.
    :param params: (optional) Dictionary, list of tuples or bytes to send
        in the query string for the :class:`Request`.
    :param \*\*kwargs: Optional arguments that ``request`` takes.
    :return: :class:`Response <Response>` object
    :rtype: requests.Response
    """

    kwargs.setdefault('allow_redirects', True)
    return request('get', url, params=params, **kwargs)

def post(url, data=None, json=None, **kwargs):
    r"""Sends a POST request.
    :param url: URL for the new :class:`Request` object.
    :param data: (optional) Dictionary, list of tuples, bytes, or file-like
        object to send in the body of the :class:`Request`.
    :param json: (optional) json data to send in the body of the :class:`Request`.
    :param \*\*kwargs: Optional arguments that ``request`` takes.
    :return: :class:`Response <Response>` object
    :rtype: requests.Response
    """

    return request('post', url, data=data, json=json, **kwargs)

For get and post mandatory argument is the url and the others are default or optional.

Many web services may require authentication like HTTP Basic Auth. This is the simplest kind, and Requests supports it straight out of the box.

from requests.auth import HTTPBasicAuth
requests.get('http://host:port/api/users', auth=('user', 'pass'))

Which is the same with

from requests.auth import HTTPBasicAuth
requests.get('http://host:port/api/user', auth=HTTPBasicAuth('user', 'pass'))

So basically it's very important how the API was implemented from the authentication point of view (HTTPBasicAuth, HTTPDigest Authentication, OAuth1). Based on this you can use the appropriate module(within requests) in order to authenticate.

Hope this helps

dejanualex
  • 3,872
  • 6
  • 22
  • 37
  • Fetching token from login api and pass it in another api header will work , but my point here is "what is the use of 'auth' param in requests.post(URL, auth=(username,password))?" – Vivek Kumar Apr 28 '20 at 15:27
  • Thanks for your explanation. In my case Bearer Authentication token is used by the API which i need to call . So Which one will preferred to use (HTTPBasicAuth, HTTPDigest Authentication, OAuth1) ? – Vivek Kumar Apr 29 '20 at 05:27