1

I have an account on the website: https://dev.yuride.network/
I am using it for testing purposes. There is a particular API that I am getting issues with
https://dev.yuride.network/api/users/me/
I am making GET request to the above URL and passing the access token like:
response = requests.get(url, headers={'accesstoken': accessToken})
The access token is obtained by making an API call to
https://dev.yuride.network/api/token/?name=xyz and passing payload data with
username and password this API is successfully returning the access token with JSON

{
"access":"asdsad",
"refresh":"asdasd"
}

But the request requests.get(URL, headers={'accesstoken': accessToken}) is failing
I am not sure if I am passing the header the wrong way or the key to be used should be
different than the accesstoken that I am using

I copied the curl command from the inspect tab while going to /api/user/me from the address bar :

curl 'https://dev.yuride.network/api/users/me/' \
  -H 'authority: dev.yuride.network' \
  -H 'pragma: no-cache' \
  -H 'cache-control: no-cache' \
  -H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Microsoft Edge";v="99"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Windows"' \
  -H 'upgrade-insecure-requests: 1' \
  -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36 Edg/99.0.1150.55' \
  -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
  -H 'sec-fetch-site: none' \
  -H 'sec-fetch-mode: navigate' \
  -H 'sec-fetch-user: ?1' \
  -H 'sec-fetch-dest: document' \
  -H 'accept-language: en-US,en;q=0.9' \
  -H 'cookie: saml_session=aayrv7sksot1ooztihpht7svi5cydcet; csrftoken=6sQYPXR7ldqU5LCuR19DkUvsRbWmyll4TamiM4DqjKQdzWTh4u3TGkvI8ZwgGYbp; sessionid=5r6v6uk5vv3aufyt82np2guxn30pa3gu' \
  --compressed

The above command runs fine on bash shell. It doesn't have any access token

chintu
  • 53
  • 1
  • 5
  • 1
    Providing **Reproducible** code snippets will make it easier for us to help you. https://stackoverflow.com/help/minimal-reproducible-example – mr bean Apr 02 '22 at 14:50
  • Are you sure that `accesstoken` is the right header key? I strongly believe that `access_token` or `accessToken` are far more common. – Malsesto Apr 02 '22 at 14:57
  • Have you tried `headers={"Access-Token": accessToken}`? – Hai Vu Apr 02 '22 at 14:59
  • @Malsesto I tried access_token and accessToken none of them worked. I am not sure if accesstoken is the right header key. I have access to the website. So if I log in there I am able to navigate to api/users/me page. I checked the request headers in chrome inspect but there was no access token instead a `cookie` with `csrftoken` and `sessionid` – chintu Apr 02 '22 at 15:39
  • @HaiVu I tried it. Didn't work. The website doesn't mention the exact header. But since the API /api/token returns the access and refresh tokens there could be a way to access the API /api/users/me programmatically – chintu Apr 02 '22 at 15:42
  • @chintu You can try to connect to the api with [postman](https://postman.com) first. There you have a nice GUI and tons of possibilities to explore APIs and how to connect to them and once you get your desired result you can simply copy-paste python code. And maybe explore your docs :) – Malsesto Apr 02 '22 at 16:52
  • @Malsesto, I will try postman. But what could be making the GET call from chrome work? I am pasting a screenshot of it – chintu Apr 02 '22 at 17:23
  • What if you change it to a POST-call? Because you say that you pass username and password as payload which implies that you have to use POST. Passing payload in GET is discussed [here](https://stackoverflow.com/questions/978061/http-get-with-request-body) – Malsesto Apr 02 '22 at 19:14
  • Have you tried `headers={'Authorization': f'Bearer {your_token}'}` ? – Speedlulu Apr 04 '22 at 07:46

0 Answers0