f4b10 said: Hello there, new here and new to programming. I am trying to simulate responses from the API endpoints with postman. I have managed to get data from the public endpoints and the user anime's list. However I cannot use the 'get user' endpoint since it requires OAuth 2.0. Can anyone or @ZeroCrystal show me an example of how to do a postman GET request of the endpoint (https://api.myanimelist.net/v2/users/{user_name})? The docs are quite overwhelming for beginners and I feel like they could be more explicit. Whenever I fill postman's authorization tab with the info I got I get a {"error":"invalid_client","message":"Client authentication failed"} message when trying to get a new access token. Hi! I'll assume that you already have an Access Token since you'll need it to call any "private" endpoint. There's probably a specific option in Postman, but the easiest way to call such endpoints is to add an HTTP header named "Authorization" with the value "Bearer XXX" (where XXX is your Access Token). For example: URL GET https://api.myanimelist.net/v2/users/@me?fields=id,name,anime_statistics Headers Authorization: Bearer a1b2c3d4 Response {
"id": 5292566,
"name": "ZeroCrystal",
[...],
"anime_statistics": {
"num_items_watching": 8,
"num_items_completed": 718,
[...],
"mean_score": 6.48
}
} |
 ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
ZeroCrystal said: f4b10 said: Hello there, new here and new to programming. I am trying to simulate responses from the API endpoints with postman. I have managed to get data from the public endpoints and the user anime's list. However I cannot use the 'get user' endpoint since it requires OAuth 2.0. Can anyone or @ZeroCrystal show me an example of how to do a postman GET request of the endpoint (https://api.myanimelist.net/v2/users/{user_name})? The docs are quite overwhelming for beginners and I feel like they could be more explicit. Whenever I fill postman's authorization tab with the info I got I get a {"error":"invalid_client","message":"Client authentication failed"} message when trying to get a new access token. Hi! I'll assume that you already have an Access Token since you'll need it to call any "private" endpoint. There's probably a specific option in Postman, but the easiest way to call such endpoints is to add an HTTP header named "Authorization" with the value "Bearer XXX" (where XXX is your Access Token). For example: URL GET https://api.myanimelist.net/v2/users/@me?fields=id,name,anime_statistics Headers Authorization: Bearer a1b2c3d4 Response {
"id": 5292566,
"name": "ZeroCrystal",
[...],
"anime_statistics": {
"num_items_watching": 8,
"num_items_completed": 718,
[...],
"mean_score": 6.48
}
}Thank you for the reply ZeroCrystal. However, I don't have an Access token, I am struggling with that since I don't know how to get it and when I registered the client ID I didn't get any other info just the client secret and the ID. |
f4b10 said: Thank you for the reply ZeroCrystal. However, I don't have an Access token, I am struggling with that since I don't know how to get it and when I registered the client ID I didn't get any other info just the client secret and the ID. I see. Did you try following my guide (here) or the official documentation? |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
ZeroCrystal said: f4b10 said: Thank you for the reply ZeroCrystal. However, I don't have an Access token, I am struggling with that since I don't know how to get it and when I registered the client ID I didn't get any other info just the client secret and the ID. I see. Did you try following my guide (here) or the official documentation? After re-reading I have realised that I was messing up on step 2 and thinking it was step 4. My bad! On step 2 the preview page I get is a login/signup page instead of the allow access page, is this normal? |
f4b10 said: After re-reading I have realised that I was messing up on step 2 and thinking it was step 4. My bad! On step 2 the preview page I get is a login/signup page instead of the allow access page, is this normal? No, if you're getting a pop-up asking for your username and password it means that you mistyped one of the parameters. The most common mistake is passing a different redirect_uri from the one you set on the API panel. It must be exactly the same string, so pay attention to pending slashes in the URL and the protocol used (http:// vs https://). |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
Just to be clear: did you get a standard pop-up like the one shown below or a regular HTML page with MAL's logo? |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
ZeroCrystal said: Just to be clear: did you get a standard pop-up like the one shown below or a regular HTML page with MAL's logo? Apologies for the late answer! It shows a pop up image from MaL but not this one. I decided to put this project on hold.  |
f4b10 said: Apologies for the late answer! It shows a pop up image from MaL but not this one. I decided to put this project on hold. That's the regular login screen. You must be logged in to approve the request. It's easier if you open that link on your browser rather than using Postman, and then use the returned authorization code to get your Access Token. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
| Hi @blackanimegirl! I have a few questions: what are the redirect URLs you added on the API panel? More specifically, how are you opening the login page? Are you using your web browser? What kind of application are you building? localhost is a valid redirect URL, so I guess you've misconfigured something on your end. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
This is a reCAPTCHA-related error message, so I'm not sure you're using the API properly. How do you listen for the incoming request sent when a user authorises your application? I don't think you can add a custom HTTP listener straight into the browser. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
| the url http://localhost:8080/authenticated is another endpoint my backend (running locally) is expecting the redirect to come to so I can get the authorization code. Maybe this isn't the correct assumption This is what my config looks like in mal  |
blackanimegirlMar 6, 2023 10:29 PM
blackanimegirl said: This is what my config looks like in mal Everything looks fine in the API panel. Can you share with us the code you're running to manage the authentication process? |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
Ezevkyx said: I am trying to generate an access token on postman but everytime i receive 400 Bad Request. Hi! Can you send a screenshot of the request's body? (Please, redact your Client ID/Secret before posting) Also, how many redirect URLs did you set on the API panel here on MAL? |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
ZeroCrystal said: Thank you for your reply!Ezevkyx said: I am trying to generate an access token on postman but everytime i receive 400 Bad Request. Hi! Can you send a screenshot of the request's body? (Please, redact your Client ID/Secret before posting) Also, how many redirect URLs did you set on the API panel here on MAL? I only set up one URL to my GitHub. After redirected I received the code and followed the next steps ... unssuccessfull...  |
EzevkyxMar 9, 2023 4:56 AM
| @Ezevkyx, your issue is very simple: you're sending all the parameters as part of the URL's query string, which is wrong. Instead, they must be form-URL encoded and sent as part of the body of the POST request. In Postman, you can achieve this by moving them to the Body tab and selecting x-www-form-urlencoded. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
Mrx3110 said: Is OAuth2.0 the only authentication method available? I was trying to create a Console Application to retrieve data related to my user and I was wondering if I could achieve that with the basic client_credentials flow. Hi! It depends on what kind of information you need. Anime and manga lists can be accessed without authentication (read here), but profile/account information can only be retrieved using an Access Token. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
Mrx3110 said: I'd like to access a set of user informations, but since I'd be doing that using a console app I was wondering if I can retrieve an access token using the standard client_credential flow instead of oauth2 Unfortunately, the client credentials flow is unsupported by MAL. If the token-less alternative I've linked in my previous post doesn't fit your needs, this is the general procedure you can follow to build a native application:
If you don't wish to implement an HTTP server you can simply ask your users to manually copy-paste the authorisation code into your application. Either way, this entire procedure only has to be carried out once. After obtaining your access and refresh tokens, you can keep using them for as long as needed. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
nikitaku said: Do I only need the code_verifier and set it as the challenge and verifier that I use later? Hi! Your intuition is correct. Currently, MAL only supports the plain code challenge method. In short, the code verifier and the code challenge must be the same string. You don't have to hash anything. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
| EDIT: it looks like you solved it by yourself :) @lowzyyy: Unfortunately, you cannot use the API straight from your browser as the server doesn't return the appropriate CORS headers. On the other hand, you shouldn't have any problem using Node.js or any other kind of back-end. Your issue is that you are JSON-encoding the body of the second request, but it must be form-URL encoded (e.g. using URLSearchParams or any alternative method to format it). |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
ZeroCrystal said: On the other hand, you shouldn't have any problem using Node.js or any other kind of back-end. Your issue is that you are JSON-encoding the body of the second request, but it must be form-URL encoded (e.g. using URLSearchParams or any alternative method to format it). Thanks, even with urlsearchparams i get the same 400 error:  |
lowzyyy said: Thanks, even with urlsearchparams i get the same 400 error The response body should contain a more precise error message, can you show it to me? Also, how many redirect URLs did you set on the API panel? |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
lowzyyy said: Found the problem. When you are getting code you have to use the same verifier but i generated new verifier at every start of the app and i was getting the error from curl {"error":"invalid_request","message":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.","hint":"Authorization code has expired"}Great. The code verifier/challenge must be the same for both requests, but it's also important to remember that the authorization code (the code field) has a very short lifetime (I believe it expires after five minutes but I should double-check it). You won't be able to issue a new token using an authorization code you obtained e.g. ten minutes ago. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
lowzyyy said: Edit: actually i menaged to refresh token without sending code and code_verifier, just (client_id, client_secret, grant_type, refresh_token)...Docs are confusing Yep, the documentation can be rather confusing. There's no need for user interaction to refresh a token, it can be automated quite easily. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
| I have managed to successfully get an access token, but I had to copy and paste the authorization code from the redirect URL. I was wondering if there is a way to get the authorization code from the redirect URL without having to copy and paste it? |
  MALoween 2023 Candies |  x 5        |
Reply to musubi3
I have managed to successfully get an access token, but I had to copy and paste the authorization code from the redirect URL. I was wondering if there is a way to get the authorization code from the redirect URL without having to copy and paste it?
| @musubi3 Hi! It depends on your platform, but if you're developing a desktop or mobile app you have two main options. Before opening the authorization URL in the browser, you can start a local HTTP server and use localhost as your redirect URL. After receiving the token, you can terminate the local server. Alternatively, but this only applies to some devices, you can use private-use URI schemes as your redirect URL so that you don't have to listen for incoming HTTP requests. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
Reply to ZeroCrystal
@musubi3 Hi! It depends on your platform, but if you're developing a desktop or mobile app you have two main options.
Before opening the authorization URL in the browser, you can start a local HTTP server and use localhost as your redirect URL. After receiving the token, you can terminate the local server.
Alternatively, but this only applies to some devices, you can use private-use URI schemes as your redirect URL so that you don't have to listen for incoming HTTP requests.
Before opening the authorization URL in the browser, you can start a local HTTP server and use localhost as your redirect URL. After receiving the token, you can terminate the local server.
Alternatively, but this only applies to some devices, you can use private-use URI schemes as your redirect URL so that you don't have to listen for incoming HTTP requests.
| @ZeroCrystal Thank you |
MALoween 2023 Candies | x 5 |
Reply to hatsunemiku97
@Uchuuu how to get the My_AUTH_CODE and MY_CODE_VERIFIER?
| @hatsunemiku97 Hi! The Code Verifier and the Code Challenge must be the same string, which has to be randomly generated by your application. The Authorization Code is the one returned by the server after the user has approved your request. Did you check my guide on how to get an Access Token? |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
| @KaoriPianoNotes: That sounds weird, but I think it's related to how you set up deep linking in your app. You can read more here: https://docs.flutter.dev/ui/navigation/deep-linking Can you open a simple deep link into your app? It doesn't have to produce any meaningful result, it's just for testing purposes (e.g., myanimelistcollection://test?msg=HelloWorld). |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
More topics from this board
» [discontinued] I made a webapp to compare plan-to-watch listsdaux - Apr 16, 2022 |
33 |
by daux
»»
Oct 2, 4:17 PM |
|
» Requesting additional authorizationsSomeNewGuy - Aug 18 |
1 |
by ZeroCrystal
»»
Aug 22, 8:31 AM |
|
» Scraping from HTML suggested rateDavenzo - Jan 8, 2023 |
4 |
by 7k72
»»
Jun 23, 6:35 AM |
|
» Accessing Many Users' Listloukylor - Jun 11 |
0 |
by loukylor
»»
Jun 11, 3:07 PM |
|
» Caching strategy to avoid making additional API callsJakuten - Jun 3 |
4 |
by Jakuten
»»
Jun 8, 11:30 AM |