Authentication section of the API help page has a buggy example

josicret

The example in question from help:api:

curl --header "Authorization: Basic $(echo $username:$api_key | base64)" https://danbooru.donmai.us/profile.json

The echo command adds a new line at the end of it's argument. So echo $username:$api_key | base64 actually pipes a new line as part of the argument to base64 and the encoded key is not actually what it should be. This caused me a bit of headache when I was trying to debug a script.

Updated by josicret almost 4 years ago

Reply

nonamethanks

almost 4 years ago

I think that part can be safely removed. All modern libraries support HTTP auth, and if they don't you shouldn't be using them in the first point. What were you trying to do that required a base64 header?

Reply

Nameless Contributor

almost 4 years ago

As far as I know this varies between different shells. For bash you can use echo -n to supress the newline. Maybe the example should use printf instead, this should always behave the same.

Reply

josicret

almost 4 years ago

nonamethanks said:
I think that part can be safely removed. All modern libraries support HTTP auth, and if they don't you shouldn't be using them in the first point. What were you trying to do that required a base64 header?

Maybe I'm misunderstanding how to use the requests library of Python. I'm trying to make an API call using request.get with the auth keyword specified. Since I'm using an api key, I made a custom Authentication type (inheriting from AuthBase) that manually sets the header to use the encoded key (as suggested by requests' documentation)

It ends up looking something like this

requests.get("https://testbooru.donmai.us/posts.json", auth=DanbooruAuth(username, api_key))

Updated by josicret almost 4 years ago

Reply

nonamethanks

almost 4 years ago

josicret said:
Maybe I'm misunderstanding how to use the requests library of Python. I'm trying to make an API call using request.get with the auth keyword specified. Since I'm using an api key, I made a custom Authentication type (inheriting from AuthBase) that manually sets the header to use the encoded key
It ends up looking something like this
requests.get("https://testbooru.donmai.us/posts.json", auth=DanbooruAuth(username, api_key))

Nah, you don't need any of that. Requests supports an "auth" parameter to which you pass username and api key as a tuple.

response = requests.get(
    "https://testbooru.donmai.us/posts.json",
    auth=(username, api_key)
)

Reply

josicret

almost 4 years ago

nonamethanks said:
Nah, you don't need any of that. Requests supports an "auth" parameter to which you pass username and api key as a tuple.
response= requests.get(
    "https://testbooru.donmai.us/posts.json",
    auth=(username, api_key)
)

This could have been due to another bug, but whenever I tried that I got a 401 response: unauthorized. In fact, now that I think about it, it probably was due to another bug (at one point I was using my danbooru api-key for testbooru). Let me double check to see if that works now that I have other things working as I expect

Reply

josicret

almost 4 years ago

nonamethanks said:
Nah, you don't need any of that. Requests supports an "auth" parameter to which you pass username and api key as a tuple.
response = requests.get(
    "https://testbooru.donmai.us/posts.json",
    auth=(username, api_key)
)

Yeah, you're totally right. This works. Thanks!

Reply