What is Authorization?

Added by Niklas over 5 years ago

After succesful login using a modified version of the Python sample code

https://api.test.nordnet.se/projects/api/wiki/Python_example

I try to use the GET markets request with the following code

params = urllib.urlencode({'Authorization': sessionKey})
conn.request('GET','/next/'+API_VERSION+'/countries',params,headers)
r=conn.getresponse()
response=r.read()
j = json.loads(response)
print_json(j)

sessionKey is the session_key I got from the POST login request. The GET markets documentation describes Authorization as “Basic auth. The session_id should be sent as both username and password”. I suspect this is not session_key, but what is it then?


Replies (7)

RE: What is Authorization? - Added by Lars over 5 years ago

Authorization ska vara

"Basic " + base64_encode("session_key:session_key")

(symboliskt skrivet, du får själv göra Pythonkod av det)

RE: What is Authorization? - Added by Niklas over 5 years ago

Thanks Lars, but I still don’t get it. One version of my code is the following:

print 'sessionKey: ' + sessionKey
b64SessionKey = base64.b64encode(sessionKey)
print 'b64SessionKey; ' + b64SessionKey
params = urllib.urlencode({"Basic " + b64SessionKey: b64SessionKey})
conn.request('GET','/next/'+API_VERSION+'/countries',params,headers)
r=conn.getresponse()
response=r.read()
j = json.loads(response)
print_json(j)

it produces the output

sessionKey: 79fda770f1b5b2e367b9e0220eccd3b90bdb4719
b64SessionKey; NzlmZGE3NzBmMWI1YjJlMzY3YjllMDIyMGVjY2QzYjkwYmRiNDcxOQ== |code:NEXT_INVALID_SESSION

An alternative version, which is perhaps closer to my understanding of your suggestion is

b64SessionKeySessionKey = base64.b64encode(sessionKey ':' + sessionKey)
params = urllib.urlencode({"Basic " + b64SessionKeySessionKey})
conn.request('GET','/next/'+API_VERSION
'/countries',params,headers)
r=conn.getresponse()
response=r.read()
j = json.loads(response)
print_json(j)

it produces a type error in the urlencode function call
Please advise or point me to somewhere where I can read the necessary to understand how this works. Thanks!

RE: What is Authorization? - Added by Lars over 5 years ago

I'm not sure exactly what your code does, but the header you send should be the string

"Authorization: Basic " + base64encode(session_key + ":" + session_key)

More at http://tools.ietf.org/html/rfc2617#page-5, keeping in mind that in this case both userid and password should be the session_key.

RE: What is Authorization? - Added by Lars over 5 years ago

One more thing, "Authorization:..." is a header field, not a parameter.

RE: What is Authorization? - Added by peter over 5 years ago

Hi after a bunch of tries using python and specifically the requests package I got the following to work:
(Note, I hardcoded links etc)

import requests
import json
import time
import base64
from M2Crypto import RSA

username = .....
password = .....

url = 'https://api.test.nordnet.se/next/2/login/'

headers = {"Accept": "application/json"}

timestamp = int(round(time.time() * 1000))
timestamp = str(timestamp)

buff = base64.b64encode(username) + \
':' + \
base64.b64encode(password) + \
':' \
+ base64.b64encode(timestamp)
rsa = RSA.load_pub_key('NEXTAPI_TEST_public.pem')
encrypted_hash = rsa.public_encrypt(buff, RSA.pkcs1_padding)
hash_key = base64.b64encode(encrypted_hash)

params = {'service': 'NEXTAPI', 'auth': hash_key}

a = requests.post(url, data=params, headers=headers)

print a.text

data = a.json()

session_key = data["session_key"]

b = requests.get('https://api.test.nordnet.se/next/2/login/', auth=(session_key, session_key), headers=headers)

print 'b = ', b.text

c = requests.get('https://api.test.nordnet.se/next/2/realtime_access', auth=(session_key, session_key), headers=headers)

print 'c = ', c.text

d = requests.get('https://api.test.nordnet.se/next/2/countries', auth=(session_key, session_key), headers=headers)

print 'd = ', d.text

Hope this helps!

/Peter

RE: What is Authorization? - Added by Niklas over 5 years ago

Thanks Peter. I have tried more or less everything without using the requests package. Your code works for me!

RE: What is Authorization? - Added by sunh about 1 month ago

I am from another country. My country is 먹튀검증 Even there, your 먹튀검증 and 스포츠중계 related articles are being read.I think it is that influential 꽁머니 After reading 안전놀이터 I am going to read other 토토사이트 as well. I would like to share a little more about 안전놀이터 먹튀검증사이트 yours메이저토토사이트. 메이저안전놀이터 the best. I think it's really good 꽁머니 along with 안전놀이터, our site 토토사이트 also has the same information. We ask for your interest in our site as well. This was the above 먹튀검증 time I have a new site about 안전사설토토사이트 have a new site. It was created for a completely new 먹튀검증커뮤니티, so if you want to check out what's new, please visit 공식안전놀이터
가장확실한먹튀검증커뮤니티 .comHello, I really enjoyed reading your post. 먹튀검증 It's very helpful for me. 먹튀신고 Actually, 먹튀 my friend recommended this article. 먹튀검증업체 My friend recommended me 먹튀커뮤니티 to read it 먹튀사이트검증 because it is really good. 먹튀사이트 So I read it, 메이저놀이터 and it was really good. 메이저안전놀이터추천 I think I did a really good job reading it. 메이저놀이터추천 Actually, I'm doing something similar to you. 메이저놀이터 It's not exactly the same, 사설토토 but we have a lot in common. 메이저사설토토 As for what I do, 사설토토사이트추천 I have uploaded 사설토토사이트 a lot of posts on my website. 사설놀이터 If you're interested,안전놀이터 please visit 토토안전놀이터 and read it. 안전놀이터 You won't regret it. 토토사이트 Above all, 토토추천 I'm so glad to 메이저토토사이트 meet someone who is doing something similar. 먹튀없는토토사이트 I hope you will continue to upload good contents like the current post. 토토사이트추천 Thank you. 토토사이트 Have a nice day.

(1-7/7)