What is Authorization?

Added by Niklas over 5 years ago

After succesful login using a modified version of the Python sample code

https://api.test.nordnet.se/projects/api/wiki/Python_example

I try to use the GET markets request with the following code

params = urllib.urlencode({'Authorization': sessionKey})
conn.request('GET','/next/'+API_VERSION+'/countries',params,headers)
r=conn.getresponse()
response=r.read()
j = json.loads(response)
print_json(j)

sessionKey is the session_key I got from the POST login request. The GET markets documentation describes Authorization as “Basic auth. The session_id should be sent as both username and password”. I suspect this is not session_key, but what is it then?


Replies (6)

RE: What is Authorization? - Added by Lars over 5 years ago

Authorization ska vara

"Basic " + base64_encode("session_key:session_key")

(symboliskt skrivet, du får själv göra Pythonkod av det)

RE: What is Authorization? - Added by Niklas over 5 years ago

Thanks Lars, but I still don’t get it. One version of my code is the following:

print 'sessionKey: ' + sessionKey
b64SessionKey = base64.b64encode(sessionKey)
print 'b64SessionKey; ' + b64SessionKey
params = urllib.urlencode({"Basic " + b64SessionKey: b64SessionKey})
conn.request('GET','/next/'+API_VERSION+'/countries',params,headers)
r=conn.getresponse()
response=r.read()
j = json.loads(response)
print_json(j)

it produces the output

sessionKey: 79fda770f1b5b2e367b9e0220eccd3b90bdb4719
b64SessionKey; NzlmZGE3NzBmMWI1YjJlMzY3YjllMDIyMGVjY2QzYjkwYmRiNDcxOQ== |code:NEXT_INVALID_SESSION

An alternative version, which is perhaps closer to my understanding of your suggestion is

b64SessionKeySessionKey = base64.b64encode(sessionKey ':' + sessionKey)
params = urllib.urlencode({"Basic " + b64SessionKeySessionKey})
conn.request('GET','/next/'+API_VERSION
'/countries',params,headers)
r=conn.getresponse()
response=r.read()
j = json.loads(response)
print_json(j)

it produces a type error in the urlencode function call
Please advise or point me to somewhere where I can read the necessary to understand how this works. Thanks!

RE: What is Authorization? - Added by Lars over 5 years ago

I'm not sure exactly what your code does, but the header you send should be the string

"Authorization: Basic " + base64encode(session_key + ":" + session_key)

More at http://tools.ietf.org/html/rfc2617#page-5, keeping in mind that in this case both userid and password should be the session_key.

RE: What is Authorization? - Added by Lars over 5 years ago

One more thing, "Authorization:..." is a header field, not a parameter.

RE: What is Authorization? - Added by peter over 5 years ago

Hi after a bunch of tries using python and specifically the requests package I got the following to work:
(Note, I hardcoded links etc)

import requests
import json
import time
import base64
from M2Crypto import RSA

username = .....
password = .....

url = 'https://api.test.nordnet.se/next/2/login/'

headers = {"Accept": "application/json"}

timestamp = int(round(time.time() * 1000))
timestamp = str(timestamp)

buff = base64.b64encode(username) + \
':' + \
base64.b64encode(password) + \
':' \
+ base64.b64encode(timestamp)
rsa = RSA.load_pub_key('NEXTAPI_TEST_public.pem')
encrypted_hash = rsa.public_encrypt(buff, RSA.pkcs1_padding)
hash_key = base64.b64encode(encrypted_hash)

params = {'service': 'NEXTAPI', 'auth': hash_key}

a = requests.post(url, data=params, headers=headers)

print a.text

data = a.json()

session_key = data["session_key"]

b = requests.get('https://api.test.nordnet.se/next/2/login/', auth=(session_key, session_key), headers=headers)

print 'b = ', b.text

c = requests.get('https://api.test.nordnet.se/next/2/realtime_access', auth=(session_key, session_key), headers=headers)

print 'c = ', c.text

d = requests.get('https://api.test.nordnet.se/next/2/countries', auth=(session_key, session_key), headers=headers)

print 'd = ', d.text

Hope this helps!

/Peter

RE: What is Authorization? - Added by Niklas over 5 years ago

Thanks Peter. I have tried more or less everything without using the requests package. Your code works for me!

(1-6/6)