我正在尝试使用 GoodData API 进行身份验证/登录,但遇到了问题。在 GoodData API 文档站点 (docs.gooddata.apiary.io) 上,它说要 POST 到:
网址:
标题:
Accept: application/json Content-Type: application/json
JSON 正文:
{"postUserLogin":{"login":"user@company.com","password":"YourPassword","remember":1}}
我收到“私有 API,请提供私有哈希”的响应。有什么想法吗?
【问题讨论】:
标签: api authentication gooddata
更新后的 GoodData API 文档和 API 控制台位于 https://developer.gooddata.com/api
此调用的登录 URL 实际上是https://secure.gooddata.com/gdc/account/login
使用相同的有效负载(您的凭据而不是示例),您将能够登录并获取在 SetCookie 标头中返回的 SST 令牌。
请记住登录过程是:
另外,请记住 TT 令牌的有效期有限。收到 401 Unauthorized Response 后,您需要在以下资源中获取新的 TT Token,并在调用标头中指定 SST Token。
【讨论】:
关于 GoodData Apiary 我在 CURL 中有示例
第一步 - 发布到https://secure.gooddata.com/gdc/account/login:
jirka@x230:~$ curl --include --header "Accept: application/json" --header "Content-Type: application/json" --request POST --data-binary "{\"postUserLogin\":{\"login\":\"jiri.simon@gooddata.com\",\"password\":\"`cat my_pass.txt`\",\"remember\":1}}" "https://secure.gooddata.com/gdc/account/login"
HTTP/1.1 200 OK
X-GDC-REQUEST: 7AEoVKre3lTF8sUV
Server: Apache
Set-Cookie: GDCAuthTT=; path=/gdc; expires=Sat, 07-Sep-2013 22:16:26 GMT; secure; HttpOnly
Set-Cookie: GDCAuthSST=jcftYGCC3u6pkNRK; path=/gdc/account; expires=Wed, 23-Oct-2013 22:16:26 GMT; secure; HttpOnly
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
X-GDC-REQUEST-TIME: 69
Content-Type: application/json;charset=UTF-8
Content-Length: 143
Accept-Ranges: bytes
Date: Mon, 07 Oct 2013 22:16:26 GMT
X-Varnish: 2109577795
Age: 0
Via: 1.1 varnish
Connection: keep-alive
{"userLogin":{"profile":"/gdc/account/profile/254c399a3f5131b7026313d4f8761410","state":"/gdc/account/login/254c399a3f5131b7026313d4f8761410"}}
第二步是使用 SST 从第一步的响应中获取 GDCAuthTT:
jirka@x230:~$ curl --include --header "Cookie: $Version=0; GDCAuthSST=jcftYGCC3u6pkNRK; $Path=/gdc/account" --header "Accept: application/json" --header "Content-Type: application/json" https://secure.gooddata.com/gdc/account/tokenHTTP/1.1 200 OK
X-GDC-REQUEST: GqPnYyk3pKAW5eju
Server: Apache
Set-Cookie: GDCAuthTT=h3CUUg72U2SLhL7Tghj_TVnba6byjgj3L78aJkSFuoji_0DiqXGRYY7C1zWDa-2yIa0Aj3-MuVlWPdNSx7N7CDzM7w21Fl6OaMjuF-98bV6cRx34HW-ql6IGt6ufWo_U5fQa2QqU6b-F0MsGE6orDC6ZMt2anJQdATNYsHfELiB7ImwiOiIwIiwidSI6IjE3Mzk4NyIsImsiOiJiZWQyZWU1ZS05YzYxLTRhNWMtOWJlNi05ZTAxZDQ4NjI5NmEiLCJ1aWQiOiIyNTRjMzk5YTNmNTEzMWI3MDI2MzEzZDRmODc2MTQxMCIsInYiOjEzODExODQ4MTZ9; path=/gdc; secure; HttpOnly
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
X-GDC-TIMESTAMP: 600
X-GDC-REQUEST-TIME: 20
Content-Type: application/json;charset=UTF-8
Content-Length: 2
Accept-Ranges: bytes
Date: Mon, 07 Oct 2013 22:16:56 GMT
X-Varnish: 1661889108
Age: 0
Via: 1.1 varnish
Connection: keep-alive
然后您可以使用您的 GDCAuthTT 使用所有其他调用,但此 GDCAuthTT 仅 10 分钟有效,10 分钟后您将获得 401,您必须再次调用上一个命令以获得新的 GDCAuthTT
【讨论】:
或者你可以使用python,代码应该如下所示
jirka@x230:~$ python
Python 2.7.3 (default, Jan 2 2013, 13:56:14)
[GCC 4.7.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from urllib2 import Request, urlopen
>>> from json import dumps
>>> values = dumps({"postUserLogin":{"login":"jiri.simon@gooddata.com","password":"secredpassword","remember":1}})
>>> headers = {"Accept": "application/json", "Content-Type": "application/json"}
>>> request = Request("https://secure.gooddata.com/gdc/account/login", data=values, headers=headers)
>>> response_body = urlopen(request)
>>> print response_body.read()
{"userLogin":{"profile":"/gdc/account/profile/254c399a3f5131b7026313d4f8761410","state":"/gdc/account/login/254c399a3f5131b7026313d4f8761410"}}
>>> print response_body.info()
X-GDC-REQUEST: FnETpOmoAPELJoS1
Server: Apache
Set-Cookie: GDCAuthTT=; path=/gdc; expires=Wed, 08-Jan-2014 20:07:00 GMT; secure; HttpOnly
Set-Cookie: GDCAuthSST=QubuMlx3byz6lta1; path=/gdc/account; expires=Sun, 23-Feb-2014 20:07:00 GMT; secure; HttpOnly
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
X-GDC-LOG-HEADER:
X-GDC-REQUEST-TIME: 53
Content-Type: application/json;charset=UTF-8
Content-Length: 143
Accept-Ranges: bytes
Date: Fri, 07 Feb 2014 20:07:00 GMT
X-Varnish: 1076092393
Age: 0
Via: 1.1 varnish
Connection: close
>>> headers = {"Cookie": "$Version=0; GDCAuthSST=QubuMlx3byz6lta1; $Path=/gdc/account", "Accept": "application/json", "Content-Type": "application/json"}
>>> request = Request("https://secure.gooddata.com/gdc/account/token", headers=headers)
>>> response_body = urlopen(request)
>>> print response_body.read()
{}
>>> print response_body.info()
X-GDC-REQUEST: IyuefQK4mMIm4Vqr
Server: Apache
Set-Cookie: GDCAuthTT=VL_Bum5jjd8cEtFUa6XF5tfVmmiFDn7ZyB6a95kEuhzlQw-D67RIL_8u1E9e_z3yDx2bgHrsVNwX6zY1XRzsVpgtvC7HY2JBWiTtq63_Y-XxQwN9cO9RJO6GwM8WnshREwXXgzUk0vr9U4Gg-a4FnEs5NR4ySWOW1bhjnFSJFG17ImwiOiIwIiwidSI6IjE3Mzk4NyIsImsiOiIxYTZiNzc4ZC0yNDkyLTQ2OWEtODliYy1lNWQ1OWU1ODAyNDUiLCJ1aWQiOiIyNTRjMzk5YTNmNTEzMWI3MDI2MzEzZDRmODc2MTQxMCIsInYiOjEzOTE4MDQzMjV9; path=/gdc; secure; HttpOnly
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
X-GDC-TIMESTAMP: 600
X-GDC-LOG-HEADER:
X-GDC-REQUEST-TIME: 30
Content-Type: application/json;charset=UTF-8
Content-Length: 2
Accept-Ranges: bytes
Date: Fri, 07 Feb 2014 20:08:45 GMT
X-Varnish: 1076094531
Age: 0
Via: 1.1 varnish
Connection: close
【讨论】:
GoodData 身份验证也在以下库中实现:
【讨论】: