Code 18: Invalid API key

huffmanhuffman Registered Users Posts: 19 Big grins
I'm able to smugmug.login.withHash using UserID, PasswordHash, and APIkey successfully.
Then I try to smugmug.albums.get with the same APIkey and the new SessionID - but get code 18 - Invalid API key
Even the smugmug.logout that runs after that gets code 18 - Invalid API key - even though the API key is not a required argument.

Anyone have any idea how it's possible that I can login but get complaints about the same API key I used to login?

Bill

Comments

  • David PLDavid PL Registered Users Posts: 80 Big grins
    edited November 24, 2012
    huffman wrote: »
    I'm able to smugmug.login.withHash using UserID, PasswordHash, and APIkey successfully.
    Then I try to smugmug.albums.get with the same APIkey and the new SessionID - but get code 18 - Invalid API key
    Even the smugmug.logout that runs after that gets code 18 - Invalid API key - even though the API key is not a required argument.

    Anyone have any idea how it's possible that I can login but get complaints about the same API key I used to login?

    Bill

    Since you're using the login/logout methods, I assume you're using API 1.2.2 (since 1.3.0 no longer supports those as it requires the use of OAuth for authentication). With that, be sure you are using the 1.2.2 API endpoints (not 1.3.0) for your subsequent interactions with the API. In API 1.2.2, once you obtain a valid SessionID using the login methods, I don't believe you ever need to pass the APIKey to any subsequent API calls. For example, the smugmug.albums.get (in 1.2.2) only requires a valid SessionID.

    Overall, two things that would be good to check:
    1) Make sure you are using 1.2.2 endpoints for your subsequent API calls (such as, smugmug.albums.get);
    2) Don't pass the APIKey as a parameter to any methods that don't require it. Although the API is well-designed and, in my experience, is implemented to ignore non-applicable parameters, it could be possible by passing the APIKey to some methods that the API does not like it and returns errors.
  • huffmanhuffman Registered Users Posts: 19 Big grins
    edited November 24, 2012
    David PL wrote: »
    Since you're using the login/logout methods, I assume you're using API 1.2.2 (since 1.3.0 no longer supports those as it requires the use of OAuth for authentication). With that, be sure you are using the 1.2.2 API endpoints (not 1.3.0) for your subsequent interactions with the API. In API 1.2.2, once you obtain a valid SessionID using the login methods, I don't believe you ever need to pass the APIKey to any subsequent API calls. For example, the smugmug.albums.get (in 1.2.2) only requires a valid SessionID.

    Overall, two things that would be good to check:
    1) Make sure you are using 1.2.2 endpoints for your subsequent API calls (such as, smugmug.albums.get);
    2) Don't pass the APIKey as a parameter to any methods that don't require it. Although the API is well-designed and, in my experience, is implemented to ignore non-applicable parameters, it could be possible by passing the APIKey to some methods that the API does not like it and returns errors.


    Thank you, David, for your help -- especially the note that the APIkey isn't needed in most calls. I had somehow set that up more than a year ago even though it's not necessary.

    I am, indeed, using API 1.2.2 as I should have included in my question, and I am using the 1.2.2 endpoints. The API key I'm using matches the one shown in my account settings. I also should have included the fact that the same code has been working for more than a year. I believe it last worked on Nov 2, 2012.

    I removed the API key from all the requests except the login. .....And get exactly the same behavior. headscratch.gif
  • David PLDavid PL Registered Users Posts: 80 Big grins
    edited November 25, 2012
    huffman wrote: »
    Thank you, David, for your help -- especially the note that the APIkey isn't needed in most calls. I had somehow set that up more than a year ago even though it's not necessary.

    I am, indeed, using API 1.2.2 as I should have included in my question, and I am using the 1.2.2 endpoints. The API key I'm using matches the one shown in my account settings. I also should have included the fact that the same code has been working for more than a year. I believe it last worked on Nov 2, 2012.

    I removed the API key from all the requests except the login. .....And get exactly the same behavior. headscratch.gif

    I just tried to replicate your issue on some old code of mine that used 1.2.2 but the API methods all returned successful responses. Specifically, I did the following:
    • Called smugmug.login.withPassword (in order to get a hash for the next call, to more closely follow your described scenario)
    • Called smugmug.login.withHash with the UserID and PasswordHash returned by the previous call
    • Called smugmug.albums.get with the SessionID returned by the previous call

    The only thing I can think is that somehow the SessionID that you are getting from the log-in call is somehow not valid or else somehow being corrupted in your code before being passed in your code in your subsequent API calls. For example, for testing I passed an erroneous SessionID to smugmug.albums.get and get that same error you are getting (Error 18 - Invalid API Key).

    If you haven't already, you might want to try to do a trace on the SessionID that is in the response from smugmug.login.withHash and ensure that your code is passing the exact same SessionID in your subsequent API calls. Given that you indicated your code used to work, I wouldn't think that would be an issue, but I'm not sure what else for you to try.
  • huffmanhuffman Registered Users Posts: 19 Big grins
    edited November 25, 2012
    David PL wrote: »
    I just tried to replicate your issue on some old code of mine that used 1.2.2 but the API methods all returned successful responses. Specifically, I did the following:
    • Called smugmug.login.withPassword (in order to get a hash for the next call, to more closely follow your described scenario)
    • Called smugmug.login.withHash with the UserID and PasswordHash returned by the previous call
    • Called smugmug.albums.get with the SessionID returned by the previous call

    The only thing I can think is that somehow the SessionID that you are getting from the log-in call is somehow not valid or else somehow being corrupted in your code before being passed in your code in your subsequent API calls. For example, for testing I passed an erroneous SessionID to smugmug.albums.get and get that same error you are getting (Error 18 - Invalid API Key).

    If you haven't already, you might want to try to do a trace on the SessionID that is in the response from smugmug.login.withHash and ensure that your code is passing the exact same SessionID in your subsequent API calls. Given that you indicated your code used to work, I wouldn't think that would be an issue, but I'm not sure what else for you to try.

    Thank you again, David. Just to make sure, I did copy out of the trace both the SessionID returned from the smugmug.login.withHash and the SessionID sent with the smugmug.albums.get and compare them character by character. And they were the same.

    I tried changing the SessionID to another value before sending it back and received the same code 18 result, just as you did.

    To remove another possibility, I changed a character of the API key I sent with the smugmug.login.withHash. The login was not successful. I just wanted to eliminate the possibility that the API key really was not OK somehow and that the login somehow ignored that. That doesn't seem to be it either.

    Bill
  • huffmanhuffman Registered Users Posts: 19 Big grins
    edited November 25, 2012
    Partial Solution
    Surprisingly, if I switch to smugmug.login.withPassword instead of smugmug.login.withHash, everything works as expected.

    I wonder if anyone can tell me what these two logins are supposed to work like. Has there been a change recently to the API which changes how smugmug.login.withHash works?

    Bill
Sign In or Register to comment.