Upcoming API Changes - Please Read

gibertigiberti SmugMug SorcererPosts: 11Registered Users Big grins

Hello Developers,
There are some important changes coming that may affect you. Please read carefully.

Requiring TLS (https):
Effective June 11th, 2018, SmugMug will begin requiring all API traffic to be secured using standard TLS 1.1 (or greater) encryption. For most platforms, this should be as simple as switching your API endpoints from http://api.smugmug.com/ to https://api.smugmug.com/ but may require additional work if you are using out of date software.

Upgrading API version:
In an effort to ensure we continue to provide the best possible experience for developers, we are going to be disabling two of our older legacy API versions. Developers looking to leverage the most current features SmugMug offers will need to consider moving to our APIv2 platform. An easier path for some developers will be to migrate to API 1.3, which has a very similar syntax to the older API versions.

The timeline for turning off the old API versions is:

  • API 1.1: May 21st, 2018
  • API 1.2: June 11th, 2018

SmugMug Sorcerer

APIv2 and OAuth are your friend! Having issues? Just ask, I can help!


  • Jeffrey FriedlJeffrey Friedl Beginner grinner Posts: 8Registered Users Big grins

    Where is the documentation for 1.3?

    Do you have an ETA for when v2 will leave beta?

  • SidD726SidD726 IndiaPosts: 1Registered Users Beginner grinner
    How to I get SessionId using api.
    As I have gone through the api documentation but there is no api request url to get SessionId. Please let me know asap.
    Thank you
  • HZoneHZone Beginner grinner Posts: 3Registered Users Beginner grinner
    Hi Smugmug support,

    > @"Jeffrey Friedl" said:
    > Where is the documentation for 1.3?
    > Do you have an ETA for when v2 will leave beta?

    Jeffrey is the author of a popular plugin to allow publishing from Lightroom to Smugmug, jf smugmugg. Photographers such as myself relly on this plugin due to its flexible and poweful processing of keywords and other Metadata. The withdawal of older API versions has broken this plugin for all users, significantly reducing the overall value of Smugmug as a platform for many users. Please can I urge you to provide Jeffrey with as much support as possible to transition to an updated/supported version of the API. I would also urge you to temporarily reinstate the older versions to provide a more reasonable amount of time for developers to transition. It must have been possible to tell from your sever logs that common plugins such as this where still using the old API versions and to provide targeted warnings both to developers and users of your intention to withdaw support?

    Regards Ian Hardy
  • havezethavezet Posts: 1Registered Users Beginner grinner
    Hello all,

    I'm in the process of moving from API 1.2.2 to 1.3.0. The switch to OAuth went smooth and all standard API methods works fine, including signing of the query strings.

    But...I can not get the upload to work. I'm using a POST to https upload dot smugmug dot com URL (sorry, but I can't post links here) but I keep getting error 35=Authorization failed. I've tried about everything but without more details why my AUthorization header is disapproved I'm somewhat in the dark and so would appreciate some extra eyes looking at it.

    The headers I'm sending is (changed values for X-Smug-AlbumID, oauth_consumer_key, and oauth_token):

    Content-Type: image/jpeg
    Content-Length: 158254
    Content-MD5: f61f8b1b968936b5693e41291590bdc3
    X-Smug-AlbumID: 99999999
    X-Smug-Title: My Title
    X-Smug-Caption: My Caption
    X-Smug-FileName: 040124-Canon EOS 10D-IMG_1805(001).jpg
    X-Smug-Keywords: Tag
    X-Smug-Hidden: false
    X-Smug-ResponseType: REST
    X-Smug-Version: 1.3.0
    Authorization: OAuth oauth_consumer_key="my key",oauth_nonce="1D703FBF257B4243AC9D3080011640FA",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1529150836428",oauth_token="token",oauth_version="1.0",oauth_signature="owx6H9eszOe9E2QBsdFyshl97Ko%3D"

    This is the string that was signed;
    POST&https%3A%2F%2Fupload.smugmug.com%2F&oauth_consumer_key%3Dmy key%26oauth_nonce%3D1D703FBF257B4243AC9D3080011640FA%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1529150836428%26oauth_token%3Dtoken%26oauth_version%3D1.0

    What am I overlooking here? Any clues why the server disapproves my upload requests with error code 35?

    Thank you
Sign In or Register to comment.