Announcement

Collapse
No announcement yet.

response":{"errormessage":["missing_api_signature","Missing API Signat

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Paul M
    replied
    API bugs should be logged in Jira.

    Leave a comment:


  • redraider
    replied
    The problem is with api.php provided by Vbulletin. Since vBulletin refuses to provide any support on their own product or even look at their own code, for anyone who is having issues, here is what I found, hopefully that helps:

    api.php : line 68 - Code fails to check the request type and assign POST parameters to VB_API_PARAMS_VERIFY

    Code:
    unset($_GET['']); // See VBM-835
    $VB_API_PARAMS_TO_VERIFY = $_GET;
    unset($VB_API_PARAMS_TO_VERIFY['api_c'], $VB_API_PARAMS_TO_VERIFY['api_v'], $VB_API_PARAMS_TO_VERIFY['api_s'], $VB_API_PARAMS_TO_VERIFY['api_sig'], $VB_API_PARAMS_TO_VERIFY['debug'], $VB_API_PARAMS_TO_VERIFY['showall'], $VB_API_PARAMS_TO_VERIFY['do'], $VB_API_PARAMS_TO_VERIFY['r']);
    As a result, when the "signature" is checked in includes/init.php - it is incorrect (since init.php assumed VB_API_PARAMS_TO_VERIFY to be empty).

    Here is the fix: Replace line 68 with

    Code:
    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    	$VB_API_PARAMS_TO_VERIFY = $_POST;
    }
    if ($_SERVER['REQUEST_METHOD'] == 'GET') {
    	$VB_API_PARAMS_TO_VERIFY = $_GET;
    At this point, right params are passed and signature is verified.

    Another note, per vbulletin API GET wont work : http://www.vbulletin.com/forum/conte...elated-Methods

    Code:
    Parameters
    POST (Required)
    vb_login_username - Username to login
    Note that one of 3 vb_login_*password* methods is required.
    vb_login_password - The password of the User. If client use this to login, the plain password may be sniffed during the pass in the network
    vb_login_md5password - The md5 password of the User
    vb_login_md5password_utf - The md5 password (Unicode) of the User
    
    POST (Optional)
    logintype - Possible value: 'cplogin' or empty. 'cplogin' means that the login will also allow the user to access the AdminCP if they have permission.
    I am seriously disappointed with the lack of help I received from vBulletin, but there is nothing I can do about it. It was particularly annoying that each time I asked or even tried to reach out to a person who had similar problem I got "shoo to vb.org" response. However, I hope this helps anyone else in similar situation as me to get this working.

    Leave a comment:


  • Zachery
    replied
    For writing c ustom code to connect to vBulletin, vBulletin.org is a better place to hold such a discussion.

    Leave a comment:


  • redraider
    replied
    Hi Mike ... were you able to get this working? I was able to go beyond the API signature part, but keep getting badlogin error.

    Leave a comment:


  • response":{"errormessage":["missing_api_signature","Missing API Signat

    I am trying to get a simple init, and login with the new API working.

    1. I called init


    SignRequest:
    Code:
        public static String signRequest(Init init,
                                         String requestParameters) {
            StringBuilder input = new StringBuilder();
            input.append(requestParameters);
            input.append(init.getApiaccesstoken());
            input.append(init.getApiclientid());
            input.append(init.getSecret());
    
            String signedRequest = "";
    
            try {
                MessageDigest m = MessageDigest.getInstance("MD5");
                m.reset();
                m.update(input.toString().getBytes());
    
                byte[] digest = m.digest();
                BigInteger bigInt = new BigInteger(1, digest);
    
                signedRequest = bigInt.toString();
                /*signedRequest = bigInt.toString(16);
                // Now we need to zero pad it if you actually want the full 32 chars.
                while (signedRequest.length() < 32) {
                    signedRequest = "0" + signedRequest;
                }*/
            } catch (Exception e) {
                //
            }
            return signedRequest;
        }
    then calling the login method:

    Code:
        // Init
        static final String init = "http://www.vbulletin.com/forum/api.php?api_m=api_init&clientname={clientname}&clientversion={clientversion}&platformname={platformname}&platformversion={platformversion}&uniqueid={uniqueid}";
    
        // Login
        static final String login = "http://www.vbulletin.com/forum/api.php?api_m=login_login"+
                "&api_c={clientId}"+
                "&api_s={api_signature}"+
                "&api_v=1"
                ;
    
        public String login() {
            String result = "";
            if (init != null) {
                final QueryString qs = new QueryString(
                        new TreeMap<String, String>() {{
                            put("api_m", "login_login");
                        }});
    
                Map<String, String> vars = new HashMap<String, String>() {{
                    put("clientId", "mickknutson");
                    put("api_signature", signRequest(init, qs.toString()));
                }};
    
                Log.v(Global.TAGS, "--------------------------------------------");
                Log.v(Global.TAGS, "qs: " + qs);
                Log.v(Global.TAGS, "vars: " + vars);
                Log.v(Global.TAGS, "--------------------------------------------");
    
                result = restTemplate.getForObject(ServiceUrls.login, String.class, vars);
                Log.v(Global.TAGS, "result: " + result);
                Log.v(Global.TAGS, "--------------------------------------------");
    
            }
    
            return result;
        }
    My output running the code:

    Code:
    12-18 13:49:54.798: INFO/home(343): init: {"apiversion":1,"apiaccesstoken":"6b11a315610bfd278ce8e216927d0629","bbtitle":"vBulletin Community Forum","bburl":"http:\/\/www.vbulletin.com\/forum","bbactive":1,"forumhome":"forum","vbulletinversion":"4.1.0","contenttypes":{"Album":"8","Announcement":"4","Calendar":"14","Event":"13","Forum":"3","Picture":"9","PictureComment":"10","Post":"1","SocialGroup":"7","SocialGroupDiscussion":"6","SocialGroupMessage":"5","Thread":"2","User":"12","VisitorMessage":"11","BlogComment":"16","BlogEntry":"15","Article":"18","ContentNode":"19","PhpEval":"23","Section":"17","StaticPage":"22","Issue":"21","Project":"20"},"features":{"blogenabled":true,"cmsenabled":true,"pmsenabled":true,"searchesenabled":true,"groupsenabled":true,"albumsenabled":true,"friendsenabled":true,"visitor_trackingenabled":true,"visitor_messagingenabled":true,"multitypesearch":true,"taggingenabled":true},"permissions":{"usergroupid":1,"title":"Unregistered \/ Not Logged In","usertitle":"Guest","canmodifyprofile":1,"pmsendmax":5,"genericoptions":120,"description":"","passwordexpires":0,"passwordhistory":0,"pmquota":0,"opentag":"","closetag":"","forumpermissions":720911,"pmpermissions":3,"calendarpermissions":49,"wolpermissions":0,"adminpermissions":0,"genericpermissions":33558595,"canoverride":0,"ispublicgroup":0,"attachlimit":0,"avatarmaxwidth":-1,"avatarmaxheight":-1,"avatarmaxsize":-1,"profilepicmaxwidth":-1,"profilepicmaxheight":-1,"profilepicmaxsize":-1,"featurepermissions":0,"bugpermissions":0,"blogpermissions":0,"contentpermissions":0,"signaturepermissions":0,"sigpicmaxwidth":-1,"sigpicmaxheight":-1,"sigpicmaxsize":-1,"sigmaximages":-1,"sigmaxsizebbcode":-1,"sigmaxchars":-1,"sigmaxrawchars":-1,"sigmaxlines":-1,"ptpermissions":16,"vbblog_general_permissions":516464,"vbblog_entry_permissions":7744,"vbblog_comment_permissions":960,"visitormessagepermissions":16,"socialgrouppermissions":133312,"usercsspermissions":247,"albumpermissions":192,"albumpicmaxwidth":600,"albumpicmaxheight":600,"albummaxpics":100,"albummaxsize":0,"genericpermissions2":0,"vbblog_customblocks":0,"vbblog_custompages":0,"pmthrottlequantity":0,"groupiconmaxsize":65535,"maximumsocialgroups":5,"vbcmspermissions":0},"show":{"search_engine":false,"old_explorer":false,"rtl":false,"admincplink":false,"modcplink":false,"registerbutton":true,"searchbuttons":true,"quicksearch":true,"memberslist":true,"guest":true,"member":false,"detailedtime":false,"popups":true,"nojs_link":"\/forum\/api.php?api_m=api_init&clientname=mickknutson&clientversion=1.0&platformname=android&platformversion=2.2&uniqueid=mickknutson&nojs=1","pmstats":false,"pmwarning":false,"pmmainlink":false,"pmtracklink":1,"pmsendlink":0,"siglink":0,"avatarlink":1,"profilepiclink":false,"wollink":0,"spacer":true,"dst_correction":false,"contactus":true,"nopasswordempty":0,"quick_links_groups":false,"quick_links_albums":false,"friends_and_contacts":false,"communitylink":true,"foruminfo":false,"threadinfo":false,"facebookuser":false},"apiclientid":"4289","secret":"ZFSNnzRnrwDgQqfFJSfTGfnDtsNDkm6g"}
    12-18 13:49:54.818: VERBOSE/service(343): --------------------------------------------
    12-18 13:49:54.818: VERBOSE/service(343): qs: api_m=login_login
    12-18 13:49:54.830: VERBOSE/service(343): vars: {api_signature=68728237550074458405162211327579158783, clientId=mickknutson}
    12-18 13:49:54.830: VERBOSE/service(343): --------------------------------------------
    12-18 13:49:55.090: VERBOSE/service(343): result: {"response":{"errormessage":["missing_api_signature","Missing API Signature"]}}
    12-18 13:49:55.090: VERBOSE/service(343): --------------------------------------------
    12-18 13:49:55.090: INFO/home(343): login: {"response":{"errormessage":["missing_api_signature","Missing API Signature"]}}
    Why am I getting this?
    an anyone help me please?
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X