How to "Authorization" in HTTP Header?

I am using C++ and the CURL library. I am able to negotiate OAuth and get an access token. I add the access token to the Headers. Ex:

Authorization: OAuth 8gBTGDcFPlJQ3ra2gi6Kw96xspK1wmAPfRMKe2iR

I am getting a 500 error code ("ApiException") when I send a profile inquiry. The same inquiry works fine when I paste it in the browser address window.

Do I have the right syntax? Is there documentation available? (The Ruby example should be updated).

Greetings Pierre,

Was this 10 days ago, or more recent? The only logged errors I see for you are on February 17th, where it appears that you were missing the "g" in front of a profile ID in an immediate-family call. I suspect you got that worked out, though, and that whatever problem you're having is more recent but not being logged for some reason...?

This is happening yesterday and today (minutes ago). I am trying every permutation under the sun:

Authorization: OAuth %s
500 Internal Server Error

Authorization: %s
302 https://www.geni.com/api/profile/immediate-family.xml

Authorization: OAuth "%s"
500 Internal Server Error

Authorization: OAuth token %s
500 Internal Server Error

I really appreciate some help, I am gung-ho to get this up & running today :o)

Here's the header I get back:

HTTP/1.1 500 Internal Server Error
Server: nginx/0.7.65
Date: Sun, 27 Feb 2011 15:53:12 GMT
Content-Type: application/xml; charset=utf-8
Connection: keep-alive
Status: 500 Internal Server Error
X-API-Rate-Limit: 40
X-API-Rate-Window: 10
Content-Length: 84
Set-Cookie: gsession=BAh7CDoPc2Vzc2lvbl9pZCIlYjE5MjEyNDI3NWZhYTgxOTNhZTcxMzQ3OWY2MGIzMjc6FGdlbmlfc2Vzc2lvbl9pZCIlMzRjMzgxMjM1NjU2MzJmZDNkNTk2YzllYWYxM2I3ZTYiDXJlZl90eXBlIgxvcmdhbmlj--d49ba4cf0895c2bccb1253674cbdaef9e577b215; path=/; HttpOnly
X-API-Rate-Remaining: 40
Cache-Control: no-cache

Well I can see how that doesn't help you very much. :-/

Can you try passing --trace <file> to curl and send me the contents of the trace file? (Either post here or send me a Geni message if you prefer)

Whoops, sorry, I see you said "curl library" -- do you happen to know if there's a way to enable tracing through the library interface?

Here is the trace log captured by a debugging function:

GET /?code=vLs8E1Im7zQLdjcZnJXx HTTP/1.1
Host: 127.0.0.1:55555
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729; .NET4.0E)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

https://www.geni.com/oauth/token?client_id=IKPCwc6QmjBg4LbKRLoVzBWf...
curl_debug_func: About to connect() to www.geni.com port 443

curl_debug_func: Trying 208.78.87.80...
curl_debug_func: connected

curl_debug_func: Connected to www.geni.com (208.78.87.80) port 443

curl_debug_func: CAfile: curl-ca-bundle.crt
CApath: none

curl_debug_func: SSLv2, Client hello (1):

curl_debug_func:


curl_debug_func: SSLv3, TLS handshake, Server hello (2):

curl_debug_func: 
curl_debug_func: SSLv3, TLS handshake, CERT (11):

curl_debug_func: 
curl_debug_func: SSLv3, TLS handshake, Server finished (14):

curl_debug_func: 
curl_debug_func: SSLv3, TLS handshake, Client key exchange (16):

curl_debug_func: 
curl_debug_func: SSLv3, TLS change cipher, Client hello (1):

curl_debug_func:

curl_debug_func: SSLv3, TLS handshake, Finished (20):

curl_debug_func: 
curl_debug_func: SSLv3, TLS change cipher, Client hello (1):

curl_debug_func:

curl_debug_func: SSLv3, TLS handshake, Finished (20):

curl_debug_func: 
curl_debug_func: SSL connection using RC4-MD5

curl_debug_func: Server certificate:

curl_debug_func: subject: /serialNumber=/lPhimBQlVfNkaJkSEPRisRh-EM7Acws/C=US/O=*.geni.com/OU=GT97122710/OU=See www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.geni.com

curl_debug_func: start date: 2010-08-25 03:58:32 GMT

curl_debug_func: expire date: 2011-08-28 19:35:09 GMT

curl_debug_func: subjectAltName: www.geni.com matched

curl_debug_func: issuer: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

curl_debug_func: SSL certificate verify ok.

curl_debug_func: GET /oauth/token?client_id=IKPCwc6QmjBg4LbKRLoVzBWfBWlNH4T9jTDSZ9N8&client_secret=***&code=vLs8E1Im7zQLdjcZnJXx&redirect_uri=http://127.0.0.1:55555 HTTP/1.1
User-Agent: Charting Companion/1.0 (Progeny Genealogy Inc.)
Host: www.geni.com
Accept: */*
Referer: www.progenygenealogy.com

curl_debug_func: HTTP/1.1 200 OK

HTTP/1.1 200 OK
curl_debug_func: Server: nginx/0.7.65

Server: nginx/0.7.65
curl_debug_func: Date: Sun, 27 Feb 2011 18:08:30 GMT

Date: Sun, 27 Feb 2011 18:08:30 GMT
curl_debug_func: Content-Type: application/json; charset=utf-8

Content-Type: application/json; charset=utf-8
curl_debug_func: Connection: keep-alive

Connection: keep-alive
curl_debug_func: Status: 200 OK

Status: 200 OK
curl_debug_func: ETag: "c9ee41a7528e72ceb78f5f3891d8fe44"

ETag: "c9ee41a7528e72ceb78f5f3891d8fe44"
curl_debug_func: X-Runtime: 58

X-Runtime: 58
curl_debug_func: Content-Length: 53

Content-Length: 53
curl_debug_func: Set-Cookie: ref=www.progenygenealogy.com; path=/; expires=Mon, 28-Feb-2011 18:08:30 GMT

Set-Cookie: ref=www.progenygenealogy.com; path=/; expires=Mon, 28-Feb-2011 18:08:30 GMT
curl_debug_func: Set-Cookie: gsession=BAh7CjoLbG9jYWxlIgplbi1VUzoQc2F2ZV9sb2NhbGVGOg9zZXNzaW9uX2lkIiUxZWY1MDYyNWRkOWQ4OWUxMzM5ZWQ1ZGU3N2RmOGZmNiINcmVmX3R5cGUiDG9yZ2FuaWM6FGdlbmlfc2Vzc2lvbl9pZCIlOGVmYzdiMjQyMWMxNzI2ZjA2YmUwM2NmNjYyMDg1MGI%3D--20923a7d044a973aa53de2e2baaf3aadf568a9cd; path=/; HttpOnly

Set-Cookie: gsession=BAh7CjoLbG9jYWxlIgplbi1VUzoQc2F2ZV9sb2NhbGVGOg9zZXNzaW9uX2lkIiUxZWY1MDYyNWRkOWQ4OWUxMzM5ZWQ1ZGU3N2RmOGZmNiINcmVmX3R5cGUiDG9yZ2FuaWM6FGdlbmlfc2Vzc2lvbl9pZCIlOGVmYzdiMjQyMWMxNzI2ZjA2YmUwM2NmNjYyMDg1MGI%3D--20923a7d044a973aa53de2e2baaf3aadf568a9cd; path=/; HttpOnly
curl_debug_func: Cache-Control: private, max-age=0, must-revalidate

Cache-Control: private, max-age=0, must-revalidate

curl_debug_func: access_token=I2CJLCgd44FFRZdaCm8Fbev0GOVdi0Xn0Dw6tAcE
curl_debug_func: Connection #0 to host www.geni.com left intact

getAccessToken ret = 200
cCURL::appendHeader "Authorization: OAuth I2CJLCgd44FFRZdaCm8Fbev0GOVdi0Xn0Dw6tAcE"
The thread 'Win32 Thread' (0x10e0) has exited with code 0 (0x0).
curl_debug_func: About to connect() to www.geni.com port 80

curl_debug_func: Trying 208.78.87.80...
curl_debug_func: connected

curl_debug_func: Connected to www.geni.com (208.78.87.80) port 80

curl_debug_func: GET /api/profile/immediate-family.xml HTTP/1.1
User-Agent: Charting Companion/1.0 (Progeny Genealogy Inc.)
Host: www.geni.com
Accept: */*
Referer: www.progenygenealogy.com
Authorization: OAuth I2CJLCgd44FFRZdaCm8Fbev0GOVdi0Xn0Dw6tAcE

curl_debug_func: HTTP/1.1 500 Internal Server Error

HTTP/1.1 500 Internal Server Error
curl_debug_func: Server: nginx/0.7.65

Server: nginx/0.7.65
curl_debug_func: Date: Sun, 27 Feb 2011 18:08:31 GMT

Date: Sun, 27 Feb 2011 18:08:31 GMT
curl_debug_func: Content-Type: application/xml; charset=utf-8

Content-Type: application/xml; charset=utf-8
curl_debug_func: Connection: keep-alive

Connection: keep-alive
curl_debug_func: Status: 500 Internal Server Error

Status: 500 Internal Server Error
curl_debug_func: X-API-Rate-Limit: 40

X-API-Rate-Limit: 40
curl_debug_func: X-API-Rate-Window: 10

X-API-Rate-Window: 10
curl_debug_func: Content-Length: 84

Content-Length: 84
curl_debug_func: Set-Cookie: gsession=BAh7CDoPc2Vzc2lvbl9pZCIlZDQ3MWY5OGVhNzc5ZmM1YmY0NGNlM2Q2ZGM5MmQ2ZDAiDXJlZl90eXBlIgxvcmdhbmljOhRnZW5pX3Nlc3Npb25faWQiJTE1ZDFmNGJiM2QzY2RjZDcyYTVhZDBkNTVhYmEzMzgz--1603503331e51edd11ea58b2f3afacb83509dce4; path=/; HttpOnly

Set-Cookie: gsession=BAh7CDoPc2Vzc2lvbl9pZCIlZDQ3MWY5OGVhNzc5ZmM1YmY0NGNlM2Q2ZGM5MmQ2ZDAiDXJlZl90eXBlIgxvcmdhbmljOhRnZW5pX3Nlc3Npb25faWQiJTE1ZDFmNGJiM2QzY2RjZDcyYTVhZDBkNTVhYmEzMzgz--1603503331e51edd11ea58b2f3afacb83509dce4; path=/; HttpOnly
curl_debug_func: X-API-Rate-Remaining: 40

X-API-Rate-Remaining: 40
curl_debug_func: Cache-Control: no-cache

Cache-Control: no-cache

curl_debug_func: <?xml version="1.0" encoding="UTF-8"?>
<error>
<type>ApiException</type>
</error>

curl_debug_func: Connection #1 to host www.geni.com left intact

Well, I'm sorry I wasn't able to get you an answer today.. they day you have to work on your app, happens to coincide with the day we usually don't work on ours. :-/

No problem - this is a full-time job for me, I'm available seven days a week to work on the GENI version of my app.

So, how do I formulate the "Authorization" part of the header? Are there any written specifications available? Am I doing something incorrect, or is the "ApiException" coming from the GENI code?

Sure appreciate the help.

Here is a sample of the charts I will be creating directly from GENI data:

http://progenygenealogy.com/Products/FamilyTreeCharts/SampleCharts....

Post deleted by Scott Steadman on Feb 28, 2011 at 9:37 AM

Post deleted by Scott Steadman on Feb 28, 2011 at 9:38 AM

I think you're using an OAuth1-style header to make the call.

Try this url: https://www.geni.com/api/profile/immediate-family.xml?access_token=... code returned from token call)

That did the trick. The access token is not delimited by quotes:

https://www.geni.com/api/profile/immediate-family.xml?access_token=...

I don't know Ruby, but I examined the example here (https://github.com/intridea/oauth2/commit/607af1ca78fa20b796de6260a...) and assumed that this meant we had to add the Authorization code to the header:

headers = headers.merge 'Authorization' => "OAuth #{@token}"

Thanks very much. BTW accurate, up-to-date documentation is really appreciated. We will read it and ask fewer dumb questions.

Post deleted by Scott Steadman on Mar 1, 2011 at 11:36 AM

I think the code should look like this:

headers.merge 'Authorization' => "OAuth oauth_signature_method=PLAINTEXT&oauth_token=#{@token}"

BUMP!

Scott Steadman - Itried the Authorization OAuth oauth_signature_method=PLAINTEXT&oauth_token=xxx
request header method and got a 400, Bad Request error.

{"error":{"type":"ApiException","message":"Bad Request"}}

Could you check up what kind of header Geni accept for OAuth Authorization?

I try to avoid having to unpack and repack the url just add the oauth_token parameter.

Could you also check what kind of parameters or headers Geni require to get to this page by replying with a 302 Location response to the access_token message:

http://i632.photobucket.com/albums/uu41/bpbrox/AllowedRequest.png

We're in the process of updating our OAuth code. Have you tried this on the sandbox?

I don't think I have access to the sandbox.
PM me information ad I can make some tests.

No need for PM. It's http://sandbox.geni.com/

You'll have to create an account there it's not linked with production.