Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data Access API does not support X-Dataverse-key header #2662

Closed
pdurbin opened this issue Oct 21, 2015 · 4 comments
Closed

Data Access API does not support X-Dataverse-key header #2662

pdurbin opened this issue Oct 21, 2015 · 4 comments
Assignees
@kcondon
Labels
Feature: API
Milestone
4.3

Comments

@pdurbin
Copy link
Member

pdurbin commented Oct 21, 2015
edited by mheppler
Loading

http://guides.dataverse.org/en/4.2/api/native-api.html says, "Calls that do require authentication require the user’s API key. That key can be passed either via an extra query parameter, key, as in ENPOINT?key=API_KEY, or via the HTTP header X-Dataverse-key" but I can't get the X-Dataverse-key header to work with the Data Access API.

This works:

curl http://localhost:8080/api/access/datafile/12?key=$API_TOKEN

This doesn't work:

curl -H "X-Dataverse-key:$API_TOKEN" http://localhost:8080/api/access/datafile/12

I believe we want both to work. The header version was introduced in #2123 so that some day we can deprecate the query parameter version.
@pdurbin
Copy link
Member Author

pdurbin commented Oct 22, 2015

@landreev since you were just in this code for #2648 I'm putting this ticket in your name for now to take a look at least, when you have a chance.

@mercecrosas mercecrosas modified the milestone: In Review Nov 30, 2015
@scolapasta scolapasta modified the milestone: Not Assigned to a Release Jan 28, 2016
@landreev
Copy link
Contributor

I feel I should fix this in 4.3, since this is kind of a security thing.
And "low hanging enough.

@landreev landreev added this to the 4.3 milestone Jan 29, 2016
landreev added a commit that referenced this issue Feb 23, 2016
@landreev
A fix for #2662 - support for API token in the headers.
3490be7 
(spoke to Gustavo, and we decided to put this into the same branch as #2871;
since a) this is a minor fix; and b) the change is in the class file Access.java,
that was also modified for #2871).
@landreev landreev assigned kcondon and unassigned landreev Feb 23, 2016
@landreev
Copy link
Contributor

Should be ready for QA.
Please note: I spoke to Gustavo and we decided to push this fix into the branch "2871-batch-downloads-improvements" - the one for the "zip downloads of large batches of files" issue. This is to make life slightly easier, because
a) this was a relatively simple/minor fix; and
b) it affects one of the class files (Access.java) that was also changed for 2871.

Testing:

You can try downloading a restricted file, for example:

wget -O /tmp/test.out http://localhost:8080/api/access/datafile/NNNN

the above should fail with a 403.

Now with the api token, sent in the new header:

wget -O /tmp/out.txt --header "X-Dataverse-key: YOURAPITOKEN" http://localhost:8080/api/access/datafile/NNN

this should work, assuming the supplied token was legit.

@landreev landreev mentioned this issue Feb 24, 2016
Merged
11 tasks
@kcondon
Copy link
Contributor

kcondon commented Feb 24, 2016

OK, works with both command line and header versions. Closing.

@kcondon kcondon closed this as completed Feb 24, 2016
@mheppler mheppler changed the title Data Access API does not support X-Dataverse-key header Data Access API does not support X-Dataverse-key header Oct 12, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kcondon kcondon

Labels
Feature: API
Projects
None yet
Milestone
4.3
Development

No branches or pull requests
5 participants
@pdurbin @mercecrosas @landreev @scolapasta @kcondon