How can we make it easier for you to develop on top of Wild Apricot?

API V2 authorization error using APIKEY

As far as I can tell, APIKEY authorization according to:
http://help.wildapricot.com/display/DOC/API+V2+authentication
is broken.

This example:

POST /auth/token HTTP/1.1
Host: oauth.wildapricot.org
Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&scope=contacts finances events

simply doesn't work, always returning a "scope xxxx is not available for current client" for every scope I've tried (from the table on the same page).

Is this just completely broken, or something is missing. I note that there is no place in the API for the "application name". I also note that I don't get an "authorization error", as I would get if I use an incorrect base64-encoded API key, so it must be authenticating correctly.

Has *anyone* used APIKEY authentication? If so, does someone have a simple cURL command that proves it works?

1 vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)

    We’ll send you updates on this idea

    EricEric shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Resolved  ·  DmitryDmitry responded  · 

    The reason was a new line in ‘scope’ value.

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • EricEric commented  ·   ·  Flag as inappropriate

        To update (and why oh WHY doesn't this forum show dates on these posts!???) the problem was a dangling newline in the POST data. It was confusing because the same dangling newline is in the POST for client_credentials\n, but it didn't complain about this, only when it was on the scope=whatever\n did the call complain.

      • EricEric commented  ·   ·  Flag as inappropriate

        Well, it turns out that *omitting* the scope parameter succeeds in getting back an access token -- although the returned "AvailableScopes" array is empty.

        How does one create available scopes? And why does the documentation say that "scope=auto" should return all available scopes, when in fact it returns an error?

      Feedback and Knowledge Base

      Wild Apricot Inc. 144 Front Street West Suite 725, Toronto, Ontario, Canada M5J 2L7