1

I need to get token to connect to API. Tried with python this:

import requests, base64
url = 'https://api-b2b.alzura.com/common/login'
token_req = base64.b64encode(b'name:passwd').decode()
headers = {'Authorization': str(token_req)}
req = requests.post(url, headers=headers)
print(req)

And got <Response [400]>, but no token. :D I have read this post part about python, but it dint't work for me.

Looks like I does it completely wrong. What should I do/learn/read?

Thank you for your time!

UPDATE It should be a basic auth, and it looks like there is no need any user secrets. Here is little manual from developer:

Get a login token and expire date. Returns the X-AUTH-TOKEN which is required for authentication of the remaining endpoints. Authentication for this endpoint is basic auth. For authentication, an authentication-header formatted as 'Alzura ID:Password' must be transmitted as a base64-encoded string.

Improve this question
1
  • Here is the link to description of obtaining a token. If it could help. Commented Jun 12, 2021 at 15:41

1 Answer 1

Reset to default
1

First note that a token must be obtained from the server ! A token is required to make some API calls due to security concerns. There are usually at least two types of tokens:

  • Access token: You use it to make API calls (as in the Authorization header above). But this token usually expires after a short period of time.
  • Refresh token: Use this token to refresh the access token after it has expired.

You should use requests-oauthlib in addition with requests.
https://pypi.org/project/requests-oauthlib/
But first, read the available token acquisition workflows:
https://requests-oauthlib.readthedocs.io/en/latest/oauth2_workflow.html#available-workflows
and choose the right workflow that suits your purposes. (The most frequently used is Web App workflow)
Then, implement the workflow in your code to obtain the token. Once a valid token is obtained you can use it to make various API calls.

As a side note: be sure to refresh token if required.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Do I understand right that client_secret and client_key must be provided by the API owner? It is possible that that API has no client secret and client key?
You're right: the client id and secret must be provided by the API owner.
@neznajut Some non-critical API endpoints require no authentication and thus neither client id nor secret. But nowadays, this is extremely unlikely to be the case.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.