Ettore Pasquini Ettore's Comments (member since Oct 26, 2010)

Ettore's comments from the Goodreads Developers group.

(showing 21-40 of 217)

Mar 30, 2015 10:13AM

8095 i don't believe that's possible. We have the usual oauth callback but that's only for authorization purposes.
Regarding cookies, actually, we should not send those back... if you do that's likely a bug on our end.
Mar 03, 2015 02:21PM

8095 The fact that we can't find any reference to your developer id in our logs, while we can for any other developer, is suspect in my opinion. That's why I was asking if we could see the actual code that you use to perform that call, not just an unrelated example.

It would also help if you could try the same with a different client, such as Postman, and see if you get different results.
Mar 03, 2015 02:17PM

8095 Hey Robert, that should be included in the api.
Mar 03, 2015 02:15PM

8095 This problem is not fixed, but please follow the suggestion above, in my previous messages.
Mar 03, 2015 02:05PM

8095 Hi Paul, for friendship types, the element describes the resource that one can like. So, look for the under that node. Review id is not related to friendships.
Feb 11, 2015 02:42PM

8095 sorry, there's only one query string. But you can search the same string on both author and title.
8095 Hi there, sorry it's not possible to get the statistics in bulk. Similarly for all the other aggregates, sorry, that's not possible either.
Feb 11, 2015 02:37PM

8095 Can you use something else beside curl? I remember having problems using curl with oauth. For example, can you verify this with Postman?

Another thing i noticed is that you have not set the callback_url, which i think you need to set.

I dug a little deeper, and I can't find any oauth token associated to you, so confirming what Ashley said. The only reason why oauth/request_token might fail that i can see is that the OAuth consumer signature verification fails. We can't even find any traces in the logs that went beyond the first step of building the Oauth signature from the request. From the code i can see this is because the signature method is not set. I don't see it from your code above either.
8095 Mandeep, your question doesn't belong in this topic, which is about the user.following endpoint. Please make sure to read the Getting Started section ( ) and post your question as a new topic, maybe under the questions folder:
Python wrapper (10 new)
Feb 11, 2015 11:40AM

8095 Thanks Sefa. I've moved your post to the examples/showcase folder and marked it as sticky, so other people can find it easily. This kind of question has come up frequently.

Again, thanks so much!
Feb 11, 2015 11:37AM

8095 sorry, no new development here.
Feb 11, 2015 11:36AM

8095 it might not be part of those api responses. Can you please post those two responses? Make sure to black out sensitive info.
Feb 11, 2015 11:29AM

8095 that seems odd to me, does this happen currently for all reviews that you post?
Feb 06, 2015 03:04PM

8095 Hey Ankit, we searched the logs for your group/join requests and we couldn't see any problems that jumped out to us. I recommend the following:

- verify that your OAuth token is actually valid. It does look valid from the logs, but please verify that yourself: e.g. can you successfully execute another oauth call?

- make sure ALL the actual params you're sending (in the group.join case it should just be "format" and "id") are part of the request HTTP body (NOT in the URL). Typically the parameters are sent as "key=value" string pairs (e.g.: format=xml) and these pairs need to be URLencoded before being added to the body. Also make sure the "Content-Length" HTTP header to the actual post data length. This stuff is usually taken care of by any OAuth library worth its salt. But it's worth checking.

- make sure the "Content-Type" HTTP header is set to "application/x-www-form-urlencoded". We did see your request being handled as HTML in the logs, which shouldn't happen, so i suspect this is missing?

- likely repeating the obvious, but you need to sign the request with consumer secret and token secret. But note, do NOT send these secrets!

- make sure the timestamp is actual (it can't be too further away from the current time), and that the nonce is not reused for multiple requests.

- make sure you sign the request in full: in particular you need to sign the whole body, the method, the url, nonce, timestamp, signature method, token, oauth version. Again, all this stuff needs to be URL-encoded and the generated string is what needs to be signed.

E.g. this is the string that gets signed in our app for a /group/join request:

(note there should be no line brakes in the above string)

and the resulting signature is something that looks like this:


- verify the "Authorization" HTTP header contains the Oauth info above. E.g. it should contain something like this:

OAuth realm="", oauth_consumer_key="YOUR_API_KEY", oauth_token="THE_ACCESS_TOKEN", oauth_signature_method="HMAC-SHA1", oauth_signature="URL_ENCODED_OAUTH_SIGNATURE", oauth_timestamp="THE_SAME_TIMESTAMP_AS_ABOVE", oauth_nonce="THE_SAME_NONCE_AS_ABOVE", oauth_version="1.0"

Again, any oauth library should do this but it's worth checking.

Also, like Nichole was saying, there's no need to send the "key" param if you are using oauth, since that's already sent as the oauth_consumer_key.

I hope this helps!
Add new books (14 new)
Jan 22, 2015 05:53PM

8095 Hi Caladria, you need an ONIX feed for your books. If you have it, please send the info to us at and we'll help you set it up!
Jan 20, 2015 05:26PM

8095 hi there at The Bookwyrm's Hoard, i checked with our customer support team and they assured that your website is NOT being blocked / blacklisted by us. So there must be something going on in the way the plugin is requesting or authenticating, OR we simply have a bug on our end.

Can you please tell the developer to post here and interact with us directly? It would be useful to see the request that's being sent.

Can you also list an example of a different site that's using the plugin successfully?

UPDATE: I filed an internal ticket (IOS-2707) for investigation.
Jan 20, 2015 05:19PM

8095 nice to hear! what was the problem, Ankit?
Jan 20, 2015 05:02PM

8095 I'm a little lost on what's going on here exactly. Can you please post the entirety of your request i.e. including the oauth headers? *Obviously black out any sensitive info!*
Dec 30, 2014 11:52AM

8095 Hey Mark, just wanted to let you know the ticket related to this problem was added to our next sprint, so we should really have it fixed soon. Sorry again for the problem.
Dec 29, 2014 06:17PM

8095 thanks for bringing this to our attention. That's definitely bad documentation. We'll try to fix it soon.

Meanwhile, I believe the sample URL example is what you should use.

topics created by Ettore