Goodreads Developers discussion

bugs > Get people a user is following

Comments (showing 1-18 of 18) (18 new)    post a comment »
dateDown arrow    newest »

message 1: by Gregg (last edited Jan 22, 2012 10:10AM) (new)

Gregg (greggmarshall) | 105 comments From the API page, if I follow the sample url link
I get an xml record back

If I try the same call with (just for comparison to my PHP call)
I get the same response

If I try the call from my PHP, which passes
I get a 401 error "not authorized"

Also is there a reason the API documentation shows different formats for following and followers?

I also just tried the Get a user's followers API call and got the same 401 error

message 2: by Ettore, Noise Engineer (new)

Ettore Pasquini | 215 comments Mod
About following/followers differences: not sure I understand, the 2 api calls have very similar response formats.

About the 401 responses: if I read correctly the call you make from PHP is identical to the one you make in the browser (simple key auth, same params). If that is correct, the only difference is maybe that in the browser you are (probably) authenticated as your user, so the api executes the call on your behalf; in PHP you are perhaps doing the call while not authenticated. It looks like this API requires user authentication and the docs don't specify that, so I'll update that.

message 3: by Gregg (new)

Gregg (greggmarshall) | 105 comments so if I understand what you mean by user authentication I need to convert it to an OAuth Get?

message 4: by Gregg (new)

Gregg (greggmarshall) | 105 comments and I just tried the sample URL from a browser that is not logged in and it gives me a "not authorized" response

message 5: by Gregg (new)

Gregg (greggmarshall) | 105 comments what about the variance in following and follower API formats?

message 6: by Ettore, Noise Engineer (new)

Ettore Pasquini | 215 comments Mod
Gregg wrote: "what about the variance in following and follower API formats?"

I don't understand this question.

message 7: by Ettore, Noise Engineer (new)

Ettore Pasquini | 215 comments Mod
Gregg wrote: "so if I understand what you mean by user authentication I need to convert it to an OAuth Get?"

Well, not exactly. While OAuth is a safer mechanism in general and it would work in this case, I am not sure whether the current behavior with key authorization is intended or not. Basically I am not sure if this API should work like it's working right now when you use key auth, or if it should work like (e.g.), which requires no user authentication at all.

message 8: by Gregg (new)

Gregg (greggmarshall) | 105 comments The two are relatively symetrical API's, one for a user's followers, the other for who a user is following.

Followers is

Following is

From what I am learning about the API, I suspect the two can use either syntax, but it is a bit odd and possibly confusing.

message 9: by Gregg (new)

Gregg (greggmarshall) | 105 comments And I just tried the Followers call using OAuth and still got a 401 "unauthorized" error for

Also tried it without the key and still got the error

any ideas???

message 10: by Robert (new)

Robert (lathanh) | 14 comments Just wanted to clarify that these calls need to be user-authenticated (that is, made on behalf of a user); we'll update the documentation to reflect this.

Currently, our API allows some calls to be authenticated by cookie, including the following/follower calls. When you visit the sample link of such a call in your browser, you'll see the response as though the request was signed using an OAuth token for your user. Visit the sample link in your browser while signed out, and you'll get 401 "unauthorized"

We will be removing API authentication by cookies later.

message 11: by Gregg (last edited Jan 23, 2012 01:32PM) (new)

Gregg (greggmarshall) | 105 comments But they aren't working for OAuth either, so from what I can tell, they only work from a browser when you are logged in, returning XML because of the cookie. And that is useful as an API is what way???

message 12: by Dario (new)

Dario (JackMorris) | 2 comments Hi there, I'm working on an application that's using Goodreads API too.

It seems that I'm stuck in the exact same situation of Greeg: when I try to get users followers/followings, the only thing I reach is an "unauthorized" error.

I tryied using oauth, as well as not using it, but unfortunatly with the same result.

It's a shame, because right now those two calls are completely useless :/

message 13: by Louise, Developer of Stuff and Things (new)

Louise | 36 comments Mod
Hi Dario. As Robert mentioned above, the following & followers call should be user-authenticated. If you're making the call and are authenticated, but still get the 401-unauthorized error, then it may be a bug on our end.

I'll open a ticket in our system to investigate.

message 14: by Dario (last edited Mar 23, 2012 05:05PM) (new)

Dario (JackMorris) | 2 comments Hi Louise.
The problem occurs only with OAuth authentication.

The samples urls provided for both calls in the API reference page (/api) work fine with a logged browser, but when I try to reach them from within my application appending all the OAuth headers to the request, I receive the 401 error.

The same code works fine on other calls, for instance I can retrieve without problems users's friends and groups, so I don't think I'm doing something wrong here.

Btw, thank you for your quick answer.

message 15: by Gregg (new)

Gregg (greggmarshall) | 105 comments I have had some API calls that require OAuth work in a browser and not when called via OAuth. We finally realized that if you are logged in and do a browser based API call, the Goodreads will use your cookie/session authorization to allow the call, but a call with OAuth authentication fails. In most cases the problem appears to be on the Goodreads side.

message 16: by Paul (new)

Paul Shannon (paulshannon) | 1 comments Has this been addressed? I'm having this problem.

message 17: by Deb (new)

Deb B | 2 comments Has this been addressed? I am also having this problem, and it's now 2014.

message 18: by Ettore, Noise Engineer (new)

Ettore Pasquini | 215 comments Mod
hey guys, I just noticed the tickets that Louise opened some time ago are still open, so I really want to apologize for this.

We hope to be able to investigate soon.

In the time being Gregg, I know you worked on a big project involving a comprehensive list of our api calls, did you ever get these 2 working in your app? If you can share what you did, that would be useful.

back to top

unread topics | mark unread