Goodreads Developers discussion

I blog about books at http://bookwyrmshoard.com/ , which is hosted on GoDaddy. I use a WordPress plugin called Ultimate Book Blogger, which has an add-on that should let me automatically post reviews from my blog onto my Goodreads account (Goodreads profile: https://www.goodreads.com/user/show/9... )

The problem is that Goodreads isn't accepting contact from my blog. Ashley, the UBB plug-in developer, did some testing on my behalf. Here's what she told me to tell you:

• I'm trying to connect to the Goodreads API with OAuth through my blog.
• I keep getting a 403 Forbidden error when trying to connect.
• As a test, we've requested the https://www.goodreads.com page using cURL and we also get a 403 Forbidden error.
• This all suggests that my site's IP has been banned. (My site is hosted on GoDaddy.)

Is there a way to get Goodreads to allow my site (http://bookwyrmshoard.com/ ) to connect to Goodreads API with OAuth? It would be so much more convenient and time-efficient to be able to have my reviews automatically post from my blog to Goodreads, rather than having to manually copy and paste each review individually as I have to do now. Other bloggers are using this plugin without any problems.

Please let me know if you need any other information in order to deal with this issue.

Thank you very much.

hi there at The Bookwyrm's Hoard, i checked with our customer support team and they assured that your website is NOT being blocked / blacklisted by us. So there must be something going on in the way the plugin is requesting or authenticating, OR we simply have a bug on our end.

Can you please tell the developer to post here and interact with us directly? It would be useful to see the request that's being sent.

Can you also list an example of a different site that's using the plugin successfully?

UPDATE: I filed an internal ticket (IOS-2707) for investigation.

I'll get in touch with her and ask if she can join the discussion.

I know of at least one site successfully using the plugin: http://www.caffeinatedbookreviewer.com/ She's on Goodreads as Kimba (profile URL: https://www.goodreads.com/user/show/5... )

I can locate other sites that are successfully using it as well, if you want more. Just let me know.

Thanks - I appreciate you looking into it. Hopefully we can get it sorted out.

Well the root of the problem is that every single request is returning back a 403 Forbidden error. For instance:

function ubb_fetch_page($url, $timeout = 5) {
$raw = false;
if (in_array('curl', get_loaded_extensions())) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
$raw = curl_exec($ch);
curl_close($ch);
}
else {
$raw = @file_get_contents($url);
}
return $raw;
}

$page = ubb_fetch_page('https://www.goodreads.com');
var_dump($page);

===============

That returns back a 403 Forbidden page. As do all the OAuth requests, presumably for the same reason (whatever that is). This doesn't happen on any other sites where the plugin is working.

Ettore wrote: "hi there at The Bookwyrm's Hoard, i checked with our customer support team and they assured that your website is NOT being blocked / blacklisted by us. So there must be something going on in the w..."

Ettore - I did ask the developer to join the conversation, and she has done so(see Ashley's comment - she goes through all the things she has done so far.) Is there any progress on the internal investigation, or anything she should do that she hasn't already? I don't think this is a problem with the UBB Plugin itself, because there are other bloggers using it without a problem.

Thank you.

Hi Ashley and The Bookwyrm's Hoard,

When you make requests to the Goodreads api, you need to either include a developer's key in the request or, for some requests like posting a new review, an OAuth token. So if you call one of our API's without a correct developer's key, you'll get a 403 forbidden error.

Are you including this key in all requests, and an OAuth token when trying to create reviews?

The developer can get a key through https://www.goodreads.com/api/keys and OAuth tokens need to be requested by your application on a per-user basis.

Hi, Nicole,

The UBB plugin tells me how to request an API key, which I did. Then I copied and pasted the API key and secret into the plugin in the appropriate places. Unless there's some issue with cutting and pasting, that part should be working. Incidentally, I've tried this several times, including at one point resetting the API key and putting in the new one (and the new secret) in case the first one was somehow broken. The second key-and-secret didn't work either, so I don't think it is a copy-and-paste error.

The plugin uses OAuth. I don't believe it's a problem with the plugin because about 80 other people use it without any issues. It's her site specifically that gets a 403.

And as you can see from the code above, simply performing a curl request on the Goodreads homepage results in a 403 forbidden. Pasting that EXACT same code on any of the sites where the plugin works does not result in a 403.

That code I pasted is just an example. The plugin in question uses OAuth, and she is also getting errors when using OAuth to try to connect to Goodreads itself. She can't even get to the stage of posting a new review via the plugin because she can't authorize her account with Goodreads in the first place due to the 403. The plugin has two stages:

1) Connect to Goodreads using OAuth
2) Submit a post to Goodreads to use as a review

She cannot get past step #1 so she hasn't even attempted doing #2 yet since she can't get the connection in the first place.

I looked at our api request logs for requests using your developer key (The Bookwyrm's Hoard's) and I didn't see any made from your account...we log all api requests and I'm usually able to look up requests made by developers in this way, so I'm not sure why I wouldn't be able to see it, unless for some reason the key isn't being included in your requests.

If you're using a different account for your developer key to make these requests, can you email support@goodreads.com? They can then forward it to me and I can try looking for requests made by your other account.

OK. As of 8:56 pm EST, I just (in the last 5 or 6 minutes:

1. Went to the https://www.goodreads.com/api/keys page and reset my developer key and secret.

2. Went to my WordPress dashboard, opened the UBB Plugin's Goodreads add-on, copied the new key and secret (separately) from the Goodreads page and pasted them into the places clearly marked "Goodreads Auth Key" and "Goodreads Auth Secret".

3. Went to the place in the UBB Plugin where it says "Connect to Goodreads" and pressed the button to connect.

4. Got the dratted "403 Forbidden" error with "server" written underneath. Tried connecting a second time a few minutes later, with the same result.

If you still don't show any api request logs using my new developer key in the 8:50 to 9:05 pm EST on Feb. 5, 2015, then I don't have a clue what the problem is. As far as I can tell, I'm doing everything right and using the developer key and secret that Goodreads has given me, exactly as specified.

As Ashley points out, the plugin is working flawlessly on more than 80 other blogs' sites, yet for some reason mine can't even connect. That suggests that the problem is on Goodreads' end. Do you perhaps have issues with GoDaddy's servers? Because that's where I have my hosting.

Or - and this is a question for both Nichole and Ashley - would it make any difference that while my blog site is http://bookwyrmshoard.com, on the hosting servers it is a subdomain under another domain (http://wordsmithindex.com)? I can't see why that would matter, but I'm grasping at straws here.

I believe the reason her API key isn't showing up in your logs is because it never gets to that point.

OAuth uses cURL on the request token page ( http://www.goodreads.com/oauth/reques... ). But that's returning a 403 error (as noted above...) so she never actually gets to the point of passing through the API key and approving the connection.

Any request to any Goodreads page results in a 403 from her server, so the API key never even reaches a Goodreads connection.

Can you use something else beside curl? I remember having problems using curl with oauth. For example, can you verify this with Postman?

Another thing i noticed is that you have not set the callback_url, which i think you need to set.

I dug a little deeper, and I can't find any oauth token associated to you, so confirming what Ashley said. The only reason why oauth/request_token might fail that i can see is that the OAuth consumer signature verification fails. We can't even find any traces in the logs that went beyond the first step of building the Oauth signature from the request. From the code i can see this is because the signature method is not set. I don't see it from your code above either.

I'm not having problem with curl and oauth with any of my other 80+ customers. It's just this person's site specifically.

The code snippet I pasted is not from the oauth part of the plugin. That was just an example completely unrelated to oauth of how a simple curl function fails on this server. Simply fetching goodreads.com with no oauth code returns a 403 Forbidden error. That says there's something fundamentally wrong.

In my actual oauth code I do follow all the guidelines and set the callback_url.

The code is working perfectly fine on 80+ other sites. It's just this specific site/server where there's any problem.

The fact that we can't find any reference to your developer id in our logs, while we can for any other developer, is suspect in my opinion. That's why I was asking if we could see the actual code that you use to perform that call, not just an unrelated example.

It would also help if you could try the same with a different client, such as Postman, and see if you get different results.

I'm commenting for the historical record.

We made a change on our server side to remove any rate limiting we did for API calls from shared hosts to see if that was the problem. It wasn't.

I think the only thing left to do is for GoDaddy users to ask GoDaddy to see if they can do more debugging on their end.

I receive this "Error: The request to Goodreads failed." when I try to connect to goodreads through the UBB plugin.

I called godaddy and they were no help, they cannot provide help on plugins.

Was this ever resolved???

No, it wasn't. The problem must be at GoDaddy. I will try one more time to see if I can get it working since GoDaddy is no help.

Butting in here. I'm using GoDaddy too and I have the same issue. I contacted GoDaddy, and I asked here on Goodreads but nothing changed.

Just got off the phone with godaddy, they stated that goodreads is probably using a port that is blocked at godaddy for security reasons. The ports that are not blocked are 80 25 and 21. Don't know what port goodreads is using or even where to find out. I'll also add this information to my request to Ashley, the developer for the UBB plugin. I also receive the 403 error when using goodreads to retrieve book info with the isbn.

Will this information at this website work???

https://www.elegantthemes.com/blog/ti...

I looked at that, but I'm not good enough with this technical stuff to know whether it will help or not. Sorry!

Hoping Ashley will jump in, I trust her judgement.

I'm not sure if she's watching the thread anymore, but hopefully. :-)

Unfortunately there's nothing I can do on my end if GoDaddy is indeed blocking ports, which seems to be the case. :(

Well you can check out this guide and see if it can help you in some instance you can contact your hosting provider and tell them to open few ports. or migrate your website to any other provider. All the best.

https://www.cloudways.com/blog/fix-40...