Goodreads Developers discussion

I got my first OAuth API call get user ID to work, so I thought I'd work my way through a few others that use GET.

The next on the list is "See the current user's notifications". I got 401 not authorized error when I made the call using the same OAuth structure as the User ID call so I was looking at the API documentation and noticed a sample URL link.

When I clicked it, I expected a not authorized error since it would have been without the OAuth authorization. Instead I got a XML response. How does it know whose notifications to return if you aren't using OAuth?

Any ideas???

Our API will allow for some calls to be authenticated by your cookie; i.e., the user that you're currently signed-in as on the website. Try again whiled signed-out, and you will get not-authorized.

We will be removing this behavior.

So any idea why I am getting a 401 not authorized error for the OAuth call?

Other OAuth GET calls seem to work:
* Get id of user who authorized OAuth.
* Get a list of topics with unread comments.
* Get a user's friends.
* Get your friend updates.
* Compare books with another member.
* List books owned by a user.

While others are giving a 401 error
* See the current user's notifications.
* Get a user's followers.
* Get people a user is following.

They use fundamentally the same code (different URL's) so I'm confused why I can't get them to work.

Hey Gregg did you ever figure this out? I'm running into the same situation, I have everything else working and I thought this would be a slam dunk but it didn't work for me.

Shawn

I've got a small set of API's that are giving me a 401 error and no resolution as of now:

notifications-OAuth — See the current user's notifications, returns 401, not authorized errors
review.create-OAuth — Add review, returns 401, not authorized errors
review.destroy-OAuth — Destroy a review, returns 401, not authorized errors
review.update-OAuth — Update book reviews, returns 401, not authorized errors
user.followers — Get a user's followers, both OAuth and non-OAuth calls return 401, not authorized errors
user.following — Get people a user is following, both OAuth and non-OAuth calls return 401, not authorized errors

Given that other, virtually equivalent, API calls are working, both OAuth and non-OAuth, the 401 not authorized errors appear to be a problem on the Goodreads side the best I can tell.

And I've got one more generating a different but unexpected error:
followers.create-OAuth — Follow a user, always returns OK response with data = '$("follow_container_user_7535600").update("Something went wrong! Follower can't be blank");'

Notifications does appear to be broken. We'll fix that very soon.

I haven't tried followers or following, but those are just as likely to be broken.

review.create/destroy/update look fine. square brackets, maybe?

I'll look at the review series again, but I've got a bunch of working API's that use square brackets, so I'd be surprised to have that be the issue.

Can you double check the URL's and parameters on the documentation for me? I have found, and reported, a couple of instances where the problem ended up being the documentation.

I found a errant space in my add a review API call URL that was causing the 401 error. It now works if I add a new review, and it returns a 400 Unprocessable Entry error if a review already exists (which isn't the best error message, but won't break anything I'm doing).

Destroy a review has an API documentation error and returns a bad result. Changing from 'review/destroy.xml' with the book ID as a parameter to 'review/destroy/' now works but generates a 302 redirect, which the library I'm using interprets as an error (according to their documentation only results in the 200 range are considered "ok" responses).

Update (edit) a review with 'review/.xml' gives a 404 not found error. Same with 'review/' and the variants. Trying 'review/edit/.xml' gives a 401 unauthorized error.

Using 'review/edit/' gives a 302 redirection but doesn't update the review (unlike destroy with does do the delete). So the closest URL is 'OAUth PUT URL => http://www.goodreads.com/review/edit/...'

Hey Gregg, I just tested the review/destroy API and it works as advertised for me. I tried both:

POST review/destroy.xml (with book_id param)
POST review/destroy (with format=xml and book_id params)

You should not use review/destroy/.

review/edit is not really an API we published as far as I know. I see you have opened another topic for problems updating a review, so I'll answer there.

I just switched to the first format you suggested and it works fine.

I have NO CLUE why it wasn't working before.

Thanks for the help.