在用户未登录的情况下使用 API 搜索 Netflix?
我正在尝试通过他们的 API 搜索 Netflix,但不让任何人登录(因为我想在后端执行此操作,不一定与任何用户操作相关)。我刚刚开始使用他们的 API,所以如果我做了一些完全愚蠢的事情,请原谅我。这是我尝试访问的 URL:
http://api.netflix.com/catalog/titles/?oauth_consumer_key=MY_CONSUMER_KEY&oauth_token_secret=MY_SECRET&term=fight+club
但是,这给了我一个 400 Bad Request 错误。如果用户不先登录我的应用程序,是否无法浏览/搜索 Netflix 目录?或者我做错了什么?
注意:我通过浏览器访问上述 URL,因为我只想执行 GET 请求,这是浏览器默认执行的操作。
I'm trying to search Netflix through their API, but without logging anyone in (because I want to do this on the back-end, not necessarily related to any user action). I'm just starting off with their API so please forgive me if I'm doing something completely stupid. Here's the URL I'm trying to access:
http://api.netflix.com/catalog/titles/?oauth_consumer_key=MY_CONSUMER_KEY&oauth_token_secret=MY_SECRET&term=fight+club
However, that gives me a 400 Bad Request error. Is there no way to browse/search the Netflix catalog without having a user first sign in to my application? Or am I doing something wrong?
Note: I'm accessing said URL through my browser, since I only want to perform a GET request, which is what a browser does by default.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
使用 OAuth 时,您需要计算请求的签名,即使您使用的是 2 足身份验证,该身份验证仅使用您的共享密钥而没有用户令牌(这意味着您的应用程序已登录,但没有用户登录) )。
如果它是 HTTP(如非 SSL)URL,则您需要使用 HMAC-SHA1* 签名方法而不是 PLAINTEXT,因为您不希望您的消费者机密以纯文本形式通过网络传递。
如果他们允许 HTTPS URL,那么您可以使用 PLAINTEXT 方法,但您仍然需要按照 https://datatracker.ietf.org/doc/html/draft-hammer-oauth-10#page-27 并将其作为
传递oauth_signature查询字符串参数,而不是传递oauth_token_secret。请注意,您还需要将oauth_signature_method=PLAINTEXT作为参数传递。此外,可能值得查看返回的响应。如果他们实现了 OAuth 问题报告扩展,那么这可以为您提供一些帮助来解决问题。
*或另一种加密您的共享秘密的方法
When using OAuth you need to compute a signature for the request, even if you're using 2-legged authentication which just uses your shared-secret and no user token (this means that your application is logged in, but no user is logged in).
If it's an HTTP (as in non-SSL) URL then you need to be using the HMAC-SHA1* signature method rather than PLAINTEXT because you don't want your consumer secret being passed across the wire in plain text.
If they allow an HTTPS URL then you can use the PLAINTEXT method, but you'll still need to calculate it as per https://datatracker.ietf.org/doc/html/draft-hammer-oauth-10#page-27 and pass that as the
oauth_signaturequery string parameter instead of passingoauth_token_secret. Note that you'll also need to passoauth_signature_method=PLAINTEXTas a parameter too.Also, it might be worth looking at the response that comes back. If they implement the OAuth Problem Reporting extension then that could give you some help with what's wrong.
*or another method that encryptes your shared secret