使用JS中使用Fetch API的基本身份验证
我正在使用HTML文档中使用的脚本使用Leaftlet在HTML文档中使用的脚本,以显示波士顿区域的地图,我想获取从本网站上放置在地图上的位置列表。我正在使用fetch来执行此操作,到目前为止,代码看起来像这样。
const key ='apikey';
const用户名=键;
const pwd =“”;
const uri ='https://api.quant-aq.com/device-api/v1/account';
const encoded_key ='base64encodedapikey'
async function getData(link) {
const response = await fetch("https://api.quant-aq.com/device-api/v1/account", {
method: "GET",
headers: {
'Authorization': 'Basic ' + btoa(USERNAME + ":" + PWD),
// 'X-API-KEY' : KEY,
// "X-Auth-Token": KEY,
'Host': 'quant-aq.com',
'Accept': 'application/json',
'Content-Type': 'application/json'
},
mode: "no-cors"
})
console.log(response.json())
}
getData(URI);
我应该提到我是JS的新手(以及查询APIS Hehe),因此我对代码中通常暗示的HTTPS错误并不完全熟悉。我已经尝试让无调的呼叫中的所有标题都没有成功。我不断遇到错误401。
文档位于这里: https://docs.quant-aq.com/api#ac146fbf650b4f98Addf9c6b1705d982
我也应该提到,我还应该提到,我一旦使用httpie bash bash呼叫,但我设法访问他们的API,但无法重复使用httpie bash版本结果JS。我相信我过去成功称其为用户名:password而不是api_key。
可能的问题:
您需要有密码吗?不,如果我生成了API键,则不需要密码。他们的文档还将钥匙用作用户名,因此不应该是缺陷。
I'm working on a script featured in an HTML document to display a map of the Boston area using leaftlet, and I'd like to get a list of locations to put on the map from this website. I'm using fetch to do this, and so far the code looks like this.
const KEY = 'APIKEY';
const USERNAME = KEY;
const PWD = "";
const URI = 'https://api.quant-aq.com/device-api/v1/account';
const ENCODED_KEY = 'base64encodedAPIKEY'
async function getData(link) {
const response = await fetch("https://api.quant-aq.com/device-api/v1/account", {
method: "GET",
headers: {
'Authorization': 'Basic ' + btoa(USERNAME + ":" + PWD),
// 'X-API-KEY' : KEY,
// "X-Auth-Token": KEY,
'Host': 'quant-aq.com',
'Accept': 'application/json',
'Content-Type': 'application/json'
},
mode: "no-cors"
})
console.log(response.json())
}
getData(URI);
I should mention that I'm pretty new to JS (and querying APIs hehe), so I'm not entirely familiar with what HTTPS errors typically imply in the code. I've tried having all of the headers in the fetch call uncommented with no success; I continually get an error 401.
The documentation is located here: https://docs.quant-aq.com/api#ac146fbf650b4f98addf9c6b1705d982
I should also mention that I managed to access their API once using the HTTPie bash versions of GET calls, but am not able to replicate those results in JS. I believe the method I used to call it successfully was with username:password rather than API_KEY.
Possible questions:
Do you need to have a password? No, a password shouldn't be necessary if I have generated the API key. Their docs also use the key as a username, so that shouldn't be the flaw.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
将模式设置为
“ no-cors”会导致任何尝试执行需要CORS许可失败的尝试(而不是抛出异常)。设置
授权和content-type标题(尽管在get请求上设置content-type,该请求首先不能具有内容,没有意义)需要CORS许可。鉴于该请求需要一个API键,并且要使用客户端,您必须将API密钥分配给所有用户,因此很有可能该服务不是由Web浏览器直接设计的,因此您应该使用服务器端代码)。
Setting the mode to
"no-cors"causes any attempt to do something that requires CORS permission to silently fail (instead of throwing an exception).Setting
AuthorizationandContent-Typeheaders (although setting aContent-Typeon a GET request, which can't have content in the first place, doesn't make sense) requires CORS permission.Given that the request requires an API key, and that to use it client-side you would have to distribute your API key to all your users, there is a high probability that the service is not designed to be access directly by web browsers (so you should use server-side code instead).