Skip to main content

Home/ Diigo Community/ API returns other users' bookmarks instead of mine
anonymous

API returns other users' bookmarks instead of mine - 104 views

API account Mac OS X

started by anonymous on 31 Jul 11
  • anonymous
     
    I'm beginning to add Diigo support to my bookmarks management app for Mac OS X. Here's what I did:

    * Created a Diigo account.
    * Put 12 bookmarks into it. These bookmarks appear in My Library.
    * Generated an API Key for my app.
    * As a proof-of-concept, attempted to retrieve the bookmarks using the 'curl' command-line tool. Note that curl does HTTP Basic Authentication with the -u option. I executed this command:

    curl -ussjerrykrinock:DIIGO_ACCOUNT_PASSWORD https://secure.diigo.com/api/v2/bookmarks?key=MY_APPS_API_KEY&user=ssjerrykrinock

    The curl output indicates that account authentication succeeded. However,

    EXPECTED RESULT: A JSON string representing 10 of the bookmarks in my account, ssjerrykrinock.

    ACTUAL RESULT: A JSON string representing 10 'shared' bookmarks from 10 other users. If I retry after a few minutes, I get 10 different bookmarks from 10 different users.

    Why might I be getting others' bookmarks instead of mine?

    Thank you,

    Jerry Krinock
  • sandy_diigo
     
    I am looking into this issue.
  • sandy_diigo
     
    The problem can not be reproduced.
    Please make sure that "user=ssjerrykrinock" is valid in this command.
    If not,API will return public bookmarks created by other users.
  • anonymous
     
    Thanks to your insistence, Sandy, I have found the problem! The order of the parameters is the trick. If I send my app's API key first followed by the user name like this:

    curl -ussjerrykrinock:DIIGO_ACCOUNT_PASSWORD https://secure.diigo.com/api/v2/bookmarks?key=MY_APPS_API_KEY&user=ssjerrykrinock

    then I get public bookmarks created by other users (bad).

    However if I send the user name first followed by my app's API key like this:

    curl -ussjerrykrinock:DIIGO_ACCOUNT_PASSWORD https://secure.diigo.com/api/v2/bookmarks?user=ssjerrykrinock&key=MY_APPS_API_KEY

    the I get the expected bookmarks from the ssjerrykrinock account (good).

    This is apparently a minor bug in the Diigo API, because the Diigo API documentation here:

    http://www.diigo.com/api_dev/docs

    does not state that the order of the parameters matters. Normally in such protocols, the order of the parameters does not matter. Furthermore, the example given in the documentation,

    https://secure.diigo.com/api/v2/bookmarks?key=your_api_key&user=joel&count=10

    has the API key first, which is the order that does not work.

    So Diigo should change either the behavior to make it insensitive to parameter order, or else state the required order of parameters and give a correct example in the documentation.

    Thank you very much for helping me to resolve this matter quickly. Now I'm back to writing code!
  • sandy_diigo
     
    Thanks for following this thread. Having checked it now, the order of the parameters does not have any influence on the final results.
    Whether user=ssjerrykrinock is followed or followed by my app's API key, the result is the same.
    There must be some bugs in your code.
  • anonymous
     
    Hello again, Sandy.

    Thank you for trying it again. But I just tried it again, with a new Diigo account, and still find that the order of the parameters produces either good or bad results.

    Of course it could be something odd in the way that 'curl' works in Mac OS X. Nonetheless, I have sent the Terminal session transcript to service@diigo.com. The message subject line is "API returns bookmarks from *other* users" and it is the second of two messages in this thread.

    You can try it yourself.
  • sandy_diigo
     
    Thanks for your detailed information.
    We are further looking into this issue.
  • sandy_diigo
     
    Make sure you input "https://secure.diigo.com/api/v2/bookmarks?user=ssjerrykrinock&key=MY_APPS_API_KEY "
    Only if the https URL is quoted, the user name parameters works.
    Thanks for your information and we finally figure it out.
  • anonymous
     
    Thank you for your persistence, Sandy. So the Diigo API is working properly, and the problem was that I was misusing the Mac's 'curl' program.

To Top

Start a New Topic » « Back to the Diigo Community group