API returns other users' bookmarks instead of mine - 104 views
started by anonymous on 31 Jul 11
started by anonymous on 31 Jul 11
started by anonymous on 31 Jul 11
started by anonymous on 31 Jul 11
* Created a Diigo account.
* Put 12 bookmarks into it. These bookmarks appear in My Library.
* Generated an API Key for my app.
* As a proof-of-concept, attempted to retrieve the bookmarks using the 'curl' command-line tool. Note that curl does HTTP Basic Authentication with the -u option. I executed this command:
curl -ussjerrykrinock:DIIGO_ACCOUNT_PASSWORD https://secure.diigo.com/api/v2/bookmarks?key=MY_APPS_API_KEY&user=ssjerrykrinock
The curl output indicates that account authentication succeeded. However,
EXPECTED RESULT: A JSON string representing 10 of the bookmarks in my account, ssjerrykrinock.
ACTUAL RESULT: A JSON string representing 10 'shared' bookmarks from 10 other users. If I retry after a few minutes, I get 10 different bookmarks from 10 different users.
Why might I be getting others' bookmarks instead of mine?
Thank you,
Jerry Krinock
Please make sure that "user=ssjerrykrinock" is valid in this command.
If not,API will return public bookmarks created by other users.
curl -ussjerrykrinock:DIIGO_ACCOUNT_PASSWORD https://secure.diigo.com/api/v2/bookmarks?key=MY_APPS_API_KEY&user=ssjerrykrinock
then I get public bookmarks created by other users (bad).
However if I send the user name first followed by my app's API key like this:
curl -ussjerrykrinock:DIIGO_ACCOUNT_PASSWORD https://secure.diigo.com/api/v2/bookmarks?user=ssjerrykrinock&key=MY_APPS_API_KEY
the I get the expected bookmarks from the ssjerrykrinock account (good).
This is apparently a minor bug in the Diigo API, because the Diigo API documentation here:
http://www.diigo.com/api_dev/docs
does not state that the order of the parameters matters. Normally in such protocols, the order of the parameters does not matter. Furthermore, the example given in the documentation,
https://secure.diigo.com/api/v2/bookmarks?key=your_api_key&user=joel&count=10
has the API key first, which is the order that does not work.
So Diigo should change either the behavior to make it insensitive to parameter order, or else state the required order of parameters and give a correct example in the documentation.
Thank you very much for helping me to resolve this matter quickly. Now I'm back to writing code!
Whether user=ssjerrykrinock is followed or followed by my app's API key, the result is the same.
There must be some bugs in your code.
Thank you for trying it again. But I just tried it again, with a new Diigo account, and still find that the order of the parameters produces either good or bad results.
Of course it could be something odd in the way that 'curl' works in Mac OS X. Nonetheless, I have sent the Terminal session transcript to service@diigo.com. The message subject line is "API returns bookmarks from *other* users" and it is the second of two messages in this thread.
You can try it yourself.
We are further looking into this issue.
Only if the https URL is quoted, the user name parameters works.
Thanks for your information and we finally figure it out.