[galaxy-dev] API - Status 403 Forbidden

[Rob Leclerc]

I'm trying to use the blend4j to access the Galaxy API, but I'm getting a
403 error, however when I pass the same request string through my browser I
get a json response (Status 200).

//Here is the URL string being passed in both cases:
http://localhost:8080/api/histories?key=c5954f0e726e52da297cdad5ad4aa249


//Below are the Galaxy logs emitted on my localhost:
127.0.0.1 - - [07/Mar/2013:21:12:01 -0400] "GET
/api/histories?key=c5954f0e726e52da297cdad5ad4aa249 HTTP/1.1" 200 - "-"
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.22 (KHTML,
like Gecko) Chrome/25.0.1364.155 Safari/537.22"

127.0.0.1 - - [07/Mar/2013:21:12:24 -0400] "GET
/api/histories?key=c5954f0e726e52da297cdad5ad4aa249 HTTP/1.1" 403 - "-"
"Java/1.6.0_41"


I'm not sure if this is related or not, because I can logout in my browser
and still hit the local server without getting a 403,  but how do I login
(and logout) through the API to set up a session because I assume that the
API key is only valid for the logged in user? Is there an API request for
the login?




Cheers,
Rob
___
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/

Re: [galaxy-dev] API - Status 403 Forbidden

[Rob Leclerc]

Hi John,

Thanks! I restarted the server, regenerated the API key, and can confirm
that it's now working. As you mentioned, it's possible that I was missing a
value on the end of the API key and was caught by the bug which allowed me
to check find histories when I was logged out.

Cheers!
Rob



On Fri, Mar 8, 2013 at 9:33 AM, John Chilton  wrote:

> I can confirm this is a Galaxy bug. Steps to reproduce:
>
> - Log into clean galaxy.
> - Create an API key.
> - Logout
> - Got to localhost:8080/api/histories
>
> You should get a 403 and don't.
>
> This doesn't explain why the API isn't working for you, my best guess
> would be the key is off by a character or you created a new one and
> overwrote that one maybe. I think your instinct to try to diagnose
> this outside of blend4j is a good one, if you can get the API working
> without a browser session (perhaps from wget or curl) then I am
> confident the blend4j part will work (or at least we can get it to).
>
> -John
>
> On Thu, Mar 7, 2013 at 9:09 PM, Rob Leclerc 
> wrote:
> > I'm trying to use the blend4j to access the Galaxy API, but I'm getting a
> > 403 error, however when I pass the same request string through my
> browser I
> > get a json response (Status 200).
> >
> > //Here is the URL string being passed in both cases:
> > http://localhost:8080/api/histories?key=c5954f0e726e52da297cdad5ad4aa249
> >
> >
> > //Below are the Galaxy logs emitted on my localhost:
> > 127.0.0.1 - - [07/Mar/2013:21:12:01 -0400] "GET
> > /api/histories?key=c5954f0e726e52da297cdad5ad4aa249 HTTP/1.1" 200 - "-"
> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.22
> (KHTML,
> > like Gecko) Chrome/25.0.1364.155 Safari/537.22"
> >
> > 127.0.0.1 - - [07/Mar/2013:21:12:24 -0400] "GET
> > /api/histories?key=c5954f0e726e52da297cdad5ad4aa249 HTTP/1.1" 403 - "-"
> > "Java/1.6.0_41"
> >
> >
> > I'm not sure if this is related or not, because I can logout in my
> browser
> > and still hit the local server without getting a 403,  but how do I login
> > (and logout) through the API to set up a session because I assume that
> the
> > API key is only valid for the logged in user? Is there an API request for
> > the login?
> >
> >
> >
> >
> > Cheers,
> > Rob
> >
> >
> > ___
> > Please keep all replies on the list by using "reply all"
> > in your mail client.  To manage your subscriptions to this
> > and other Galaxy lists, please use the interface at:
> >
> >   http://lists.bx.psu.edu/
>



-- 
Rob Leclerc, PhD
 
P: (US) +1-(917)-873-3037
P: (Shanghai) +86-1-(861)-612-5469
Personal Email: rob.lecl...@aya.yale.edu
___
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/

Re: [galaxy-dev] API - Status 403 Forbidden

[Carl Eberhard]

Hello, all

Thanks to you both for reporting this.

John, in the steps to reproduce you mention, is step 4 going through the
browser?
If using curl/wget with an api key, they should of course, allow you to
retrieve all histories (logged in or not).
If through the browser, where you able to retrieve all your histories or
just the most recent?

If only the most recent, it may be that (although you were an anonymous
user after logging out) it's functioning as intended. Anonymous users must
be able to query the most recent (and only) histories for the history panel
to work for them. This is done by using
trans.galaxy_session.current_history.

If there are more than your most recent history returned by that API call
through the browser, let me know and I can work on that.

Also, in addition to curl/wget you might want to look at the scripts/api/
directory in your installation which provides some python equivalents to
these along with JSON decoding/encoding.

Thanks for the additional info,
Carl




On Fri, Mar 8, 2013 at 9:55 AM, Rob Leclerc wrote:

> Hi John,
>
> Thanks! I restarted the server, regenerated the API key, and can confirm
> that it's now working. As you mentioned, it's possible that I was missing a
> value on the end of the API key and was caught by the bug which allowed me
> to check find histories when I was logged out.
>
> Cheers!
> Rob
>
>
>
> On Fri, Mar 8, 2013 at 9:33 AM, John Chilton  wrote:
>
>> I can confirm this is a Galaxy bug. Steps to reproduce:
>>
>> - Log into clean galaxy.
>> - Create an API key.
>> - Logout
>> - Got to localhost:8080/api/histories
>>
>> You should get a 403 and don't.
>>
>> This doesn't explain why the API isn't working for you, my best guess
>> would be the key is off by a character or you created a new one and
>> overwrote that one maybe. I think your instinct to try to diagnose
>> this outside of blend4j is a good one, if you can get the API working
>> without a browser session (perhaps from wget or curl) then I am
>> confident the blend4j part will work (or at least we can get it to).
>>
>> -John
>>
>>
>> On Thu, Mar 7, 2013 at 9:09 PM, Rob Leclerc 
>> wrote:
>> > I'm trying to use the blend4j to access the Galaxy API, but I'm getting
>> a
>> > 403 error, however when I pass the same request string through my
>> browser I
>> > get a json response (Status 200).
>> >
>> > //Here is the URL string being passed in both cases:
>> >
>> http://localhost:8080/api/histories?key=c5954f0e726e52da297cdad5ad4aa249
>> >
>> >
>> > //Below are the Galaxy logs emitted on my localhost:
>> > 127.0.0.1 - - [07/Mar/2013:21:12:01 -0400] "GET
>> > /api/histories?key=c5954f0e726e52da297cdad5ad4aa249 HTTP/1.1" 200 - "-"
>> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.22
>> (KHTML,
>> > like Gecko) Chrome/25.0.1364.155 Safari/537.22"
>> >
>> > 127.0.0.1 - - [07/Mar/2013:21:12:24 -0400] "GET
>> > /api/histories?key=c5954f0e726e52da297cdad5ad4aa249 HTTP/1.1" 403 - "-"
>> > "Java/1.6.0_41"
>> >
>> >
>> > I'm not sure if this is related or not, because I can logout in my
>> browser
>> > and still hit the local server without getting a 403,  but how do I
>> login
>> > (and logout) through the API to set up a session because I assume that
>> the
>> > API key is only valid for the logged in user? Is there an API request
>> for
>> > the login?
>> >
>> >
>> >
>> >
>> > Cheers,
>> > Rob
>> >
>> >
>> > ___
>> > Please keep all replies on the list by using "reply all"
>> > in your mail client.  To manage your subscriptions to this
>> > and other Galaxy lists, please use the interface at:
>> >
>> >   http://lists.bx.psu.edu/
>>
>
>
>
> --
> Rob Leclerc, PhD
> 
> P: (US) +1-(917)-873-3037
> P: (Shanghai) +86-1-(861)-612-5469
> Personal Email: rob.lecl...@aya.yale.edu
>
> ___
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>
>   http://lists.bx.psu.edu/
>
___
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/