• Gear
  • Shots
  • Photo Craft
  • Video
  • Wide Angle
  • Support
  • New Stuff
  • More
Support SmugMug APIs, Hacks & Tricks Using 1.2 api - Do I have to have site password to get information?

Need some help with your New SmugMug Site?

Dgrin Challenges

Our Challenges moderator has lined up an new set of challenges for you. The Weekly Word Challenge. Get all the details and participate in the conversation Weekly Word Challenge.

Past DSS Challenge Winners, DSS Challenge Rules, and other important DSS Challenge information is here.

Looking for a little challenge? The Dgrin Mini-Challenges are a great way to challenge yourself. Take a moment to look through past winners and find the current Mini Challenge here.

From Around the Net

Enjoy a few of our favorite articles from around the 'net. If you have something you think we should see, post it here and we'll have a look.

Journeys

Landscapes

Sports

 
Thread Tools Display Modes
Old Mar-25-2010, 01:55 PM
#1
Dsweet is offline Dsweet OP
Big grins
Using 1.2 api - Do I have to have site password to get information?
I wrote code to
call smugmug.login.anonymously and get a session id.
Then call smugmug.images.get which calls for:
SessionID - string.
AlbumID - integer.
Heavy - boolean (optional).
Password - string (optional).
SitePassword - string (optional).
AlbumKey - string.
I supply the SessionID, AlbumID,Password and AlbumKey.
The password is needed because the album is password protected.
I get an error:
"<?xml version=\"1.0\" encoding=\"utf-8\"?><rsp stat=\"fail\"><err code=\"4\" msg=\"invalid user (missing/incorrect site password)\" /></rsp>"
I didn't supply a site password! Why is one needed? The documentation states that it is optional! When one accesses the album through the smugmug website a site password isn't needed. Why is one needed here?
When I add the site password the call is successful, but I shouldn't have to supply it. I don't want to give the password away when I don't have to.
Can someone help me here?
Old Mar-26-2010, 02:11 PM
#2
devbobo is offline devbobo
LR whisperer
devbobo's Avatar
If you log in with the authenicated session as the owner of a site, you never have to supply passwords for access. But if you login with smugmug.login.anonymously, passwords are required to access info related to your site.

Does that make sense ?

Cheers,

David
__________________
David Parry
SmugMug API Developer
My Photos
Old Jan-06-2011, 03:53 PM
#3
Dsweet is offline Dsweet OP
Big grins
Quote:
Originally Posted by devbobo View Post
If you log in with the authenicated session as the owner of a site, you never have to supply passwords for access. But if you login with smugmug.login.anonymously, passwords are required to access info related to your site.

Does that make sense ?

Cheers,

David
This use to work, but now it doesn't seem too:
I use the api to log in as the owner. That works and I get the sessionid.
I then pass the sessionid to:
https://api.smugmug.com/services/api/rest/1.2.2/?method=smugmug.albums.get&SessionID=xxx&NickName= dsweet&Heavy=1"

An error is returned:
"SmugMug Error calling smugmug.albums.get: invalid user (missing SitePassword parameter)"

Yes, there is a site password, but why do I need to supply it if I logged in as owner?
Old Jan-06-2011, 05:21 PM
#4
devbobo is offline devbobo
LR whisperer
devbobo's Avatar
since you are making the call over https, is your app sending the _su cookie ? If it isn't the session will be treated as anonymous.

Cheers,

David
__________________
David Parry
SmugMug API Developer
My Photos
Old Jan-07-2011, 05:42 AM
#5
Dsweet is offline Dsweet OP
Big grins
Quote:
Originally Posted by devbobo View Post
since you are making the call over https, is your app sending the _su cookie ? If it isn't the session will be treated as anonymous.

Cheers,

David
OK, what is a _su cookie and where is there information about this?
Or, do I need to be sending it over https?
Or more generally, how important is it to use https over http when using the smugmug api?

Thanks,

David
Old Jan-11-2011, 06:57 AM
#6
Dsweet is offline Dsweet OP
Big grins
Quote:
Originally Posted by Dsweet View Post
OK, what is a _su cookie and where is there information about this?
Or, do I need to be sending it over https?
Or more generally, how important is it to use https over http when using the smugmug api?

Thanks,

David
Any help available?
Old Jan-15-2011, 01:46 PM
#7
devbobo is offline devbobo
LR whisperer
devbobo's Avatar
Quote:
Originally Posted by Dsweet View Post
OK, what is a _su cookie and where is there information about this?
Or, do I need to be sending it over https?
Or more generally, how important is it to use https over http when using the smugmug api?

Thanks,

David
The su_ cookie is recent addition to assist in the prevention of sidejacking attacks. It is returned from smugmug.login.withPassword or smugmug.login.withHash requests.

After logging in, if you want subsequent calls over https this cookie needs to be present....otherwise the request will be treated as an anonymous request.
__________________
David Parry
SmugMug API Developer
My Photos
Tell The World!  

Thread Tools
Display Modes

Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump