API Authentication Issues

BlakeH · October 11, 2020, 9:12pm

I am trying to access the API and followed the example on VoltBuilder API | VoltBuilder only using PHP curl

$url = 'https://api.volt.build/v1/authorization';
$post = [
    'grant_type' => 'client_credentials',
    'client_id' => $clientId,
    'client_secret' => $clientSecret
];

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);

I am getting back a 404 Cannot POST /v1/authorization error suggesting that that endpoint doesn’t even exist? Though it matches what is on the spec https://volt.build/api-spec/

What am I missing here?

ghenne · October 11, 2020, 10:15pm

It looks like you’re posting things as URL params, not as a urlencoded form in the post body.

BlakeH · October 12, 2020, 12:56am

When you say urlencoded form do you just mean x-www-form-urlencoded?

I guess I am not following how you differentiate posting “URL params” and “urlencoded form”

I’ve tried both as a string like:

grant_type=client_credentials&client_id=xyz&client_secret=abc

And using boundaries and get the same Cannot POST error.

artlogic · October 12, 2020, 4:57am

Looking over the logs, I found several requests with the parameters concatenated on to the URL (e.g. http://example.com/path? grant_type=client_credentials&client_id=xyz&client_secret=abc). You are correct that the proper request should be x-www-form-encoded (as the OAuth2 spec states).

However this isn’t the main issue - it looks like the endpoint you’re using is incorrect. I see several requests to /v1/authorization when the proper endpoint is /v1/authenticate. Give that a try and see if it works.

BlakeH · October 12, 2020, 5:09am

Okay changing it to authenticate got it working.

On the spec page (https://volt.build/api-spec/) under Authentication is has:

Token URL: https://api.volt.build/v1/authorization

Does that refer to something else?

artlogic · October 12, 2020, 5:13am

Thank you for pointing that out - it’s a typo. The API is correctly documented further down the page here: https://volt.build/api-spec/#tag/authenticate

I’ll update the spec document shortly. Sorry for the confusion!