Open Lcjacobpd opened 2 years ago
nev-r
commented
2 years ago fetching any sale information from vendors requires oauth, i.e. full authenticated access to a destiny account and its characters. an api key alone won't do it. that's why InsufficientPrivileges.
do your requests using data.destinysets.com/api work? are you signed in there?
Lcjacobpd
commented
2 years ago I believe I am signed in at data.destinysets.com/api, the dropdowns populate with the guardians associated with my account. The GetVendors query works on the site but not my local script. Do I use my app "client_Id" or "client_secret" as the authorization in my header? Oddly, neither seem to work.
HEADERS = {"X-API-Key": API_KEY, "Authorization": ??? }Slight update, I changed my bungie app settings to include:
Told me the change may take a few minutes to apply but I'm not sure what difference it will make given that data.destinysets.com/api worked before without them.
ats
commented
2 years ago When you log into destinysets, you're authenticating within their app. That permission doesn't carry into your script, so if you want to run a local script with authentication, you need to work through the oauth flow using your own app's credentials -- ie, your app key, app secret, and the bearer token that is issued when you grant access as the user. With those, you'll be able to make requests to the API endpoints that require user authentication using your own app/local script.
Lcjacobpd
commented
2 years ago Alright, Following https://lowlidev.com.au/destiny/authentication-2, I've updated my request header and gotten a new error message.
HEADERS = { "X-API-Key": API_KEY, "Authorization": f"Bearer {ACCESS_TOKEN}" }ErrorCode : 2108
ThrottleSeconds : 0
ErrorStatus : AccessNotPermittedByApplicationScope
Message : Access not permitted by application scope
MessageData : {'RequiredScope': 'ReadDestinyInventoryAndVault'}Double checking my app settings, I have both of these checked.
What am I missing here?
Lcjacobpd
commented
2 years ago You mentioned "app secret", does that mean that my app oauth type must be confidential? I could understand that for some of the more personal/account-related aspects of the API. But vendor sales data should be common knowledge.
delphiactual
commented
2 years ago Vendor sales are character dependent, based on quest steps etc...
Lcjacobpd
commented
2 years ago If anyone is wondering, I am still stuck here; having checked this scope yet somehow not having said permission.
ErrorCode : 2108
ThrottleSeconds : 0
ErrorStatus : AccessNotPermittedByApplicationScope
Message : Access not permitted by application scope
MessageData : {'RequiredScope': 'ReadDestinyInventoryAndVault'}
david-yost
commented
8 months ago Sorry to bump an old issue but I'm running into exactly this issue. I'm using the OAuth flow and able to get a lot of the data I want with my access token and permissions. However, when I go to use the GetVendors method I'm getting the insufficient privileges error message even though I have that box checked in the app config. Was there ever resolution here?
Hello, I'm trying to collect the daily sales from a handful of vendors (ex: Ada-1 armor mods) but I haven't had any luck figuring out how best to pose my query. My best guess so far was to use the GetVendor command but I'm getting 'InsufficientPrivileges' errors. (My reference: https://data.destinysets.com/api/Destiny2.GetVendor)
I've seen some similar errors reported by other users and I'm wondering if there's been any progress on a method to collect common/public information from vendors. (Edit: Hit submit early by mistake)