Bungie-net / api

Resources for the Bungie.net API
Other
1.22k stars 92 forks source link

Get Vendor Sales #1583

Open Lcjacobpd opened 2 years ago

Lcjacobpd commented 2 years ago

Hello, I'm trying to collect the daily sales from a handful of vendors (ex: Ada-1 armor mods) but I haven't had any luck figuring out how best to pose my query. My best guess so far was to use the GetVendor command but I'm getting 'InsufficientPrivileges' errors. (My reference: https://data.destinysets.com/api/Destiny2.GetVendor)

membershipType = "3"
destinyMembershipId = "4611686018492882082"
characterId = "2305843009700155903"
url = f"https://www.bungie.net/Platform/Destiny2/{membershipType}/Profile/{destinyMembershipId}/Character/{characterId}/Vendors?components=402"

I've seen some similar errors reported by other users and I'm wondering if there's been any progress on a method to collect common/public information from vendors. (Edit: Hit submit early by mistake)

nev-r commented 2 years ago

fetching any sale information from vendors requires oauth, i.e. full authenticated access to a destiny account and its characters. an api key alone won't do it. that's why InsufficientPrivileges.
do your requests using data.destinysets.com/api work? are you signed in there?

Lcjacobpd commented 2 years ago

I believe I am signed in at data.destinysets.com/api, the dropdowns populate with the guardians associated with my account. The GetVendors query works on the site but not my local script. Do I use my app "client_Id" or "client_secret" as the authorization in my header? Oddly, neither seem to work.

HEADERS = {"X-API-Key": API_KEY, "Authorization": ??? }
Lcjacobpd commented 2 years ago

Slight update, I changed my bungie app settings to include:

Told me the change may take a few minutes to apply but I'm not sure what difference it will make given that data.destinysets.com/api worked before without them.

ats commented 2 years ago

When you log into destinysets, you're authenticating within their app. That permission doesn't carry into your script, so if you want to run a local script with authentication, you need to work through the oauth flow using your own app's credentials -- ie, your app key, app secret, and the bearer token that is issued when you grant access as the user. With those, you'll be able to make requests to the API endpoints that require user authentication using your own app/local script.

Lcjacobpd commented 2 years ago

Alright, Following https://lowlidev.com.au/destiny/authentication-2, I've updated my request header and gotten a new error message.

HEADERS = { "X-API-Key": API_KEY, "Authorization": f"Bearer {ACCESS_TOKEN}" }
ErrorCode : 2108
ThrottleSeconds : 0
ErrorStatus : AccessNotPermittedByApplicationScope
Message : Access not permitted by application scope
MessageData : {'RequiredScope': 'ReadDestinyInventoryAndVault'}

Double checking my app settings, I have both of these checked.

What am I missing here?

Lcjacobpd commented 2 years ago

You mentioned "app secret", does that mean that my app oauth type must be confidential? I could understand that for some of the more personal/account-related aspects of the API. But vendor sales data should be common knowledge.

delphiactual commented 2 years ago

Vendor sales are character dependent, based on quest steps etc...

Lcjacobpd commented 2 years ago

If anyone is wondering, I am still stuck here; having checked this scope yet somehow not having said permission.

ErrorCode : 2108
ThrottleSeconds : 0
ErrorStatus : AccessNotPermittedByApplicationScope
Message : Access not permitted by application scope
MessageData : {'RequiredScope': 'ReadDestinyInventoryAndVault'}
david-yost commented 11 months ago

Sorry to bump an old issue but I'm running into exactly this issue. I'm using the OAuth flow and able to get a lot of the data I want with my access token and permissions. However, when I go to use the GetVendors method I'm getting the insufficient privileges error message even though I have that box checked in the app config. Was there ever resolution here?