Access Token missing for dedicated apps

[koenbud]

I have been fiddling with MKM oauth authentication and decided to see if someone had already done the hard work. Thanks for sharing the code!

However, I noticed that the async package is missing from the dependencies in package.json.

[JvrBaena]

Hi, thanks!

Yes, this code is still in a WIP state. Although the package is working 100%, I haven't published it yet to npm as I wanted to first document it properly and give it a couple of finishing touches, including a properly configured package.json.

I'll fix this ASAP. Thanks for reporting!

[JvrBaena]

Turns out we don't even need the async dependency at the moment and there was a require that should have been removed. Have already removed it, let me know if everything works!

https://github.com/JvrBaena/node-mkm-api/commit/0ce784d9d324cbe4d947958eed4ee248a251f66a

[koenbud]

I tested the new code and works perfect. Keep up the good work!

Off-topic: I noticed that I get a 401 Unauthorized when I use the marketplace endpoints, such as marketplace.getGames and marketplace.getProductById. The only marketplace endpoint that does work is marketplace.getUser(). Other calls to account or cart resources for instance work without issues.

I have a dedicated app type. Do you know if there are unavailable for this app type?

Thanks

[JvrBaena]

Most of the tests I have been doing at the moment have been done with 3rd Party apps, which is the most complex type of app and therefore, the one that would allow me to implement all the endpoints.

I haven't had the time yet to test all cases, but from what I see in the docs here (https://www.mkmapi.eu/ws/documentation/API:Auth_Overview) there may be some issues when accessing public resources exclusively from dedicated apps:

Dedicated App

If you want to develop an application, that provides services only to your user very own account at MKM, this app type is your solution. Your app is acting with the API like you are acting with your user account using the website.

Once a dedicated app was registered, you'll find everything you need in your profile to make requests to the API. You get an App token, App Secret, Access token, and Access token secret.

Attention: We explicitely do not allow, that Dedicated App users constantly only request the public Marketplace resources (products, articles, prices, etc.) on consecutive days and especially not with exhausting the request limits. The purpose of Dedicated Apps is the support of the user with their normal MKM activities, which explicitely includes managing their stock, order, wantslists, and handling their shopping carts. We implemented extensive security mechanisms to withdraw a user's possibility to request all resources by blocking a user's API access. If you plan to only request marketplace data for the use on your website, plan to develop an application that shows MKM offers and prices, you have the option to apply for a Widget App.

In any case, this is another reason why I still haven't published this code to npm, just wanted to give a complete test of all the possible apps and so on... but I started this on vacation and now am back to work so I have less time to work on this :D

You can always contact magiccardmarket's tech-support and see if there's any problem in that action... and if there isn't, then I would have to check if there's any endpoint that should not be registered as neediing public/private headers in the package.

[koenbud]

I have sent MKM tech support an e-mail regarding this. I read the 'attention' statement as a 'fair use' clause, you can use it for personal use, but not for data mining purposes etc. I'll let you know when MKM tech support answers my e-mail.

[JvrBaena]

Did you get any answer to this @koenbud ? Just asking in case I can close this issue! ;)

[koenbud]

Sorry for the long wait, but I got it to work today. I exchanged some emails with support and when using a dedicated app, the accessToken is always required with every request. In the buildPublicOauthHeaders method it is omitted, which makes sense because other app types do not require the accessToken with some ot the marketplace endpoints.

[koenbud]

It could be fixed by allowing a appType option variable and then add or omit the accessToken based on that variable.

[JvrBaena]

I see... the approach to the oauth permissions per endpoint is a bit...particular in this api... on the other hand, it's probably my fault not to test ALL types of apps, just the most complicated one (3rd party app).

Ok! Will edit the title of the issue and will let you know as soon as I can fix this. Thanks for reporting! :D

[JvrBaena]

Just an update... this week the sandbox section for "My Profile" (where you can create apps and manage your profile) is impossible to access and thus, there's no way to create apps... I'm waiting for MKM to fix this so I can finally register a dedicated app and start fixing this issue 👍