Vonage / vonage-ruby-sdk

Vonage REST API client for Ruby. API support for SMS, Voice, Text-to-Speech, Numbers, Verify (2FA) and more.
https://developer.vonage.com
Apache License 2.0
218 stars 105 forks source link

Nexmo API returns 200 even with bad credentials #25

Closed jamonholmgren closed 10 years ago

jamonholmgren commented 10 years ago

Nexmo does something stupid when you provide invalid credentials.

$ curl -i https://rest.nexmo.com/sms/json\?api_key\=BAD\&api_secret\=BAD\&from\=12345678910\&to\=12345678910\&text\=Wat
HTTP/1.1 200 OK
Cache-Control: max-age=1
Content-Type: application/json;charset=ISO-8859-1
Date: Wed, 23 Jul 2014 23:20:48 GMT
Server: nginx/1.6.0
x-regional-backend: wdc
Content-Length: 80

{"message-count":"1","messages":[{"status":"4","error-text":"Bad Credentials"}]}

This caused a hard-to-track-down bug in our Rails app.

I reached out to them and they said it was working as designed. O_o

Hi Jamon

Thank you for reaching out to Nexmo. The 200 indicates that we were able to reach your server regardless the message was delivered or not. So that is why you are seeing two of them at the same time.

Please let me know if this information is helpful to you. -Cynthia

This is a ridiculous response. HTTP 200 does not mean "server was reachable." I replied back to that effect.

In the meantime, should the Nexmo gem work around this by examining the message status?

jamonholmgren commented 10 years ago

This manifests itself in the gem because response.ok? returns true even with bad credentials, by the way:

require 'nexmo'
nexmo = Nexmo::Client.new('WRONG', 'WRONG')
response = nexmo.send_message({:to => '12345678910', :from => '12345678910', :text => 'some text'})
puts response.instance_variable_get("@http_response").inspect
puts response.object

Response:

#<Net::HTTPOK 200 OK readbody=true>
{"message-count"=>"1", "messages"=>[{"status"=>"4", "error-text"=>"Bad Credentials"}]}
timcraft commented 10 years ago

@jamonholmgren I agree it's not well designed, as a whole the Nexmo API is one of the most badly designed HTTP APIs I've come across. The good news is that the workaround already exists: if you use the send_message bang method (i.e. #send_message!) that'll look inside the JSON payload and raise an exception if there's an error. You can see the logic here. Can you try and see if that works better?

jamonholmgren commented 10 years ago

Got it, thanks Tim!