search

activefrequency / pyavatax

Python and Django Integration for RESTful Avalara Tax System
BSD 3-Clause "New" or "Revised" License
6 stars 12 forks source link

403 errors from Avalara validating address #14

Closed LiteWait closed 7 years ago

LiteWait commented 7 years ago

This code has been working for 2 years, but seems Avalara changed something in their APIs. Since the _request method (whether you are providing a GET or POST) always adds a request body (aka: 'data') this causes Avalara to throw a 403 error on GETs. Simple fix is to not provide 'data' on get.

 def _request(self, http_method, stem, data={}, params={}):
        url = '%s/%s' % (self.url, stem)
        data = json.dumps(data)
        # getting rid of control characters
        # that JSON will error out on
        data = data.replace('\\r', ' ')
        data = data.replace('\\t', ' ')
        data = data.replace('\\n', ' ')
        kwargs = {
            'params': params,
            'data': data,    REMOVE THIS AND THE 403 GOES AWAY
            'headers': self.headers,
            'auth': (self.username, self.password),
            'proxies': self.proxies,
            'timeout': self.timeout
        }

Please advise.

jobelenus commented 7 years ago

LiteWait, generally HTTP 403 responses are because of bad permissions/lack of permissions at the URI. Can you share an actual request with params where its giving you a 403 so I can confirm the problem?

LiteWait commented 7 years ago

Simple example demonstrating the problem. I mimic'd the code from base.py _request() method that gets a 403 as well. This code should give you a 403, till you comment out the empty json object in the request body.

import requests url = 'https://development.avalara.net/1.0/address/validate' kwargs = { 'headers': None, 'params': { 'PostalCode': '78746-5150', 'Region': 'TX', 'City': 'Austin', 'Line1': '700 Las Cimas Parkway', 'Country': 'US', 'Line2': ''}, 'data': '{}', # Remove this, it works. Avalara must be freaking on HTTP GET with request body now! 'auth': ('XXXXXXXXXX', 'XXXXXXXXXXXXXXXX'), 'timeout': 10.0, 'proxies': {} } resp = requests.get(url, **kwargs) print('RESPONSE {0}:\n{1}'.format(resp.status_code, resp.text))

On Wed, Sep 27, 2017 at 3:03 PM, John Obelenus notifications@github.com wrote:

LiteWait, generally HTTP 403 responses are because of bad permissions/lack of permissions at the URI. Can you share an actual request with params where its giving you a 403 so I can confirm the problem?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/activefrequency/pyavatax/issues/14#issuecomment-332623486, or mute the thread https://github.com/notifications/unsubscribe-auth/AA207Qk3Avbc9ghWIlqdXwjvMDoRX3-Cks5smpwOgaJpZM4Pl1G6 .

jobelenus commented 7 years ago

OK, I can confirm. Will put out a fix in a minute

jobelenus commented 7 years ago

New release and tag, 1.3.9.

LiteWait commented 7 years ago

Looks good. Thanks.

On Wed, Sep 27, 2017 at 3:39 PM, John Obelenus notifications@github.com wrote:

Closed #14 https://github.com/activefrequency/pyavatax/issues/14 via 70b05b2 https://github.com/activefrequency/pyavatax/commit/70b05b25ee334a7b48809b069aa8185879838b8c .

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/activefrequency/pyavatax/issues/14#event-1268480943, or mute the thread https://github.com/notifications/unsubscribe-auth/AA207aQHSZUYZ4UCg3Akh8mh6PHLOM9aks5smqR6gaJpZM4Pl1G6 .