search

splitwise / api-docs

API documentation for the Splitwise API.
http://dev.splitwise.com
28 stars 16 forks source link

Help with create_expense request using OAUTH2 #41

Closed nosvalds closed 3 years ago

nosvalds commented 3 years ago

Hello,

I'm building a personal project of a Vue.JS front-end form to automate some of the settings I typically enter into splitwise.

I'm trying to do OAUTH2 authentication using https://github.com/Bearer/Pizzly . I can use Postman going through the Pizzly proxy (running locally) to do a GET /get_current_user just fine. But when I try to POST to create_expense (through the Pizzly proxy), I receive this error: "You must enter an amount":

Request Log (Postman)

POST http://localhost:8080/proxy/splitwise/create_expense
200
593 ms
POST /proxy/splitwise/create_expense HTTP/1.1
Pizzly-Auth-Id: 64350b70-2cdb-11eb-8198-150293bf7302
Accept: application/json
Content-Type: application/json
User-Agent: PostmanRuntime/7.26.5
Postman-Token: d39504db-0fe7-4996-ace6-fb1fa16eb490
Host: localhost:8080
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 415
{
    "cost": "1.00",
    "currency_code": "GBP",
    "description": "Niki proxy API from Postman",
    "payment": false,
    "group_id": "11912464",
    "split_equally": true,
    "users__0__user_id": "906803",
    "users__0__paid_share": "0.50",
    "users__0__owed_share": "0.50",
    "users__1__user_id": "6811318",
    "users__1__paid_share": "0.50",
    "users__1__owed_share": "0.50",
    "category_id": 12
}
HTTP/1.1 200 OK
X-Powered-By: Express
strict-transport-security: max-age=3600
Access-Control-Allow-Origin: *
connection: close
server: nginx
date: Sun, 22 Nov 2020 16:15:04 GMT
content-type: application/json; charset=utf-8
transfer-encoding: chunked
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: origin
content-disposition: inline; filename="response.json"
cache-control: no-cache, no-store
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
etag: W/"049fe9540d9cef1ef3e05a57584a5dd6"
x-request-id: 3dddff68-4c73-475d-a337-bbc399f90b59
x-runtime: 0.073046
via: 1.1 vegur
{"expenses":[],"errors":{"base":["You must enter an amount"]}}

Error:

{
    "expenses": [],
    "errors": {
        "base": [
            "You must enter an amount"
        ]
    }
}

I'm able to do a POST /create_expense with the same body JSON through Postman using the API Bearer token method with no issues.

POST /api/v3.0/create_expense HTTP/1.1
Accept: application/json
Authorization: Bearer <token>
Content-Type: application/json
User-Agent: PostmanRuntime/7.26.5
Postman-Token: 2814eefd-0524-419e-9195-ecf1ff1cdfe3
Host: secure.splitwise.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 401
{
    "cost": "1.00",
    "currency_code": "GBP",
    "description": "Niki test API",
    "payment": false,
    "group_id": "11912464",
    "split_equally": true,
    "users__0__user_id": "906803",
    "users__0__paid_share": "0.50",
    "users__0__owed_share": "0.50",
    "users__1__user_id": "6811318",
    "users__1__paid_share": "0.50",
    "users__1__owed_share": "0.50",
    "category_id": 12
}
HTTP/1.1 200 OK
Connection: keep-alive
Server: nginx
Date: Sun, 22 Nov 2020 16:25:07 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: origin
Content-Disposition: inline; filename="response.json"
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Etag: W/"c0b200032ecde421125af8e48b013e73"
X-Request-Id: dd2cb811-2874-4245-ab3c-2e574bc6d83c
X-Runtime: 0.265095
Strict-Transport-Security: max-age=3600
Content-Encoding: gzip
Via: 1.1 vegur
{"expenses":[<successful expense info>],"errors":{}}

Any ideas on where I can look next?

Thank you, Nik

rofreg commented 3 years ago

Hey Nik! Thanks for the details; those made it easy for me to find the server logs for your request 🙂

It looks like Pizzly (or some other part of your code) is accidentally modifying the parameters somehow before sending them to the Splitwise API. Rather than sending a series of key/value pairs, it's sending the entire JSON blob as one big key, with a value of nil. So instead of our server receiving params like this:

{"cost"=>"1.00", "currency_code"=>"GBP", "description"=>"Niki test API", "payment"=>false, "group_id"=>"11912464", "split_equally"=>true, "users__0__user_id"=>"906803", "users__0__paid_share"=>"0.50", "users__0__owed_share"=>"0.50", "users__1__user_id"=>"6811318", "users__1__paid_share"=>"0.50", "users__1__owed_share"=>"0.50", "category_id"=>12}

We're receiving params like this:

{"{\n    \"cost\": \"1.00\",\n    \"currency_code\": \"GBP\",\n    \"description\": \"Niki proxy API from Postman\",\n    \"payment\": false,\n    \"group_id\": \"11912464\",\n    \"split_equally\": true,\n    \"users__0__user_id\": \"906803\",\n    \"users__0__paid_share\": \"0.50\",\n    \"users__0__owed_share\": \"0.50\",\n    \"users__1__user_id\": \"6811318\",\n    \"users__1__paid_share\": \"0.50\",\n    \"users__1__owed_share\": \"0.50\",\n    \"category_id\": 12\n}"=>nil}

Thus our server fails to find a cost parameter, and you get back the error "You must enter an amount".

I'm closing this issue since it doesn't appear to be an API issue, but if you continue to have trouble, feel free to reach out to developers@splitwise.com – we'll help as much as we can!