I'm having a problem sending an authorization token with Bearer to NEST API via python requests:
curl https://developer-api.nest.com -H "Authorization: Bearer c.123"
-H "Content-Type: application/json"
works fine, however:
nest_url = "https://developer-api.nest.com"
headers = {'Authorization': str('Bearer ' + token), 'Content-type': 'application/json'}
print(headers)
nest_data_req = requests.get(nest_url, headers=headers)
which prints as:
{'Content-type': 'application/json', 'Authorization': 'Bearer c.123'}
fails with a 401 unauthorized, as far as I can tell they are trying to make the same request so why does curl work (and postman for that matter) and python requests fail?
The following image shows the same working in postman:
So this code works 1 in 10 times (the other 9+ give me 401 unauthorized):
url = "https://developer-api.nest.com/"
auth_t = token.encode("ascii", "ignore")
headers = {
'authorization': "Bearer " + auth_t,
'content-type': "application/json",
'cache-control': "no-cache",
}
response = requests.request("GET", url, headers=headers)
print(response.text)
if I press submit in postman it works everytime without fail.
Turns this is a result of nest's API redirecting so you could consider this either a bug - as headers are removed from the redirected request, and headers should be on the session. Or a 'feature' as they were trying to resolve a CVE.
So here is a prototyped way to handle this:
def get_nest_data(token):
url = "https://developer-api.nest.com/"
auth_t = token.encode("ascii", "ignore")
headers = {
'authorization': "Bearer " + auth_t,
'content-type': "application/json",
}
try:
init_res = requests.get('https://developer-api.nest.com', headers=headers, allow_redirects=False)
if init_res.status_code == 307:
api_response = requests.get(init_res.headers['Location'], headers=headers, allow_redirects=False)
if api_response.status_code == 200:
return api_response.json()
elif init_res.status_code == 200:
return init_res.json()
except Exception as ce:
print(ce)