Authentication issues when introducing create asset usage call.

[SamDenHaerynck]

Hi,

We came across this authentication issue when we were adding the asset usage calls to release version 1.3 of this SDK.

We are using OAuth 1.0 for authentication and all calls under the api/v4 version of the Bynder API are working with the current setup. When implementing the create asset usage call which uses an unversioned endpoint (/api/media/usage/) we keep getting a 401 error.

When contacting Bynder support they claim you can't add the payload for the post request to both the body and the query string which is the case for all post calls included in the Bynder SDK. The create asset usage call only works with the payload included in the body and not in the query string.

But the authentication OAuthMessageHandler.GenerateSignature method requires the query string payload in order to generate a correct signature.

So this is quite inconsistent behavior between the existing SDK and the Bynder API.
Can someone from the team please take a look at it and give some useful feedback?

Thanks!

Kind regards,
Sam Den Haerynck
delaware

[WouterToering]

Hey @SamDenHaerynck,

Unfortunately the people who built this SDK have left the company, so I'll try to assist as best as I can with my limited knowledge.

It seems like 1.3 and older versions send the Query always as query parameters and also as body (form submission) on POST requests. Although sending it as query parameters is useless on POST requests, it doesn't break anything since like you noticed it's always included in the OAuth1 signature as well.

I've tried the create asset usage API call using a HTTP client and as long as the query params are part of the signature when in the URL, it works as expected.

[SamDenHaerynck]

Hi @WouterToering

We added the create usage calls to the SDK ourselves and were not able to perform a successful call without changing the way a post request is handled in the SDK.

Like I said it seems that the authentication part needs the parameters also in the query string but the API endpoint can't handle a query string because when we don't remove the query string we get an a 401 that is caused by an incorrect format of the request (explanation Bynder support).

I could send you the fiddler requests that show you this behavior.

Kind regards,
Sam Den Haerynck
delaware