403 Access denied when trying to create post via API

Posted under General

Abake

I try to create a post through the API, but I always get a 403 response code with this body

{“success”:false, “error”: “Pundit::NotAuthorizedError”, “message”: “Access denied”, “backtrace”:[“app/controllers/posts_controller.rb:75:in ‘PostsController#create\’, ‘app/logical/rack_server_timing.rb:19:in \’RackServerTiming#call'”}]}

The API key being used has all permissions. I am sending create request with this function

def create_post(media_asset_id, tags, rating, source):
    headers = {
        'User-Agent': 'MyUploaderQ/1.0'
    }
    data = {
        'upload_media_asset_id': media_asset_id,
        'post[tag_string]': tags,
        'post[rating]': rating,
        'post[source]': source,
    }
    resp = requests.post(
        f'{BASE_URL}/posts.json',
        data=data,
        auth=(USERNAME, API_KEY),
        headers=headers
    )
    resp.raise_for_status()
    return resp.json()['id']
Reply
evazion

Make sure you're passing the upload_media_asset_id, not the media_asset_id. The media_asset_id identifies the file; the upload_media_asset_id identifies your particular upload of the file.

These are different because the same file can be uploaded multiple times, by you or other people, but it's only stored once. For example, you could upload a picture from Twitter, then upload what turns out to be the same picture from Pixiv a day later. The upload_media_asset_id identifies which one of these uploads you're trying to post. The permission error would be because you're trying to post a file from another person's account because you have the wrong ID.

Reply
Abake

evazion said:

Make sure you're passing the upload_media_asset_id, not the media_asset_id. The media_asset_id identifies the file; the upload_media_asset_id identifies your particular upload of the file.

These are different because the same file can be uploaded multiple times, by you or other people, but it's only stored once. For example, you could upload a picture from Twitter, then upload what turns out to be the same picture from Pixiv a day later. The upload_media_asset_id identifies which one of these uploads you're trying to post. The permission error would be because you're trying to post a file from another person's account because you have the wrong ID.

Thanks! The problem was that I was entering the wrong ID in the 'upload_media_asset_id' field. I was using the ID received after uploading the image, rather than the ID of the media asset within the image upload

Reply
1