EVE Technology Lab

Forum Index

EVE Forums » EVE Technology and Research Center » EVE Technology Lab » CREST won't authenticate by authorized request

Topic is locked indefinitely.

CREST won't authenticate by authorized request
Author

Previous Topic Next Topic

Thales Severasse

Strategic Exploration and Development Corp

Silent Company

Likes received: 0

#1 - 2015-07-07 20:04:06 UTC

I'm just starting looking into accessing market data via CREST. I'm sending a request to https://crest-tq.eveonline.com/regions/ with the following headers:

POST https://crest-tq.eveonline.com/regions/ HTTP/1.1
Authorization: Bearer myAccessToken
Accept: application/vnd.ccp.eve.RegionCollection-v1+json
Host: crest-tq.eveonline.com

Per the example here http://eveonline-third-party-documentation.readthedocs.org/en/latest/crest/authentication/

I got my fresh token by using the handy script here https://gist.github.com/aineko-m/15121de81feee5a66b56#file-getrefreshtoken-php

The problem is, I'm getting the following JSON back from my request:

[message] => Authentication needed, bad token
[key] => authNeeded
[exceptionType] => UnauthorizedError

Any ideas what what the problem could be?

Kali Izia

GoomWaffe

Likes received: 55

#2 - 2015-07-07 20:11:51 UTC

Thales Severasse wrote:

I got my fresh token by using the handy script here https://gist.github.com/aineko-m/15121de81feee5a66b56#file-getrefreshtoken-php

That appears to only return a refresh token.

Since you already have that, you'll need to POST to https://login.eveonline.com/oauth/token using grant_type=refresh_token&refresh_token=[token] to get an access_token, which you can then provide to CREST.

Aineko Macx

Likes received: 367

#3 - 2015-07-08 07:07:33 UTC

The refresh token has unlimited lifetime so unless it gets revoked you only need to get it once (with that script for instance).
But you cannot use the refresh token directly to access non-public data. For that you need the access token, which is ephemeral (lifetime of 20 minutes IIRC). To get it proceed as Kali explained. Code example.

iveeCore 3.0: The PHP engine for industrial activities and CREST library

Syncore 143
SJ Astralana Syncore Likes received: 143	#4 - 2015-07-08 07:34:11 UTC Aineko Macx wrote: But you cannot use the refresh token directly to access non-public data. Is there any non-public data available yet? Hyperdrive your production business: Eve Production Manager


Thales Severasse Strategic Exploration and Development Corp Silent Company Likes received: 0	#5 - 2015-07-08 14:45:40 UTC Thanks everyone for the help. Kali, I got there eventually. I'm new to OAuth and didn't realise there were 2 types of tokens. Aineko, thanks for the link to iveeCrest. Digging around Client and CurlWrapper helped me greatly. Thanks all.


Aineko Macx Likes received: 367	#6 - 2015-07-08 14:50:44 UTC SJ Astralana wrote: Is there any non-public data available yet? My bad, I meant to write "authentication requiring". As for non-public, the yearly char stats endpoint will be the first AFAIK. iveeCore 3.0: The PHP engine for industrial activities and CREST library

EVE Technology Lab

Strategic Exploration and Development Corp

Silent Company

GoomWaffe

Syncore