API "User authentication invalid or missing" when trying to add coin

I am working on a script to import my collection from excel(csv) to numista.  I have been able to access the api and get the type codes for a coin so I now want to add it to my collection.

I have obtained an access token using: oauth_token?grant_type=client_credentials&scope=edit_collection

This returns:

[access_token] => TOKEN
   [token_type] => bearer
   [expires_in] => 7200
   [user_id] => MY_USER
 

calling: /v3/users/ MY_USER/collected_items?&type=19081]
with these headers:

[authorization: Bearer TOKEN]
[numista-api-key: MY_API_KEY]

gives me the error message: "User authentication invalid or missing"

Is anyone able to give any guidance on what the problem is or how to diagnose further?

Thanks

Pat

Hello,

The issue could be due to an invalid authentication scope. 

Can you try oauth_token?grant_type=client_credentials&scope=view_collection,edit_collection

Hi Xavier

Apologies for the delay in replying, I was travelling, and didn't get a chance to test this properly.

Adding view_collection to the scope fixed the problem.

I am now onto the next error:

I am calling /v3/users/496109/collected_items

with the following json as the postfields:

[{"type":2555,"quantity":1,"issue":11294,"grade":"unc"}]
 

this gives "error_message":"Missing field type"
 

reducing the post data to only:

[{"type":2555}]
 

still gives the same error, as does quoting the type as a string rather than int.

I am using the following code to do the encoding (in php):

$jsonOptions = json_encode([$options]);

curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonOptions);
 

Any ideas would be appreciated.

Pat, Xavier,

Your exchange here was tremendously helpful when I was not able to add an item to my collection using the API.  Claude and I had been grinding on this for a while before I found this clue!

Adding `view_collection` to the scope (as Xavier suggested) got me past the 401 errors I was getting at first.  I also ran into a second undocumented quirk: the type field in the POST body must be sent as a JSON string ("44") rather than a number (44), despite the spec declaring it as integer. Sending a number produces HTTP 400 "Invalid type" with no further hint.  Claude has written up both issues for you, Xavier, along with a third (the client credentials flow works fine for writes — no browser redirect needed) with working examples and a patch for the OpenAPI spec here (public Gist w/2 files).

HTH,

Neil

Hi Neil

I did end up getting this working, though I don't remember the solution to this problem.

I have some notes on the script I ended up with here:

https://en.numista.com/forum/topic163268.html#p1261632

It has a link to my github where it is listed as well.

Cheers

Pat

Hello Neil,

• The API was modified so that numbers are accepted, as per the documentation.
• I could not reproduce the fact that the scope edit_collection is not enough. Could you please send the steps to reproduce?
• I added the flow clientCredentials to the OpenAPI documentation.

Xavier,

Were you able to access the public Gist that I linked to?  All of the details should be there, but if not I am happy to write it up another way.

What I recall without reviewing the notes is that, given the single scope, the OAuth flow was returning a token with a TTL much greater than the standard (2 hours?) which was not accepted by the `POST collected_items` endpoint.  Adding the second scope solved the issue and I was able to edit a collected item in place.  HTH.

It looks like you posted a new patch version of the API spec.  Am I right to assume that the current state of the API is reflected there?

Neil

Hi Neil,

The API documentation was indeed updated to include the clientCredentials flow.