如何对GoodData API进行身份验证？

Question

我正在尝试使用GoodData API进行身份验证/登录，但我遇到了麻烦。在GoodData API文档站点(docs.gooddata.apiary.io)上，它说要发布到：

URL：

https://secure.gooddata.com/gdc/account/login

标题：

接受: application/json内容-Type: application/json

JSON身体：

{“postUserLogin”：{“登录”：“user@company.com”，“密码”：“YourPassword”，“记住”：1}}

我得到响应“私有API，请提供私有散列。”有什么想法吗？

Answer 1

更新的GoodData API文档和API控制台位于https://developer.gooddata.com/api。

此调用的登录URL实际上是https://secure.gooddata.com/gdc/account/login

使用相同的有效负载(您的凭据而不是示例)，您将能够登录并获取在SetCookie头中返回的SST令牌。

请记住登录的过程是：

1. 如前所述，将凭据发布到登录资源。
2. 在SetCookie报头中返回SST令牌。
3. 获取标头中带有SST令牌的令牌资源，以接收TT令牌
4. 在API调用头中使用TT令牌：-cookie

另外，请记住TT令牌的有效性是有限的。一旦收到401次未经授权的响应，就需要在下面的资源中获得新的TT令牌，并在调用报头中指定SST令牌。

Answer 2

GoodData身份验证还在以下库中实现：

• Perl - http://metacpan.org/pod/WWW::GoodData
• Java - https://github.com/gooddata/gooddata-http-client

Answer 3

关于GoodData附属物，我有一个卷曲的例子

第一步- POST到https://secure.gooddata.com/gdc/account/login

jirka@x230:~$ curl --include --header "Accept: application/json" --header "Content-Type: application/json" --request POST --data-binary "{\"postUserLogin\":{\"login\":\"jiri.simon@gooddata.com\",\"password\":\"`cat my_pass.txt`\",\"remember\":1}}" "https://secure.gooddata.com/gdc/account/login" 
HTTP/1.1 200 OK 
X-GDC-REQUEST: 7AEoVKre3lTF8sUV 
Server: Apache 
Set-Cookie: GDCAuthTT=; path=/gdc; expires=Sat, 07-Sep-2013 22:16:26 GMT; secure; HttpOnly 
Set-Cookie: GDCAuthSST=jcftYGCC3u6pkNRK; path=/gdc/account; expires=Wed, 23-Oct-2013 22:16:26 GMT; secure; HttpOnly 
Expires: Mon, 26 Jul 1997 05:00:00 GMT 
Cache-Control: no-store, no-cache, must-revalidate, max-age=0 
Pragma: no-cache 
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT' 
X-GDC-REQUEST-TIME: 69 
Content-Type: application/json;charset=UTF-8 
Content-Length: 143 
Accept-Ranges: bytes 
Date: Mon, 07 Oct 2013 22:16:26 GMT 
X-Varnish: 2109577795 
Age: 0 
Via: 1.1 varnish 
Connection: keep-alive

{"userLogin":{"profile":"/gdc/account/profile/254c399a3f5131b7026313d4f8761410","state":"/gdc/account/login/254c399a3f5131b7026313d4f8761410"}}

第二步是使用SST从第一步的响应中获得GDCAuthTT：

jirka@x230:~$ curl --include --header "Cookie: $Version=0; GDCAuthSST=jcftYGCC3u6pkNRK; $Path=/gdc/account" --header "Accept: application/json" --header "Content-Type: application/json" https://secure.gooddata.com/gdc/account/tokenHTTP/1.1 200 OK 
X-GDC-REQUEST: GqPnYyk3pKAW5eju 
Server: Apache 
Set-Cookie: GDCAuthTT=h3CUUg72U2SLhL7Tghj_TVnba6byjgj3L78aJkSFuoji_0DiqXGRYY7C1zWDa-2yIa0Aj3-MuVlWPdNSx7N7CDzM7w21Fl6OaMjuF-98bV6cRx34HW-ql6IGt6ufWo_U5fQa2QqU6b-F0MsGE6orDC6ZMt2anJQdATNYsHfELiB7ImwiOiIwIiwidSI6IjE3Mzk4NyIsImsiOiJiZWQyZWU1ZS05YzYxLTRhNWMtOWJlNi05ZTAxZDQ4NjI5NmEiLCJ1aWQiOiIyNTRjMzk5YTNmNTEzMWI3MDI2MzEzZDRmODc2MTQxMCIsInYiOjEzODExODQ4MTZ9; path=/gdc; secure; HttpOnly
Expires: Mon, 26 Jul 1997 05:00:00 GMT 
Cache-Control: no-store, no-cache, must-revalidate, max-age=0 
Pragma: no-cache 
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT' 
X-GDC-TIMESTAMP: 600 
X-GDC-REQUEST-TIME: 20 
Content-Type: application/json;charset=UTF-8 
Content-Length: 2 
Accept-Ranges: bytes 
Date: Mon, 07 Oct 2013 22:16:56 GMT 
X-Varnish: 1661889108 
Age: 0 
Via: 1.1 varnish 
Connection: keep-alive

然后您可以使用您的GDCAuthTT使用所有其他调用，但是这个GDCAuthTT只有10分钟的有效性，10分钟后您将得到401，您必须再次调用前面的命令来获取新的GDCAuthTT