Why Pocket API returns 403 Forbidden always?

1.3k views Asked by At

I'm trying to call this line:

curl https://getpocket.com/v3/oauth/authorize --insecure -X POST -H "Content-Type: application/json" -H "X-Accept: application/json" -d "{\"consumer_key\":\"61999-492f79db0bd3292f0b4...1\",\"code\":\"c9166709-0c45-2b1f-a22f-e...r\"}"

and each time I get 403 Forbidden.

I do not know and understand the reason of that.

Does anyone knows? I tried it through Python too:

import requests

auth_params = {'consumer_key': 'key_here', 'redirect_uri': 'https://www.twitter.com/'}

tkn = requests.post('https://getpocket.com/v3/oauth/request', data=auth_params)

tkn.content

Above code gives me a code:

usr_params = {'consumer_key': 'key_here', 'code': 'code_here'}
usr = requests.post('https://getpocket.com/v3/oauth/authorize', data=usr_params)
usr.content

here I'm getting 403 too.

How can I fix that?

1

There are 1 answers

1
Bertrand Martel On

From Pocket Authentication API Documentation, you need to register an application to get a consumer key, then request OAuth token via :

curl -X POST \
     -H 'Content-Type: application/json' \
     -d '{"consumer_key":"XXXXX-XXXXXXXXXXXXXXXXXXXXXX","redirect_uri":"AppTest:authorizationFinished"}' \
     https://getpocket.com/v3/oauth/request

Then the step 2 is to authorize this request token (this is the step you are missing). On a browser open the following URL with the request token you got from the previous step :

https://getpocket.com/auth/authorize?request_token=XXXXXXXX-XXXX-XXXX-XXXX-XXXX&redirect_uri=AppTest:authorizationFinished

Click on "authorize" :

enter image description here

Once the request token is authorized, you can call your request on https://getpocket.com/v3/oauth/authorize to convert a request token into a Pocket access token:

curl -X POST \
     -H 'Content-Type: application/json' \
     -d '{"consumer_key":"XXXXX-XXXXXXXXXXXXXXXXXXX","code":"XXXXXXXXX-XXXX-XXXX-XXXX-XXXXX"}' \
     https://getpocket.com/v3/oauth/authorize

The consumer key is the one you got when you created the app on Pocket and the request token the one generated from v3/oauth/request endpoint

Then you get as expected :

{ "access_token":"5678defg-5678-defg-5678-defg56", "username":"pocketuser" }