Receiving 403 on all data API v4 resources


#1

Hi,

I am receiving 403 forbidden when accessing any endpoint on FACEIT data api v4,

Using the access_token in the json response body from the Authorization Code Flow (also happens when using implicit flow)

I am specifying bearer {the access_token} for the Authorization header

Also seeing 403 in the API explorer on the Developers Portal

Is it perhaps something I have missed with scopes?

Any help appreciated

Thanks


#2

Anyone have any ideas?


#3

Hi Osbar,
you don’t need to use the access_token of the Authorization Code Flow, you have to use an API key.
It’s simple: just go to [your app] > API KEYS > Create FACEIT API Keys.
Then you have to specify if you want to use it client side or server side.
The generated key must be used as you said, inside the Authorization header using ‘Bearer XXX’

Cheers
Lore


#4

Thanks for the reply Lore,

If I am using implicit flow, will I be able to access the FACEIT APIs on behalf of a user?

edit: With the purpose being that only users authenticated with FACEIT would be able to use the app

Cheers,
Osbar


#5

Hi,
the Data-api are not meant to be used on behalf of a user, they allow you to retrieve all the public data.
The result of a call is the same independently of the caller, as the API key is a kind of client credential grant.

Lore


#6

I see, I think the FACEIT Connect documentation has been confusing me a bit then,

Here is the documentation regarding the Authorization Code flow (so not the implicit grant flow),

It shows that the access_token for that can be used to call the Faceit APIs, is this incorrect? Is this referring to the Data API or another Faceit API?

Edit: the Authorization Code flow diagram references using the user information API, is there documentation around this?

image


#7

Hi Osbar,
at the moment there are Data API (which need api keys) and Chat API (which need access_token, as has to be used on behalf of the user).
The documentation says generically “Faceit APIs” as we’re going to add more APIs for the developers, we’re working on it.

Anyway, to get the information of the user that granted you access, you can call the standard userinfo_endpoint , which is http://api.faceit.com/auth/v1/resources/userinfo

Lore


#8

Ok I see all the pieces coming together now :smiley: makes sense why the APIs were returning 403 with the token I was using

The userinfo endpoint will help me greatly

Thanks for your support on this Lore, much appreciated!

Cheers
Osbar


#9