调用REST服务时获得“访问被拒绝”

Question

I'm building a small app that consumes a REST service.

The REST service expects that the URL i interact with always have the API key as an URL parameter.

So no matter if i GET, POST, UPDATE or DELETE, my URL should always contain be something like this:

https://rest.service.tld:443/list?api_key=MY-KEY

https://rest.service.tld:443/lists/1/profiles/search?api_key=MY-KEY

I tried with the sample code from RestSharp webpage, but it get the statuscode Access Denied

Here's my code:

  // Create client
  var client = new RestClient( "https://rest.service.tld:443" );
  client.Authenticator = new SimpleAuthenticator( "api_key", "MY-KEY", "", "" );

  // GET list of items
  var requestLists = new RestRequest( "lists", Method.GET );
  IRestResponse<List<ListResponse>> listResponse = client.Execute<List<ListResponse>>( requestLists ); // Returns the correct list

  // POST search
  var requestProfiles = new RestRequest( "lists/1/profiles/search", Method.POST );
  requestProfiles.AddParameter( "Criteria", "{\"email\":\my@email.tld\"}" );

  IRestResponse profileResponse = client.Execute( requestProfiles ); // Returns 'Access Denied' status code 

As far as i can tell, the POST method doesn't contain the correct querystring, instead my api_key is added as a parameter in the POST .

Is there a way to keep my API_KEY in the Querystring like i need it to be?

Answer 1

By default the api_key is added as a normal parameter, you need to explicitly enforce that you want the parameter to be embedded into the URL, by setting the ParameterType as follows:

var requestProfiles = new RestRequest( "lists/1/profiles/search{api_key}", Method.POST );

requestProfiles.AddParameter( "Criteria", "{\"email\":\my@email.tld\"}" );

requestProfiles.AddParameter( "api_key", MY-KEY, ParameterType.UrlSegment);

More info here