How to authorize via token in Python to an API

Question

I´m completly new in Python-programming and I´m trying to get access to ae – scooter rental service and crawl the data oft he scooters. The service provider is Bird and has no official API and is only accessible via an app for Android or iOS. Someone found a way and the requirements for the posts and gets are here documented: https://github.com/ubahnverleih/WoBike/blob/master/Bird.md

My problem is after i authorized myself by the token I can´t create a get-request. The Server says all the time: {"code":401,"message":"Credentials are required to access this resource"}

This is my code:

import requests
import json
import uuid
target = "https://api-auth.prod.birdapp.com/api/v1/auth/email"
headers = { "User-Agent": "Bird/4.53.0 (co.bird.Ride; build:24; iOS 12.4.1) Alamofire/4.53.0"
           ,"Platform": "ios",
           "App-Version": "4.53.0",
           "Content-Type": "application/json",
           "Device-Id": str(uuid.uuid4())}
data = {"email": "any@mail.com"}
reply = requests.post(target, data=json.dumps(data), headers=headers)

# at this point u get an email and u need to copy the token in the email

token = {"token":"IGzMtdAkQ3icmSFV0V64yQ"}
url_token = 'https://api-auth.prod.birdapp.com/api/v1/auth/magic-link/use'

# now you are authorized and you can start get-requests

get_headers = {"Authorization" : "IGzMtdAkQ3icmSFV0V64yQ",
              "Device-id" : str(uuid.uuid4()),
              "App-Version" : "4.41.0",
              "Location" : json.dumps({"latitude":37.77249,"longitude":-122.40910,"altitude":500,"accuracy":100,"speed":-1,"heading":-1})}
url_get_birds = "https://api.birdapp.com/bird/nearby?latitude=37.77184&longitude=-122.40910&radius=1000"
print((requests.get(url_get_birds, headers = get_headers)).text)

The last print command gives me the 401 error all the time

I guess i don´t use the token in get_headers as an authorization correct… Sorry to bother you but I really don´t know how to progress.

Thank you very much

Answer 1

I don't think you're using the correct token. It appears to me that you are using the Magic Link token as your Auth for getting scooter locations. The Magic Link token that is included in your Email can't be used as the token to get locations of scooters, it's used as the token to get hold of your Access Token. The correct token should start with something like ey and a long list of characters.

Try run this to get your actual token:

curl --location --request POST 'https://api-auth.prod.birdapp.com/api/v1/auth/magic-link/use' \
--header 'User-Agent: Bird/4.53.0 (co.bird.Ride; build:24; iOS 12.4.1) Alamofire/4.53.0' \
--header 'Device-Id: <YOUR-UUID>' \
--header 'Platform: ios' \
--header 'App-Version: 4.53.0' \
--header 'Content-Type: application/json' \
--header 'Content-Type: text/plain' \
--data-raw '{"token":"9BntNB548R7KyD42ml4hrJA"}'

This will output 2 kinds of tokens - Access and Refresh. The Access Token is the one that you would use to get locations of scooters. It should be implemented like this: Authorization: Bird <ACCESS-TOKEN>