Is http://api.netflix.com/users/{userid}/queues/instant/available/20/70023522 the correct endpoint?
Also, could this error occur if my client isn't sending a real DELETE request (running this on a Palm Pre, so this is all based in JavaScript using oath.js which is allowed to do cross domain requests).
So the problem is that the webkit browser used has an xhr that doesn't do DELETEs - any chance Netflix allows some sort of override header to force DELETE?
You should be able to specify ?method=DELETE in the arguments in order to perform a DELETE function. The documentation is a bit confusing at the moment (we're working on improving it) but you can look at the "Forming Requests" subsection on
I keep running into invalid signature, no mater if I use a GET with ?method=DELETE, use a post with a body that has &method=delete or use X-HTTP-Method-Override.
I am using DELETE as the request type when doing the oauth. I even tried passing method=DELETE as an parameter into the oauth message.
Anyone know of a working example of this by any chance?
I just tried this in PHP code and ran into the same issue:
This works: curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "DELETE");
This fails: curl_setopt($curl, CURLOPT_HTTPHEADER, array('X-HTTP-Method-Override:DELETE'));
Hi, Doron. Have you tried the Authentication Walk-Through, here:
http://developer.netflix.com/walkthrough
If you go all the way through, you'll get to the point where you can add, move, and delete queue items. Please try with "The Office," see if it works, and if it does, compare the signed URL from the walk-through to the one you're trying to send.
... where we say to use GET to add and DELETE to remove? Or somewhere else? It reads like we are claiming that DELETE will work in all cases when we should warn developers that it doesn't work from a browser.
Sorry for the confusion; will fix as soon as I know I've found all the trouble.
So I am trying to delete Office Season 1 from my instant queue using DELETE request to:
http://api.netflix.com/users/{userid}/queues/instant/available/20/70023522?oauth_signature_method=HMAC-SHA1&oauth_consumer_key={thekey}&oauth_token={oathtoken}&oauth_version=1.0&oauth_timestamp=1250650141&oauth_nonce=Dn1ViW&oauth_signature={signature}
And I always get back Invalid Signature.
Using the same code in my app to sign GETs.
Is http://api.netflix.com/users/{userid}/queues/instant/available/20/70023522 the correct endpoint?
Also, could this error occur if my client isn't sending a real DELETE request (running this on a Palm Pre, so this is all based in JavaScript using oath.js which is allowed to do cross domain requests).
thanks!
Message edited by Doron 2 years ago
Doron – 2 years ago
So the problem is that the webkit browser used has an xhr that doesn't do DELETEs - any chance Netflix allows some sort of override header to force DELETE?
thanks!
JR Conlin – 2 years ago
You should be able to specify ?method=DELETE in the arguments in order to perform a DELETE function. The documentation is a bit confusing at the moment (we're working on improving it) but you can look at the "Forming Requests" subsection on
http://developer.netflix.com/docs/REST_API_Conventions
for various, alternate ways of calling REST verbs in your requests.
Doron – 2 years ago
I keep running into invalid signature, no mater if I use a GET with ?method=DELETE, use a post with a body that has &method=delete or use X-HTTP-Method-Override.
I am using DELETE as the request type when doing the oauth. I even tried passing method=DELETE as an parameter into the oauth message.
Anyone know of a working example of this by any chance?
Doron – 2 years ago
I just tried this in PHP code and ran into the same issue:
This works: curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "DELETE");
This fails: curl_setopt($curl, CURLOPT_HTTPHEADER, array('X-HTTP-Method-Override:DELETE'));
Doron – 2 years ago
Here is the http request (... for removed oauth values).
(Run through Firefox with cross domain enabled)
POST /users/.../queues/disc/available/1/70099787 HTTP/1.1
Host: api.netflix.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
X-HTTP-Method-Override: DELETE
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 291
Cookie: VisitorId=...
Pragma: no-cache
Cache-Control: no-cache
oauth_signature_method=HMAC-SHA1&oauth_consumer_key=...&oauth_token=...&oauth_version=1.0&oauth_timestamp=...&oauth_nonce=...&oauth_signature=...
HTTP/1.x 401 Unauthorized
X-Lighty-Magnet-Uri-Path: /users/...-/queues/disc/available/1/70099787
X-Mashery-Responder: mashery-web3.LAX
X-Mashery-Error-Code: ERR_401_INVALID_SIGNATURE
Content-Type: text/plain
Accept-Ranges: bytes
Content-Length: 17
Date: Thu, 03 Sep 2009 01:50:37 GMT
Server: Mashery Proxy
Kent Brewster – 2 years ago
Hi, Doron. Have you tried the Authentication Walk-Through, here:
http://developer.netflix.com/walkthrough
If you go all the way through, you'll get to the point where you can add, move, and delete queue items. Please try with "The Office," see if it works, and if it does, compare the signed URL from the walk-through to the one you're trying to send.
Hope this helps,
--Kent
Doron – 2 years ago
I figured it out - If you do a GET with method=DELETE, you need to sign the Oauth with GET and not DELETE. That isn't clear from the docs.
Kent Brewster – 2 years ago
I think I see where we led you astray. Is it here:
http://developer.netflix.com/docs/REST_API_Reference#0_20185
... where we say to use GET to add and DELETE to remove? Or somewhere else? It reads like we are claiming that DELETE will work in all cases when we should warn developers that it doesn't work from a browser.
Sorry for the confusion; will fix as soon as I know I've found all the trouble.
--Kent