Hi John, 

Thanks! I restarted the server, regenerated the API key, and can confirm that it's now working. As you mentioned, it's possible that I was missing a value on the end of the API key and was caught by the bug which allowed me to check find histories when I was logged out.

Cheers!
Rob



On Fri, Mar 8, 2013 at 9:33 AM, John Chilton <chil0060@umn.edu> wrote:
I can confirm this is a Galaxy bug. Steps to reproduce:

- Log into clean galaxy.
- Create an API key.
- Logout
- Got to localhost:8080/api/histories

You should get a 403 and don't.

This doesn't explain why the API isn't working for you, my best guess
would be the key is off by a character or you created a new one and
overwrote that one maybe. I think your instinct to try to diagnose
this outside of blend4j is a good one, if you can get the API working
without a browser session (perhaps from wget or curl) then I am
confident the blend4j part will work (or at least we can get it to).

-John

On Thu, Mar 7, 2013 at 9:09 PM, Rob Leclerc <robert.leclerc@gmail.com> wrote:
> I'm trying to use the blend4j to access the Galaxy API, but I'm getting a
> 403 error, however when I pass the same request string through my browser I
> get a json response (Status 200).
>
> //Here is the URL string being passed in both cases:
> http://localhost:8080/api/histories?key=c5954f0e726e52da297cdad5ad4aa249
>
>
> //Below are the Galaxy logs emitted on my localhost:
> 127.0.0.1 - - [07/Mar/2013:21:12:01 -0400] "GET
> /api/histories?key=c5954f0e726e52da297cdad5ad4aa249 HTTP/1.1" 200 - "-"
> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.22 (KHTML,
> like Gecko) Chrome/25.0.1364.155 Safari/537.22"
>
> 127.0.0.1 - - [07/Mar/2013:21:12:24 -0400] "GET
> /api/histories?key=c5954f0e726e52da297cdad5ad4aa249 HTTP/1.1" 403 - "-"
> "Java/1.6.0_41"
>
>
> I'm not sure if this is related or not, because I can logout in my browser
> and still hit the local server without getting a 403,  but how do I login
> (and logout) through the API to set up a session because I assume that the
> API key is only valid for the logged in user? Is there an API request for
> the login?
>
>
>
>
> Cheers,
> Rob
>
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>
>   http://lists.bx.psu.edu/



--
Rob Leclerc, PhD
P: (US) +1-(917)-873-3037
P: (Shanghai) +86-1-(861)-612-5469
Personal Email: rob.leclerc@aya.yale.edu