SlideShare a Scribd company logo

The Most Common Mistakes When Calling Smarty APIs

Download as PPTX, PDF
S
Smarty35

In these slides, you'll learn about some of the most common mistakes we've seen when building API calls. If you're using an API to set up address autocomplete on your forms, this is the presentation for you. You can learn more about Smarty's APIs by visiting: https://www.smarty.com/docs/cloud You can view the webinar that these slides are from at: https://youtu.be/5EhPelXsv-U

Business
1 of 30
Common Mistakes When Calling Smarty APIs Status Codes 401 and 402
In today’s webinar, we’ll cover two types of mistakes: “Authentication Required” errors — status code 401 “Payment Required” errors — status code 402
“Authentication Required” Errors — Status Code 401 In this section: ● How to authenticate API requests the right way ● Common mistakes in client-side requests ● Common mistakes in server-side requests
How to Authenticate API Requests the Right Way 1. Get familiar with your account's API Keys page.
How to Authenticate API Requests the Right Way 1. Get familiar with your account's API Keys page. 2. Understand the difference between client-side requests (in a web browser) and server-side requests. Since browsers send a Referer header automatically, our system treats any request that includes a Referer header as a client-side request. In contrast, if the request does NOT have a Referer header, our system treats it is a server-side request.
How to Authenticate API Requests the Right Way 1. Get familiar with your account's API Keys page. 2. Understand the difference between client-side requests (in a web browser) and server-side requests. Since browsers send a Referer header automatically, our system treats any request that includes a Referer header as a client-side request. In contrast, if the request does NOT have that header, our system treats it is a server-side request. 3. For client-side calls: ● Include an embedded key in the request URL: key=31050191824945 ● Make sure that the Referer value sent by the browser is listed as a host for the embedded key being used.
How to Authenticate API Requests the Right Way 1. Get familiar with your account's API Keys page. 2. Understand the difference between client-side requests (in a web browser) and server-side requests. Since browsers send a Referer header automatically, our system treats any request that includes a Referer header as a client-side request. In contrast, if the request does NOT have that header, our system treats it is a server-side request. 3. For client-side calls: ● Include an embedded key in the request URL: key=31050191824945 ● Make sure that the Referer value sent by the browser is listed as a host for the embedded key being used. 1. For server-side calls: ● Include the secret keys (auth-id and auth-token) in the request URL: auth- id=a1Gf2rC&auth-token=HH3tnV
Common Mistakes in Client-Side Requests ● Don't submit secret keys in a client-side request.
Common Mistakes in Client-Side Requests ● Don't submit secret keys in a client-side request. ● Don't list the wrong referer/host value with the embedded key. (Look between the slashes of the referer value.)
Common Mistakes in Client-Side Requests ● Don't submit secret keys in a client-side request. ● Don't list the wrong referer/host value with the embedded key. (Look between the slashes of the referer value.) ○ For localhost, just list "localhost" without the port number. ○ For calls from the jsfiddle website, the correct host is fiddle.jshell.net
Common Mistakes in Client-Side Requests ● Don't submit secret keys in a client-side request. ● Don't list the wrong referer/host value with the embedded key. (Look between the slashes of the referer value.) ○ For localhost, just list "localhost" without the port number. ○ For calls from the jsfiddle website, the correct host is fiddle.jshell.net ● When using a wildcard in a hostname, don't use the * for more than one level of subdomain. For example: complete referer value: www.accounts.smarty.com correct: *.accounts.smarty.com incorrect: *.smarty.com
Common Mistakes in Client-Side Requests ● Don't submit secret keys in a client-side request. ● Don't list the wrong referer/host value with the embedded key. (Look between the slashes of the referer value.) ○ For localhost, just list "localhost" without the port number. ○ For calls from the jsfiddle website, the correct host is fiddle.jshell.net ● When using a wildcard in a hostname, don't use the * for more than one level of subdomain. ● Don't forget to explicitly set up a Referer header when calling from a mobile app or when using an embedded key in Postman. (Mobile apps and Postman don't send a Referer header by default, so you will need to set one up manually.)
Common Mistakes in Client-Side Requests ● Don't submit secret keys in a client-side request. ● Don't list the wrong referer/host value with the embedded key. (Look between the slashes of the referer value.) ○ For localhost, just list "localhost" without the port number. ○ For calls from the jsfiddle website, the correct host is fiddle.jshell.net ● When using a wildcard in a hostname, don't use the * for more than one level of subdomain. ● Don't forget to explicitly set up a Referer header when calling from a mobile app or when using an embedded key in Postman. (Mobile apps and Postman don't send a Referer header by default, so you will need to set one up manually.) ● Don't forget to URL-encode the request URL. For example, a # symbol that is not URL- encoded will break up the request URL, and our system will not recognize any part of the URL after the # symbol.
Common Mistakes in Server-Side Requests ● Don't send an embedded key in a server-side request.
Common Mistakes in Server-Side Requests ● Don't send an embedded key in a server-side request. ● Don't type the auth-id or auth-token by hand; you might mistype a 1 for a lower-case l or a 0 for a capital O.
Common Mistakes in Server-Side Requests ● Don't send an embedded key in a server-side request. ● Don't type the auth-id or auth-token by hand; you might mistype a 1 for a lower-case l or a 0 for a capital O. ● Don't forget to URL-encode the request URL.
“Payment Required” Errors — Status Code 402 In this section: ● Understanding your Smarty account and your licenses ● Common mistakes that result in a "Payment Required" error
Understanding Your Smarty Account and Your Licenses ● If you are a developer trying to work with the Smarty APIs, we recommend that you be able to log in to the Smarty account you are trying to use. Currently, each Smarty account has only a single login email and password, so you would need to obtain those login details from whomever has them.
Understanding Your Smarty Account and Your Licenses ● If you are a developer trying to work with the Smarty APIs, we recommend that you be able to log in to the Smarty account you are trying to use. Currently, each Smarty account has only a single login email and password, so you would need to obtain those login details from whomever has them. ● Be familiar with the different pages available in your account, especially the Subscriptions and API Keys pages.
Understanding Your Smarty Account and Your Licenses ● If you are a developer trying to work with the Smarty APIs, we recommend that you be able to log in to the Smarty account you are trying to use. Currently, each Smarty account has only a single login email and password, so you would need to obtain those login details from whomever has them. ● Be familiar with the different pages available in your account, especially the Subscriptions and API Keys pages. ● Make sure you understand your licenses. Know which APIs they allow you to call and what specific abilities are included. Because we offer so many different licenses, distinguishing them can be tricky. Feel free to ask the Support team or your sales rep about the abilities of any particular license.
Common Mistakes That Result in a Payment Required Error ● Don't use API keys from the wrong account. Many companies have multiple Smarty accounts — for example, a production account and several accounts used by individual developers. Make sure the auth credentials you are submitting in the request URL pertain to the account that actually has the right subscription in it.
Common Mistakes That Result in a Payment Required Error ● Don't use API keys from the wrong account. ● Don't try to call an API that is not supported by one of your licenses. Example: You try to call the US Autocomplete Pro API, but you only have a US Address Verification subscription, with a US Core Edition license. (Our US Autocomplete service requires its own license.)
Common Mistakes That Result in a Payment Required Error ● Don't use API keys from the wrong account. ● Don't try to call an API that is not supported by one of your licenses. ● If using one of our SDKs, don't assume that the license value listed in the Github example code is the right one. Example: The default license listed in the Github example code is us- rooftop-geocoding-cloud, but you don't actually have a Rooftop Geocoding license. You may need to change the license value to us-core-cloud or us-standard-cloud. This line is from the JavaScript SDK: let clientBuilder = new SmartyCore.ClientBuilder(credentials) .withBaseUrl("YOUR URL").withLicenses(["us-rooftop-geocoding-cloud"]);
Common Mistakes That Result in a Payment Required Error ● Don't use API keys from the wrong account. ● Don't try to call an API that is not supported by one of your licenses. ● If using one of our SDKs, don't assume that the license value listed in the Github example code is the right one. ● Don't try to use an ability that doesn't pertain to your specific license. Examples: ○ When calling our US Street Address API, you include match=enhanced, but you don't have a US Core Edition license. You only have the older US Standard Edition license (which doesn’t include enhanced matching).
Common Mistakes That Result in a Payment Required Error ● Don't use API keys from the wrong account. ● Don't try to call an API that is not supported by one of your licenses. ● If using one of our SDKs, don't assume that the license value listed in the Github example code is the right one. ● Don't try to use an ability that doesn't pertain to your specific license. Examples: ○ When calling our US Street Address API, you include match=enhanced, but you don't have a US Core Edition license. You only have the older US Standard Edition license (which doesn’t include enhanced matching). ○ When calling our International Street API, you include geocode=true, but your license is an International Global Basic license that doesn't include geocodes.
Common Mistakes That Result in a Payment Required Error ● Don't use API keys from the wrong account. ● Don't try to call an API that is not supported by one of your licenses. ● If using one of our SDKs, don't assume that the license value listed in the Github example code is the right one. ● Don't try to use an ability that doesn't pertain to your specific license. Examples: ○ When calling our US Street Address API, you include match=enhanced, but you don't have a US Core Edition license. You only have the older US Standard Edition license (which doesn’t include enhanced matching). ○ When calling our International Street API, you include geocode=true, but your license is an International Global Basic license that doesn't include geocodes. ○ When calling our International Street API, you submit an address from a country not included with your particular license.
Finishing Up The Smarty Support team is here for you. We pride ourselves on being super responsive. Our regular hours are weekdays 8 to 5 Mountain Time. Phone: 801-877-5778 Chat: smarty.com Email: support@smarty.com
Try our APIs for free! smarty.com/signup

Recommended

Timeline ppt template
Timeline ppt templateTimeline ppt template
Timeline ppt templatecrockerff
 
LEAD GENERATION
LEAD GENERATIONLEAD GENERATION
LEAD GENERATIONMichaelAbbiw
 
State of Digital Ad Fraud Q2 2018
State of Digital Ad Fraud Q2 2018State of Digital Ad Fraud Q2 2018
State of Digital Ad Fraud Q2 2018Dr. Augustine Fou - Independent Ad Fraud Researcher
 
INFORMÁTICA - PÁSCOA ಌღ
INFORMÁTICA - PÁSCOA ಌღINFORMÁTICA - PÁSCOA ಌღ
INFORMÁTICA - PÁSCOA ಌღcrisdelshine
 
Offline Marketing Strategy
Offline Marketing StrategyOffline Marketing Strategy
Offline Marketing StrategySomnath Ghosh
 
Marketingsherpa Top 5 Lead Gen Case Studies
Marketingsherpa Top 5 Lead Gen Case StudiesMarketingsherpa Top 5 Lead Gen Case Studies
Marketingsherpa Top 5 Lead Gen Case StudiesHubSpot
 
Overview on ring central errors
Overview on ring central errorsOverview on ring central errors
Overview on ring central errorsAnirban Sen Chowdhary
 
How to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxHow to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxChanna Ly
 

Recommended

Timeline ppt template
Timeline ppt templateTimeline ppt template
Timeline ppt templatecrockerff
 
LEAD GENERATION
LEAD GENERATIONLEAD GENERATION
LEAD GENERATIONMichaelAbbiw
 
State of Digital Ad Fraud Q2 2018
State of Digital Ad Fraud Q2 2018State of Digital Ad Fraud Q2 2018
State of Digital Ad Fraud Q2 2018Dr. Augustine Fou - Independent Ad Fraud Researcher
 
INFORMÁTICA - PÁSCOA ಌღ
INFORMÁTICA - PÁSCOA ಌღINFORMÁTICA - PÁSCOA ಌღ
INFORMÁTICA - PÁSCOA ಌღcrisdelshine
 
Offline Marketing Strategy
Offline Marketing StrategyOffline Marketing Strategy
Offline Marketing StrategySomnath Ghosh
 
Marketingsherpa Top 5 Lead Gen Case Studies
Marketingsherpa Top 5 Lead Gen Case StudiesMarketingsherpa Top 5 Lead Gen Case Studies
Marketingsherpa Top 5 Lead Gen Case StudiesHubSpot
 
Overview on ring central errors
Overview on ring central errorsOverview on ring central errors
Overview on ring central errorsAnirban Sen Chowdhary
 
How to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxHow to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxChanna Ly
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0Mihir Shah
 
Ch 5: Bypassing Client-Side Controls
Ch 5: Bypassing Client-Side ControlsCh 5: Bypassing Client-Side Controls
Ch 5: Bypassing Client-Side ControlsSam Bowne
 
ArcSight Enterprise View REST API Developer's Guide
ArcSight Enterprise View REST API Developer's GuideArcSight Enterprise View REST API Developer's Guide
ArcSight Enterprise View REST API Developer's GuideProtect724gopi
 
OAuth SPOP @ IETF 91
OAuth SPOP @ IETF 91OAuth SPOP @ IETF 91
OAuth SPOP @ IETF 91Nat Sakimura
 
What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...Hitachi, Ltd. OSS Solution Center.
 
Build and graduate your app in ring central
Build and graduate your app in ring centralBuild and graduate your app in ring central
Build and graduate your app in ring centralAnirban Sen Chowdhary
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connectDerek Binkley
 
Create custom authentication provider and forget the hassle of managing token...
Create custom authentication provider and forget the hassle of managing token...Create custom authentication provider and forget the hassle of managing token...
Create custom authentication provider and forget the hassle of managing token...Rahul Malhotra
 
Setting up BuzzCity Account - Server Side API
Setting up BuzzCity Account - Server Side APISetting up BuzzCity Account - Server Side API
Setting up BuzzCity Account - Server Side APIBuzzCity-2015
 
Big commerce app development
Big commerce app developmentBig commerce app development
Big commerce app developmentNascenia IT
 
RefCard RESTful API Design
RefCard RESTful API DesignRefCard RESTful API Design
RefCard RESTful API DesignOCTO Technology
 
RESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoTRESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoTYakov Fain
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilitiesOWASP
 
Integrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use caseIntegrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use caseBahman Kalali
 
What It Takes to Build API Integrations
What It Takes to Build API IntegrationsWhat It Takes to Build API Integrations
What It Takes to Build API IntegrationsNordic APIs
 
Secure Coding: SSL, SOAP, and REST
Secure Coding: SSL, SOAP, and RESTSecure Coding: SSL, SOAP, and REST
Secure Coding: SSL, SOAP, and RESTSalesforce Developers
 
Explorer setting
Explorer settingExplorer setting
Explorer settingbritmaxbackedup3
 
Setting up organization with api access
Setting up organization with api accessSetting up organization with api access
Setting up organization with api accesssivachandra mandalapu
 
CIS 2015 Extreme OAuth - Paul Meyer
CIS 2015 Extreme OAuth - Paul MeyerCIS 2015 Extreme OAuth - Paul Meyer
CIS 2015 Extreme OAuth - Paul MeyerCloudIDSummit
 
Design Web Api
Design Web ApiDesign Web Api
Design Web ApiTailor Fontela
 
PitchBook’s Guide to VC Funding for Startups
PitchBook’s Guide to VC Funding for StartupsPitchBook’s Guide to VC Funding for Startups
PitchBook’s Guide to VC Funding for StartupsAlejandro Cremades
 
zidauu _business communication.pptx /pdf
zidauu _business communication.pptx /pdfzidauu _business communication.pptx /pdf
zidauu _business communication.pptx /pdfzukhrafshabbir
 

More Related Content

Similar to The Most Common Mistakes When Calling Smarty APIs

Ch 5: Bypassing Client-Side Controls
Ch 5: Bypassing Client-Side ControlsCh 5: Bypassing Client-Side Controls
Ch 5: Bypassing Client-Side ControlsSam Bowne
 
ArcSight Enterprise View REST API Developer's Guide
ArcSight Enterprise View REST API Developer's GuideArcSight Enterprise View REST API Developer's Guide
ArcSight Enterprise View REST API Developer's GuideProtect724gopi
 
OAuth SPOP @ IETF 91
OAuth SPOP @ IETF 91OAuth SPOP @ IETF 91
OAuth SPOP @ IETF 91Nat Sakimura
 
What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...Hitachi, Ltd. OSS Solution Center.
 
Build and graduate your app in ring central
Build and graduate your app in ring centralBuild and graduate your app in ring central
Build and graduate your app in ring centralAnirban Sen Chowdhary
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connectDerek Binkley
 
Create custom authentication provider and forget the hassle of managing token...
Create custom authentication provider and forget the hassle of managing token...Create custom authentication provider and forget the hassle of managing token...
Create custom authentication provider and forget the hassle of managing token...Rahul Malhotra
 
Setting up BuzzCity Account - Server Side API
Setting up BuzzCity Account - Server Side APISetting up BuzzCity Account - Server Side API
Setting up BuzzCity Account - Server Side APIBuzzCity-2015
 
Big commerce app development
Big commerce app developmentBig commerce app development
Big commerce app developmentNascenia IT
 
RefCard RESTful API Design
RefCard RESTful API DesignRefCard RESTful API Design
RefCard RESTful API DesignOCTO Technology
 
RESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoTRESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoTYakov Fain
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilitiesOWASP
 
Integrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use caseIntegrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use caseBahman Kalali
 
What It Takes to Build API Integrations
What It Takes to Build API IntegrationsWhat It Takes to Build API Integrations
What It Takes to Build API IntegrationsNordic APIs
 
Setting up organization with api access
Setting up organization with api accessSetting up organization with api access
Setting up organization with api accesssivachandra mandalapu
 
CIS 2015 Extreme OAuth - Paul Meyer
CIS 2015 Extreme OAuth - Paul MeyerCIS 2015 Extreme OAuth - Paul Meyer
CIS 2015 Extreme OAuth - Paul MeyerCloudIDSummit
 

Similar to The Most Common Mistakes When Calling Smarty APIs (20)

OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 
Ch 5: Bypassing Client-Side Controls
Ch 5: Bypassing Client-Side ControlsCh 5: Bypassing Client-Side Controls
Ch 5: Bypassing Client-Side Controls
 
ArcSight Enterprise View REST API Developer's Guide
ArcSight Enterprise View REST API Developer's GuideArcSight Enterprise View REST API Developer's Guide
ArcSight Enterprise View REST API Developer's Guide
 
OAuth SPOP @ IETF 91
OAuth SPOP @ IETF 91OAuth SPOP @ IETF 91
OAuth SPOP @ IETF 91
 
What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...
 
Build and graduate your app in ring central
Build and graduate your app in ring centralBuild and graduate your app in ring central
Build and graduate your app in ring central
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connect
 
Create custom authentication provider and forget the hassle of managing token...
Create custom authentication provider and forget the hassle of managing token...Create custom authentication provider and forget the hassle of managing token...
Create custom authentication provider and forget the hassle of managing token...
 
Setting up BuzzCity Account - Server Side API
Setting up BuzzCity Account - Server Side APISetting up BuzzCity Account - Server Side API
Setting up BuzzCity Account - Server Side API
 
Big commerce app development
Big commerce app developmentBig commerce app development
Big commerce app development
 
RefCard RESTful API Design
RefCard RESTful API DesignRefCard RESTful API Design
RefCard RESTful API Design
 
RESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoTRESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoT
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities
 
Integrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use caseIntegrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use case
 
What It Takes to Build API Integrations
What It Takes to Build API IntegrationsWhat It Takes to Build API Integrations
What It Takes to Build API Integrations
 
Secure Coding: SSL, SOAP, and REST
Secure Coding: SSL, SOAP, and RESTSecure Coding: SSL, SOAP, and REST
Secure Coding: SSL, SOAP, and REST
 
Explorer setting
Explorer settingExplorer setting
Explorer setting
 
Setting up organization with api access
Setting up organization with api accessSetting up organization with api access
Setting up organization with api access
 
CIS 2015 Extreme OAuth - Paul Meyer
CIS 2015 Extreme OAuth - Paul MeyerCIS 2015 Extreme OAuth - Paul Meyer
CIS 2015 Extreme OAuth - Paul Meyer
 
Design Web Api
Design Web ApiDesign Web Api
Design Web Api
 

Recently uploaded

PitchBook’s Guide to VC Funding for Startups
PitchBook’s Guide to VC Funding for StartupsPitchBook’s Guide to VC Funding for Startups
PitchBook’s Guide to VC Funding for StartupsAlejandro Cremades
 
zidauu _business communication.pptx /pdf
zidauu _business communication.pptx /pdfzidauu _business communication.pptx /pdf
zidauu _business communication.pptx /pdfzukhrafshabbir
 
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdfInnomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdfInnomantra
 
Equinox Gold Corporate Deck May 24th 2024
Equinox Gold Corporate Deck May 24th 2024Equinox Gold Corporate Deck May 24th 2024
Equinox Gold Corporate Deck May 24th 2024Equinox Gold Corp.
 
What is social media.pdf Social media refers to digital platforms and applica...
What is social media.pdf Social media refers to digital platforms and applica...What is social media.pdf Social media refers to digital platforms and applica...
What is social media.pdf Social media refers to digital platforms and applica...AnaBeatriz125525
 
tekAura | Desktop Procedure Template (2016)
tekAura | Desktop Procedure Template (2016)tekAura | Desktop Procedure Template (2016)
tekAura | Desktop Procedure Template (2016)Norah Medlin
 
How to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptxHow to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptxrdishurana
 
Aspire Time & Life Leadership Workshop 2024
Aspire Time & Life Leadership Workshop 2024Aspire Time & Life Leadership Workshop 2024
Aspire Time & Life Leadership Workshop 2024Dr Sam Collins
 
Powers and Functions of CPCB - The Water Act 1974.pdf
Powers and Functions of CPCB - The Water Act 1974.pdfPowers and Functions of CPCB - The Water Act 1974.pdf
Powers and Functions of CPCB - The Water Act 1974.pdflinciy03
 
What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...srcw2322l101
 
Elevate Your Online Presence with SEO Services
Elevate Your Online Presence with SEO ServicesElevate Your Online Presence with SEO Services
Elevate Your Online Presence with SEO ServicesHaseebBashir5
 
FEXLE- Salesforce Field Service Lightning
FEXLE- Salesforce Field Service LightningFEXLE- Salesforce Field Service Lightning
FEXLE- Salesforce Field Service LightningFEXLE
 
Constitution of Company Article of Association
Constitution of Company Article of AssociationConstitution of Company Article of Association
Constitution of Company Article of Associationseri bangash
 
Pitch Deck Teardown: Terra One's $7.5m Seed deck
Pitch Deck Teardown: Terra One's $7.5m Seed deckPitch Deck Teardown: Terra One's $7.5m Seed deck
Pitch Deck Teardown: Terra One's $7.5m Seed deckHajeJanKamps
 
MichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdfMichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdfmstarkes24
 
ch 2 asset classes and financial instrument.ppt
ch 2 asset classes and financial instrument.pptch 2 asset classes and financial instrument.ppt
ch 2 asset classes and financial instrument.pptZawadAmin2
 
HAL Financial Performance Analysis and Future Prospects
HAL Financial Performance Analysis and Future ProspectsHAL Financial Performance Analysis and Future Prospects
HAL Financial Performance Analysis and Future ProspectsRajesh Gupta
 
TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024Adnet Communications
 
HR and Employment law update: May 2024.
HR and Employment law update: May 2024.HR and Employment law update: May 2024.
HR and Employment law update: May 2024.FelixPerez547899
 
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...Khaled Al Awadi
 

Recently uploaded (20)

PitchBook’s Guide to VC Funding for Startups
PitchBook’s Guide to VC Funding for StartupsPitchBook’s Guide to VC Funding for Startups
PitchBook’s Guide to VC Funding for Startups
 
zidauu _business communication.pptx /pdf
zidauu _business communication.pptx /pdfzidauu _business communication.pptx /pdf
zidauu _business communication.pptx /pdf
 
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdfInnomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
 
Equinox Gold Corporate Deck May 24th 2024
Equinox Gold Corporate Deck May 24th 2024Equinox Gold Corporate Deck May 24th 2024
Equinox Gold Corporate Deck May 24th 2024
 
What is social media.pdf Social media refers to digital platforms and applica...
What is social media.pdf Social media refers to digital platforms and applica...What is social media.pdf Social media refers to digital platforms and applica...
What is social media.pdf Social media refers to digital platforms and applica...
 
tekAura | Desktop Procedure Template (2016)
tekAura | Desktop Procedure Template (2016)tekAura | Desktop Procedure Template (2016)
tekAura | Desktop Procedure Template (2016)
 
How to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptxHow to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptx
 
Aspire Time & Life Leadership Workshop 2024
Aspire Time & Life Leadership Workshop 2024Aspire Time & Life Leadership Workshop 2024
Aspire Time & Life Leadership Workshop 2024
 
Powers and Functions of CPCB - The Water Act 1974.pdf
Powers and Functions of CPCB - The Water Act 1974.pdfPowers and Functions of CPCB - The Water Act 1974.pdf
Powers and Functions of CPCB - The Water Act 1974.pdf
 
What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...
 
Elevate Your Online Presence with SEO Services
Elevate Your Online Presence with SEO ServicesElevate Your Online Presence with SEO Services
Elevate Your Online Presence with SEO Services
 
FEXLE- Salesforce Field Service Lightning
FEXLE- Salesforce Field Service LightningFEXLE- Salesforce Field Service Lightning
FEXLE- Salesforce Field Service Lightning
 
Constitution of Company Article of Association
Constitution of Company Article of AssociationConstitution of Company Article of Association
Constitution of Company Article of Association
 
Pitch Deck Teardown: Terra One's $7.5m Seed deck
Pitch Deck Teardown: Terra One's $7.5m Seed deckPitch Deck Teardown: Terra One's $7.5m Seed deck
Pitch Deck Teardown: Terra One's $7.5m Seed deck
 
MichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdfMichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdf
 
ch 2 asset classes and financial instrument.ppt
ch 2 asset classes and financial instrument.pptch 2 asset classes and financial instrument.ppt
ch 2 asset classes and financial instrument.ppt
 
HAL Financial Performance Analysis and Future Prospects
HAL Financial Performance Analysis and Future ProspectsHAL Financial Performance Analysis and Future Prospects
HAL Financial Performance Analysis and Future Prospects
 
TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024
 
HR and Employment law update: May 2024.
HR and Employment law update: May 2024.HR and Employment law update: May 2024.
HR and Employment law update: May 2024.
 
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
 

The Most Common Mistakes When Calling Smarty APIs

  • 1. Common Mistakes When Calling Smarty APIs Status Codes 401 and 402
  • 2. In today’s webinar, we’ll cover two types of mistakes: “Authentication Required” errors — status code 401 “Payment Required” errors — status code 402
  • 3. “Authentication Required” Errors — Status Code 401 In this section: ● How to authenticate API requests the right way ● Common mistakes in client-side requests ● Common mistakes in server-side requests
  • 4. How to Authenticate API Requests the Right Way 1. Get familiar with your account's API Keys page.
  • 5.
  • 6. How to Authenticate API Requests the Right Way 1. Get familiar with your account's API Keys page. 2. Understand the difference between client-side requests (in a web browser) and server-side requests. Since browsers send a Referer header automatically, our system treats any request that includes a Referer header as a client-side request. In contrast, if the request does NOT have a Referer header, our system treats it is a server-side request.
  • 7.
  • 8. How to Authenticate API Requests the Right Way 1. Get familiar with your account's API Keys page. 2. Understand the difference between client-side requests (in a web browser) and server-side requests. Since browsers send a Referer header automatically, our system treats any request that includes a Referer header as a client-side request. In contrast, if the request does NOT have that header, our system treats it is a server-side request. 3. For client-side calls: ● Include an embedded key in the request URL: key=31050191824945 ● Make sure that the Referer value sent by the browser is listed as a host for the embedded key being used.
  • 9. How to Authenticate API Requests the Right Way 1. Get familiar with your account's API Keys page. 2. Understand the difference between client-side requests (in a web browser) and server-side requests. Since browsers send a Referer header automatically, our system treats any request that includes a Referer header as a client-side request. In contrast, if the request does NOT have that header, our system treats it is a server-side request. 3. For client-side calls: ● Include an embedded key in the request URL: key=31050191824945 ● Make sure that the Referer value sent by the browser is listed as a host for the embedded key being used. 1. For server-side calls: ● Include the secret keys (auth-id and auth-token) in the request URL: auth- id=a1Gf2rC&auth-token=HH3tnV
  • 10. Common Mistakes in Client-Side Requests ● Don't submit secret keys in a client-side request.
  • 11. Common Mistakes in Client-Side Requests ● Don't submit secret keys in a client-side request. ● Don't list the wrong referer/host value with the embedded key. (Look between the slashes of the referer value.)
  • 12. Common Mistakes in Client-Side Requests ● Don't submit secret keys in a client-side request. ● Don't list the wrong referer/host value with the embedded key. (Look between the slashes of the referer value.) ○ For localhost, just list "localhost" without the port number. ○ For calls from the jsfiddle website, the correct host is fiddle.jshell.net
  • 13. Common Mistakes in Client-Side Requests ● Don't submit secret keys in a client-side request. ● Don't list the wrong referer/host value with the embedded key. (Look between the slashes of the referer value.) ○ For localhost, just list "localhost" without the port number. ○ For calls from the jsfiddle website, the correct host is fiddle.jshell.net ● When using a wildcard in a hostname, don't use the * for more than one level of subdomain. For example: complete referer value: www.accounts.smarty.com correct: *.accounts.smarty.com incorrect: *.smarty.com
  • 14. Common Mistakes in Client-Side Requests ● Don't submit secret keys in a client-side request. ● Don't list the wrong referer/host value with the embedded key. (Look between the slashes of the referer value.) ○ For localhost, just list "localhost" without the port number. ○ For calls from the jsfiddle website, the correct host is fiddle.jshell.net ● When using a wildcard in a hostname, don't use the * for more than one level of subdomain. ● Don't forget to explicitly set up a Referer header when calling from a mobile app or when using an embedded key in Postman. (Mobile apps and Postman don't send a Referer header by default, so you will need to set one up manually.)
  • 15. Common Mistakes in Client-Side Requests ● Don't submit secret keys in a client-side request. ● Don't list the wrong referer/host value with the embedded key. (Look between the slashes of the referer value.) ○ For localhost, just list "localhost" without the port number. ○ For calls from the jsfiddle website, the correct host is fiddle.jshell.net ● When using a wildcard in a hostname, don't use the * for more than one level of subdomain. ● Don't forget to explicitly set up a Referer header when calling from a mobile app or when using an embedded key in Postman. (Mobile apps and Postman don't send a Referer header by default, so you will need to set one up manually.) ● Don't forget to URL-encode the request URL. For example, a # symbol that is not URL- encoded will break up the request URL, and our system will not recognize any part of the URL after the # symbol.
  • 16. Common Mistakes in Server-Side Requests ● Don't send an embedded key in a server-side request.
  • 17. Common Mistakes in Server-Side Requests ● Don't send an embedded key in a server-side request. ● Don't type the auth-id or auth-token by hand; you might mistype a 1 for a lower-case l or a 0 for a capital O.
  • 18. Common Mistakes in Server-Side Requests ● Don't send an embedded key in a server-side request. ● Don't type the auth-id or auth-token by hand; you might mistype a 1 for a lower-case l or a 0 for a capital O. ● Don't forget to URL-encode the request URL.
  • 19. “Payment Required” Errors — Status Code 402 In this section: ● Understanding your Smarty account and your licenses ● Common mistakes that result in a "Payment Required" error
  • 20. Understanding Your Smarty Account and Your Licenses ● If you are a developer trying to work with the Smarty APIs, we recommend that you be able to log in to the Smarty account you are trying to use. Currently, each Smarty account has only a single login email and password, so you would need to obtain those login details from whomever has them.
  • 21. Understanding Your Smarty Account and Your Licenses ● If you are a developer trying to work with the Smarty APIs, we recommend that you be able to log in to the Smarty account you are trying to use. Currently, each Smarty account has only a single login email and password, so you would need to obtain those login details from whomever has them. ● Be familiar with the different pages available in your account, especially the Subscriptions and API Keys pages.
  • 22. Understanding Your Smarty Account and Your Licenses ● If you are a developer trying to work with the Smarty APIs, we recommend that you be able to log in to the Smarty account you are trying to use. Currently, each Smarty account has only a single login email and password, so you would need to obtain those login details from whomever has them. ● Be familiar with the different pages available in your account, especially the Subscriptions and API Keys pages. ● Make sure you understand your licenses. Know which APIs they allow you to call and what specific abilities are included. Because we offer so many different licenses, distinguishing them can be tricky. Feel free to ask the Support team or your sales rep about the abilities of any particular license.
  • 23. Common Mistakes That Result in a Payment Required Error ● Don't use API keys from the wrong account. Many companies have multiple Smarty accounts — for example, a production account and several accounts used by individual developers. Make sure the auth credentials you are submitting in the request URL pertain to the account that actually has the right subscription in it.
  • 24. Common Mistakes That Result in a Payment Required Error ● Don't use API keys from the wrong account. ● Don't try to call an API that is not supported by one of your licenses. Example: You try to call the US Autocomplete Pro API, but you only have a US Address Verification subscription, with a US Core Edition license. (Our US Autocomplete service requires its own license.)
  • 25. Common Mistakes That Result in a Payment Required Error ● Don't use API keys from the wrong account. ● Don't try to call an API that is not supported by one of your licenses. ● If using one of our SDKs, don't assume that the license value listed in the Github example code is the right one. Example: The default license listed in the Github example code is us- rooftop-geocoding-cloud, but you don't actually have a Rooftop Geocoding license. You may need to change the license value to us-core-cloud or us-standard-cloud. This line is from the JavaScript SDK: let clientBuilder = new SmartyCore.ClientBuilder(credentials) .withBaseUrl("YOUR URL").withLicenses(["us-rooftop-geocoding-cloud"]);
  • 26. Common Mistakes That Result in a Payment Required Error ● Don't use API keys from the wrong account. ● Don't try to call an API that is not supported by one of your licenses. ● If using one of our SDKs, don't assume that the license value listed in the Github example code is the right one. ● Don't try to use an ability that doesn't pertain to your specific license. Examples: ○ When calling our US Street Address API, you include match=enhanced, but you don't have a US Core Edition license. You only have the older US Standard Edition license (which doesn’t include enhanced matching).
  • 27. Common Mistakes That Result in a Payment Required Error ● Don't use API keys from the wrong account. ● Don't try to call an API that is not supported by one of your licenses. ● If using one of our SDKs, don't assume that the license value listed in the Github example code is the right one. ● Don't try to use an ability that doesn't pertain to your specific license. Examples: ○ When calling our US Street Address API, you include match=enhanced, but you don't have a US Core Edition license. You only have the older US Standard Edition license (which doesn’t include enhanced matching). ○ When calling our International Street API, you include geocode=true, but your license is an International Global Basic license that doesn't include geocodes.
  • 28. Common Mistakes That Result in a Payment Required Error ● Don't use API keys from the wrong account. ● Don't try to call an API that is not supported by one of your licenses. ● If using one of our SDKs, don't assume that the license value listed in the Github example code is the right one. ● Don't try to use an ability that doesn't pertain to your specific license. Examples: ○ When calling our US Street Address API, you include match=enhanced, but you don't have a US Core Edition license. You only have the older US Standard Edition license (which doesn’t include enhanced matching). ○ When calling our International Street API, you include geocode=true, but your license is an International Global Basic license that doesn't include geocodes. ○ When calling our International Street API, you submit an address from a country not included with your particular license.
  • 29. Finishing Up The Smarty Support team is here for you. We pride ourselves on being super responsive. Our regular hours are weekdays 8 to 5 Mountain Time. Phone: 801-877-5778 Chat: smarty.com Email: support@smarty.com
  • 30. Try our APIs for free! smarty.com/signup