Data submissions via the API


#1

Hi all,

Does anyone know if the ‘client’ within the http POST needs to be registered with MB before MB will except POSTs from said client?

Thanks in advance


#2

Hi @PoQStacker, yes, it needs to be registered at https://musicbrainz.org/account/applications


#3

I think that’s not true if you’re not using OAuth for authentication. The endpoints listed at https://musicbrainz.org/doc/Development/XML_Web_Service/Version_2#Submitting_data work without a registered client when using digest authentication. In fact, I can’t find any mention of OAuth on that page at all :frowning:


#4

Right, but OAuth is recommended, and digest auth will be deprecated at some point.

See submit_* scopes at https://musicbrainz.org/doc/Development/OAuth2

Both WS and OAuth doc are linked from https://musicbrainz.org/doc/Development#Clients


#5

Thanks guys for all your assistance. I have fixed my bug - it is working using Auth. I was using the same Auth Digest function as I used to retrieve the “user-genre”, however, (embarrassingly) I didn’t change the method within the Digest function from GET to POST - oops!

I am so glad I had this bug and asked this question, otherwise I would NOT have known about the migration to OAuth2…

Is there a time-line (or suggested time-line) for the denial of Auth access? I would like to focus on the UI side of my application at this time - if possible, and do the OAuth2 thing in my next release.

Will there be a distinct error message or code given to the denial of Auth access that I can detect and implement in this release to prompt the User to upgrade?


#6

Digest auth won’t be denied any time soon. While Picard switched to OAuth2 already, libmusicbrainz didn’t yet. Only then it may be officially deprecated and finally denied months later. It might also be delayed to match the deployment of the new OAuth2 server (discussed at MeB Summit 18).

HTTP response with 401 code won’t include Digest method in WWW-Authenticate header.