3xiondev — 9/15/2023, 4:53:55 PM

@radi8 how do you get a wasteof auth token for use with the API? sorry if this is a dumb question, i’ve never really worked with APIs before

♥ 1 ↩ 0 💬 22 comments

comments

asfsdgdfd:

I'm not @radi8, but you do a post request to api.wasteof.money/session with a request body that contains a username and password field.

9/15/2023, 4:59:30 PM
3xiondev:

thanks, i have no idea what that means, i’ve never used an api before. could you dumb it down a bit for me?

9/15/2023, 5:08:22 PM
asfsdgdfd:

what programming language are you using? if you're using JS (on web), you can do a fetch request using the following code: 

 fetch('https://api.wasteof.money/session',
      {
         method: 'POST',
         headers: { 'content-type': 'application/json' },
         body: JSON.stringify({
            "YOUR USERNAME",
            "YOUR PASSWORD"
         })
  })
  .then((response) => response.json())
  .then((res) => {
     if (res.error || res === {} || Object.keys(res).length === 0) {
       console.error(res)
       alert('an error occured. you may have entered the wrong password.')
     } else {
       // do something with res.token
     }
  })

This snippet of code accesses the wasteof session API endpoint and gives it a username and password. The API returns an authentication token that can be used for any of the other authenticated endpoints. (getting messages, initiation websockets, etc.)

MDN Web Docs Fetch API reference: https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch

9/15/2023, 5:25:23 PM
3xiondev:

Could I define a variable with res.token in } else { ?

9/15/2023, 5:27:52 PM
asfsdgdfd:

yes

9/15/2023, 5:30:35 PM
asfsdgdfd:

don't forget to set the username and password (preferably to a value stored in a .env file if this is some sort of bot). if this is a website then disregard that advice and just use whatever the user’s username/password is. another consideration is that if you run this code on the client of a website, the username/password will be visible to anyone who does Ctrl+Inspect and looks at the Network Tab, so make sure you don't hardcode your username/password or anything.

9/15/2023, 5:32:35 PM
asfsdgdfd:

you can also get session info btw using a GET request to the session endpoint to get details about the logged-in session (i don't know if this is important for your purposes)

fetch('https://api.wasteof.money/session',
      {
         method: 'GET',
         headers: { 'content-type': 'application/json', 'Authorization': "YOUR RES.TOKEN HERE" },
  })
  .then((response) => response.json())
  .then((res) => {
     if (res.error || res === {} || Object.keys(res).length === 0) {
       console.error(res)
       alert('an error occured. you may have entered the wrong password.')
     } else {
       // do something with res
     }
  })

which returns an object like:

{
    "user": {
        "name": "imadeanaccount",
        "id": "63fcf11ebac4b7a8034e1327",
        "bio": "Beta user, developer who made an account | :D | Follow to see more of my posts. ⭐",
        "verified": false,
        "permissions": {
            "admin": false,
            "banned": false
        },
        "beta": true,
        "color": "yellow",
        "links": [],
        "history": {
            "joined": 1677521182357
        }
    },
    "flags": {
        "isAdminImpersonating": false,
        "showRecoveryMessage": false
    }
}

if you are creating a client website or something this might be useful.

9/15/2023, 5:40:49 PM
3xiondev:

SyntaxError: Unexpected string (at fetch.js:10:13)

9/15/2023, 6:01:42 PM
3xiondev:

This is happening at:

body: JSON.stringify({

"YOUR USERNAME", ← here, stringify does not seem to be working

9/15/2023, 6:06:03 PM
asfsdgdfd:

oh sorry! i made a mistake, this section shold be:

 body: JSON.stringify({
            "username": "YOUR USERNAME",
            "password": "YOUR PASSWORD"
         })
9/15/2023, 6:07:34 PM
3xiondev:

Well now it’s not doing anything :P

I’m having the console log res.token but it’s not logging anything

9/15/2023, 6:10:13 PM
asfsdgdfd:

what type of site are you making? can you try pasting your code into the JS console of a wasteof tab cause it’s working for me there:

9/15/2023, 6:14:26 PM
3xiondev:

I’m not making a site, I’m learning how to operate the wasteof API because I would like to make a very simple wasteof bot

9/15/2023, 6:15:28 PM
3xiondev:

school chromebook, no console =(

9/15/2023, 6:17:52 PM
asfsdgdfd:

after further research, chances are you are experiencing a CORS error (which you can't see being logged because the console is blocked). basically, you can only get a session token from the wasteof API on a server, not from your front end website.

example:

9/15/2023, 6:49:48 PM
asfsdgdfd:

the fix for this is to handle authentication using a server or Serverless function architecture such as a Firebase Functions, which is mostly free (typically like 1 cent to start out) or an API for your website. Depending on your framework/tech stack, the best option may vary.

9/15/2023, 6:52:59 PM
3xiondev:

Yep, it’s a cors error. How are some others able to access the api without getting an error?

9/15/2023, 9:28:40 PM
asfsdgdfd:

who have you seen that is able to access it without CORS errors? i have seen people connect using a server or a framework like svelte or next.js with server-side capabilities but most bots run on servers (not from web clients) or on replit so they would be exempt from CORS rules. my suggestion would be to use Firebase Functions though.

9/15/2023, 9:42:14 PM
radi8:

oooor a corsproxy

9/16/2023, 12:11:39 PM
asfsdgdfd:

true (i didn’t think of that)

9/16/2023, 10:17:25 PM
radi8:

you could use some sort of corsproxy

9/16/2023, 12:11:25 PM
3xiondev:

i guess

9/16/2023, 1:42:59 PM