Discuss Scratch
- Discussion Forums
- » Advanced Topics
- » Try to use the 3.0 scratch API
- mathman05
- Scratcher
24 posts
Try to use the 3.0 scratch API
my old issues:
For anyone afterward trying to get yours working:
when using the POST make sure
1. the website you are posing is: https://scratch.mit.edu/login/
2. make sure your headers are: {{“X-CSRFToken”, “a”}, {“x-requested-with”, “XMLHttpRequest”}, {“Cookie”, “scratchcsrftoken=a;scratchlanguage=en;”}, {“referer”, "https://scratch.mit.edu"}}
3. use the format(change the BOLD) {“username”:"yourUsername“,”yourPassword“:”password"}
4. if you get HTML for a 403 error, your headers are wrong
5. if you get HTML for the scratch servers aren't working, your body is wrong and your headers are fine
6. if you get a error like [{“username”: “mathman05”, “num_tries”: 1, “success”: 0, “msg”: “Incorrect username or password.”, “messages”: , “id”: null}] it means you got the password or username wrong
7. if you get a message like [{“username”: “mathman05”, “token”: “num1:num2”, “num_tries”: 1, “success”: 1, “msg”: “”, “messages”: , “id”: num}] you got it all right
8. never EVER share your token, it is YOUR scratch account this is how people could become you, they could find your email, messages, backpack, unshared projects, everything, and they could do what you can do, comment on projects, change studio discussions, share projects, etc.
9. your token is where num1:num2 is it is not a number it is a very long string
10. to use your token on the API add ?x-token=YOURTOKEN to the end of your API request this will give you Authentication so if it says you don't have it put that on the end of the API request
11. if anyone has your token or you think they might have your token email the scratch team right away at https://scratch.mit.edu/contact-us/#
12. Be careful and don't try something with your token unless you know for sure its scratch API and not just someone trying to steal your acount
I want to try and use the 3.0 scratch API, but I'm not using javascript and I don't really know it all that well I can do GET and PUT at least but I don't really know what else I can do and should look for, I've gotten to https://api.scratch.mit.edu/users/<user>/messages?x-token=<Token> but I have no idea where to get said token sorry if this is already explained elsewhere but I simply couldn't find it or couldn't understand it, thanks if you are willing to help. also if you could, would you please mention the other ways to get information, like the stuff in my backpack and how to follow people and make comments, I'm sorry if I'm asking a lot but I want to try and use the API. also if posable I would like to get the token using the API.
For anyone afterward trying to get yours working:
when using the POST make sure
1. the website you are posing is: https://scratch.mit.edu/login/
2. make sure your headers are: {{“X-CSRFToken”, “a”}, {“x-requested-with”, “XMLHttpRequest”}, {“Cookie”, “scratchcsrftoken=a;scratchlanguage=en;”}, {“referer”, "https://scratch.mit.edu"}}
3. use the format(change the BOLD) {“username”:"yourUsername“,”yourPassword“:”password"}
4. if you get HTML for a 403 error, your headers are wrong
5. if you get HTML for the scratch servers aren't working, your body is wrong and your headers are fine
6. if you get a error like [{“username”: “mathman05”, “num_tries”: 1, “success”: 0, “msg”: “Incorrect username or password.”, “messages”: , “id”: null}] it means you got the password or username wrong
7. if you get a message like [{“username”: “mathman05”, “token”: “num1:num2”, “num_tries”: 1, “success”: 1, “msg”: “”, “messages”: , “id”: num}] you got it all right
8. never EVER share your token, it is YOUR scratch account this is how people could become you, they could find your email, messages, backpack, unshared projects, everything, and they could do what you can do, comment on projects, change studio discussions, share projects, etc.
9. your token is where num1:num2 is it is not a number it is a very long string
10. to use your token on the API add ?x-token=YOURTOKEN to the end of your API request this will give you Authentication so if it says you don't have it put that on the end of the API request
11. if anyone has your token or you think they might have your token email the scratch team right away at https://scratch.mit.edu/contact-us/#
12. Be careful and don't try something with your token unless you know for sure its scratch API and not just someone trying to steal your acount
Last edited by mathman05 (Nov. 4, 2020 04:49:23)
- apple502j
- Scratcher
1000+ posts
Try to use the 3.0 scratch API
Token is obtainable by accessing /session - but that requires you to log in.
This is a bit hard, what language are you using?
This is a bit hard, what language are you using?
署名は、ディスカッションフォーラムの機能である。署名は、その人のすべての投稿の下部に追加される。署名は、BBCodeで記述できる。 署名を追加/変更/削除したい場合は、ディスカッションフォーラムのホームの一番下に行き、「Change your signature」を押す。署名の大きさは150pxまでである。これには、改行、画像を含む。- Japanese Scratch-Wiki 「署名」
- mathman05
- Scratcher
24 posts
Try to use the 3.0 scratch API
eh, the language, I have no idea what its called, and as I said I have GET and PUT that's it which I really do hope its enough, could you do something like
GET:https://website/<lable>
POST:HTTPS//website/<lable>
I'm sorry if I'm asking too much, thanks for responding. also how would I find out other scratch API I can interact with, like the backpack, and commenting thanks for your help.
GET:https://website/<lable>
POST:HTTPS//website/<lable>
I'm sorry if I'm asking too much, thanks for responding. also how would I find out other scratch API I can interact with, like the backpack, and commenting thanks for your help.
Last edited by mathman05 (Nov. 3, 2020 13:30:28)
- Pufferfish_Test
- Scratcher
500+ posts
Try to use the 3.0 scratch API
https://towerofnix.github.io/scratch-api-unofficial-docs/ is a pretty good reference for most of the scratch api. You can take a look at some of the issues on github for apis that haven't been added to those docs yet but do exist - sometimes you might have to browse through some scratch-www code to actually fond the endpoints though.
This is my signature, and appears below eeevvvveeerrrryyy post I write
Try out Ocular
Good evening. I am a gerbil. Are you a gerbil? I know I am. Gerbils are possibly the most important beings in the universe; they are super intelligent and they eat carrots so we don't have to.
If you are reading this, you're probably thinking one of 3 things:
- This dude's not a gerbil, he's a pufferfish/human/bison/whatever other organism/inanimate object you mistakenly believe I am.
- Why am I reading this????????
- I'm hungry
The second one is a valid question, and one that has no satisfactory answer other than that you're really ,really, really bored.
As for the 3rd one - so am I. You're not alone.
- mathman05
- Scratcher
24 posts
Try to use the 3.0 scratch API
that helps as I needed that list , but I still need a way to get a token using the API, the way they do it isn't using the API…
- Pufferfish_Test
- Scratcher
500+ posts
Try to use the 3.0 scratch API
If you know javascript, take a look at https://github.com/Zxnii/scratch-site-api/blob/6eee9de4b32b2d406b2ba9e9c9e5d3809ffb7012/index.js#L19.
If not, I'll try and explain it in words
If not, I'll try and explain it in words
This is my signature, and appears below eeevvvveeerrrryyy post I write
Try out Ocular
Good evening. I am a gerbil. Are you a gerbil? I know I am. Gerbils are possibly the most important beings in the universe; they are super intelligent and they eat carrots so we don't have to.
If you are reading this, you're probably thinking one of 3 things:
- This dude's not a gerbil, he's a pufferfish/human/bison/whatever other organism/inanimate object you mistakenly believe I am.
- Why am I reading this????????
- I'm hungry
The second one is a valid question, and one that has no satisfactory answer other than that you're really ,really, really bored.
As for the 3rd one - so am I. You're not alone.
- mathman05
- Scratcher
24 posts
Try to use the 3.0 scratch API
yeah, I don't really know javascript, thanks for your help that website was really helpful all I need now is a way to get that token
- mathman05
- Scratcher
24 posts
Try to use the 3.0 scratch API
although it doesn't look all that bad give me a sec to try
- mathman05
- Scratcher
24 posts
Try to use the 3.0 scratch API
I was close, what does this mean?
(PS I know its HTML but what does it need from me?)
<!DOCTYPE html> <html lang=“en”> <head> <meta http-equiv=“content-type” content=“text/html; charset=utf-8”> <meta name=“robots” content=“NONE,NOARCHIVE”> <title>403 Forbidden</title> <style type=“text/css”> html * { padding:0; margin:0; } body * { padding:10px 20px; } body * * { padding:0; } body { font:small sans-serif; background:#eee; } body>div { border-bottom:1px solid #ddd; } h1 { font-weight:normal; margin-bottom:.4em; } h1 span { font-size:60%; color:#666; font-weight:normal; } #info { background:#f6f6f6; } #info ul { margin: 0.5em 4em; } #info p, #summary p { padding-top:10px; } #summary { background: #ffc; } #explanation { background:#eee; border-bottom: 0px none; } </style> </head> <body> <div id=“summary”> <h1>Forbidden <span>(403)</span></h1> <p>CSRF verification failed. Request aborted.</p> <p>You are seeing this message because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.</p> <p>If you have configured your browser to disable 'Referer' headers, please re-enable them, at least for this site, or for HTTPS connections, or for 'same-origin' requests.</p> </div> <div id=“explanation”> <p><small>More information is available with DEBUG=True.</small></p> </div> </body> </html>
(PS I know its HTML but what does it need from me?)
<!DOCTYPE html> <html lang=“en”> <head> <meta http-equiv=“content-type” content=“text/html; charset=utf-8”> <meta name=“robots” content=“NONE,NOARCHIVE”> <title>403 Forbidden</title> <style type=“text/css”> html * { padding:0; margin:0; } body * { padding:10px 20px; } body * * { padding:0; } body { font:small sans-serif; background:#eee; } body>div { border-bottom:1px solid #ddd; } h1 { font-weight:normal; margin-bottom:.4em; } h1 span { font-size:60%; color:#666; font-weight:normal; } #info { background:#f6f6f6; } #info ul { margin: 0.5em 4em; } #info p, #summary p { padding-top:10px; } #summary { background: #ffc; } #explanation { background:#eee; border-bottom: 0px none; } </style> </head> <body> <div id=“summary”> <h1>Forbidden <span>(403)</span></h1> <p>CSRF verification failed. Request aborted.</p> <p>You are seeing this message because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.</p> <p>If you have configured your browser to disable 'Referer' headers, please re-enable them, at least for this site, or for HTTPS connections, or for 'same-origin' requests.</p> </div> <div id=“explanation”> <p><small>More information is available with DEBUG=True.</small></p> </div> </body> </html>
- mathman05
- Scratcher
24 posts
Try to use the 3.0 scratch API
I figured it out but now its saying “Bad Request” any idea how to fix that?
- apple502j
- Scratcher
1000+ posts
Try to use the 3.0 scratch API
You first need to fetch CSRF token, then login, then get session. You need to pass cookies and headers (Origin, X-Requested-With, X-Token)
署名は、ディスカッションフォーラムの機能である。署名は、その人のすべての投稿の下部に追加される。署名は、BBCodeで記述できる。 署名を追加/変更/削除したい場合は、ディスカッションフォーラムのホームの一番下に行き、「Change your signature」を押す。署名の大きさは150pxまでである。これには、改行、画像を含む。- Japanese Scratch-Wiki 「署名」
- mathman05
- Scratcher
24 posts
Try to use the 3.0 scratch API
the headers are now put in correctly and the website pulls up instead of an error, it's still an error but the body is the last part that could error.
- mathman05
- Scratcher
24 posts
Try to use the 3.0 scratch API
I figured it out! thank you so much for your help!
- Discussion Forums
- » Advanced Topics
- » Try to use the 3.0 scratch API