Thanks @pisum for the response. I can separate my issues here:
I. Using Postman via their website. All of the following seem to work fine:
- Getting an access token:
POST https://www.inaturalist.org/oauth/token?client_id={{app_id}}&client_secret={{app_secret}}&grant_type=password&username={{username}}&password={{password}}
- Retrieving observations via the old API, with the
access_token
returned above. This DOES return private_latitude
and private_longitude
:
GET https://www.inaturalist.org/observations.json?user_id=6321993&extra=fields,identifications
headers: { accept: :json, bearer: {{access_token}} }
- Getting observations from the new API v1, using only the
access_token
above. This returns observation data but does NOT return private_location
:
https://api.inaturalist.org/v1/observations?user_id={{my_user_id}}
headers: { accept: :json, bearer: {{access_token}} }
- Getting a JWT also works fine:
GET https://www.inaturalist.org/users/api_token
headers: { bearer: {{access_token}} }
- Getting observations via the new API with a JWT works ok, but also does NOT return
private_location
. Here I believe i’m making the authorized request correctly, and passing the JWT correctly, because i’m getting a response with all my observations — the response just doesn’t contain any private_location
, nor any location info at all for my observations where the location was marked private
.:
https://api.inaturalist.org/v1/observations?user_id=6321993
headers: { authorization: {{jwt_api_token}} }
II. Using RestClient
cli (ruby) from localhost
This does NOT return private obs data even with the old API, does not return anything private via the new API v1, and does not grant the JWT period, even though i’m doing it I believe the same sequence as above (see below).
I kind of suspect that this may be because it’s coming from localhost
, while the Postman requests DO work because they’re coming from the Postman website with SSL? Is that possible?
Both @JoeCohen and I have been trying to authenticate from localhost by the book, and we are not able to get the private data on our own obs.
irb> access_token_request = RestClient.execute(method: :post, url: "https://www.inaturalist.org/oauth/token", headers: { params: { client_id: {{app_id}}, client_secret: {{app_secret}}, grant_type: :password, username: {{username}}, password: {{password}} }, accept: :json })
=> <RestClient::Response 200 "{\"access_token...">
> # Response contains access_token
irb> observations_old_api_request = obs = RestClient::Request.execute(method: :get, url: "http://www.inaturalist.org/observations.json", headers: { params: { user_id: 6321993 }, accept: :json, bearer: {{access_token}} })
=> <RestClient::Response 200 "[{\"id\":2354...">
> # Response contains observation data but no private_latitude
irb> jwt_request = RestClient::Request.execute(method: :get, url: "https://www.inaturalist.org/users/api_token", headers: {accept: :json, authorization: { "bearer": {{access_token}} } })
irb(main):058> 401 Unauthorized (RestClient::Unauthorized)
TL;DR: The only way i’ve succeeded in getting private location data is via Postman’s web interface using iNat’s old API.
Nothing I have tried retrieves the private location data from my local dev environment, even when the responses indicate all auth is 200 OK and both access_token and JWT have been granted.