Can't send messages to a chat? about groupy HOT 9 CLOSED

Thanks for getting back to me, and I'm glad it wasn't an isolated issue. I will look into creating an application and getting a token that actually works. Appreciate the help.

from groupy.

I've only ever seen the API return 429 when I make requests too quickly and rate limiting kicks in.

Unfortunately I'm on holiday without a laptop so I won't be able to investigate this for several days, but one thing you could try is to make the request using the underlying requests session and see if the response contains a Retry-After header indicating how long before you can try again. Also the API just might be returning some valuable information in JSON too.

from groupy.

I'm only sending single requests, and I got a 429 the first time I tried to use a chat. I'm not spamming messages or anything. I tried to recreate what's going on in api/messages.py here. But I must not be doing something right, because I keep getting 404's.

from groupy.

Alright, I got it working now. Here's what my code looks like:

import requests
import time

headers = {
    'content-type': 'application/json',
    'x-access-token': token
}

payload = {'direct_message': {'source_guid': time.time(), 'recipient_id': recipient_id, 'text': 'Hello, world!'}}

response = requests.post('https://api.groupme.com/v3/direct_messages', json=payload, headers=headers)

print(response.text)
print(response.headers)

Which results in:

429 Too Many Requests (Rate Limit Exceeded)

{'Content-Type': 'text/plain; charset=utf-8', 'Date': 'Tue, 03 Jul 2018 02:27:31 GMT', 'Server': 'nginx/1.12.2', 'Status': '429 Too Many Requests', 'X-Frame-Options': 'sameorigin', 'X-Xss-Protection': '1; mode=block', 'Content-Length': '44', 'Connection': 'keep-alive'}

I don't see a Retry-After header. The only interesting header is that they have X-Xss-Protection enabled. I doubt using their API would trigger XSS protection however.

I've tried multiple different recipients, I always get the same 429. Again, I'm not spamming. I've never had a direct message work, but sending messages to group chats works fine.

from groupy.

Yeah them providing that header was kind of a long shot. I also don't see that xss would come into play here. I'm fairly certain that this worked when I did functional testing on it... not sure why you're getting rate limited. The docs don't mention that at all. Could be that they changed things on their end.

I'm be happy to investigate what's going on when I return. One tactic I found helpful was to reverse engineer what their web client does so you might try that for further insights. I've not had much success with reaching out to the folks at GroupMe since they did away with their help chat but perhaps they can pinpoint what's wrong.

Once we know what to change I can update the code (or review a PR 😄)

from groupy.

I'd be happy to send a PR when I can figure out what's going on :(

Just as a sanity check I tried changing my IP (using proxy & VPN) and changing my user agent string to something more organic- both, no dice.

I took your advice and reverse engineered the request through the web client. What your API does and what my browser is doing are nearly identical. The parameters and URL are exactly the same. I went ahead and mirrored the request headers and... still getting 429.

headers = {
    'Accept': 'application/json, text/plain, */*',
    'Accept-Encoding': 'gzip, deflate, br',
    'Accept-Language': 'en-US,en;q=0.5',
    'Connection': 'keep-alive',
    'Content-Type': 'application/json;charset=utf-8',
    'Host': 'api.groupme.com',
    'Origin': 'https://web.groupme.com',
    'Referer': 'https://web.groupme.com/',
    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64?) Gecko/20100101 Firefox/60.0',
    'X-Access-Token': token
}

One thing I did notice is that my token is different in the web client than my dev token, which could explain all this... Perhaps GroupMe is blocking direct messages for dev tokens specifically? Maybe they were getting a lot of global abuse / malicious activity and had to stop it? I hope that this isn't happening to just me, because that would be really confusing.

from groupy.

Dang. I really hoped there would be a significant difference compared to the web client.

Your theory about blocking certain tokens is plausible but it's not clear to me how they would differentiate a seemingly identical request. A big part of me wants to cut vacation short so I can see whether I'm also seeing this behavior 😂

Another thing we could try is to create a new account and see if it's being blocked. That gets tricky though unless you happen to have a spare phone number laying around...

from groupy.

Okay, finally got a chance to try and send a chat message myself. Right off the bat I got a 429 for my first attempt. Something must have changed about the API. Time to see what the devs at GroupMe have to say about this.

from groupy.

@vesche okay, so here's what finally worked. I created an Application at https://dev.groupme.com/applications. At the end of that process it provides you an API access token so you can go ahead and start making requests as yourself without using oauth. Note that despite authenticating you as you, this token is different. Anyway, using that token worked without a problem. I'm fairly certain that I didn't have to go through this process when I did functional testing before so I'm trying to confirm that with the devs...

Either way, I'll update my documentation to mention this. Thanks for bringing it to my attention and sorry for the time you lost looking into it.

from groupy.