wMw_ said: Am I allowed to hardcode client-id? So there's no action needed by users for application to work properly. Yes, you can. The OAuth 2.0 RFC defines two client types: • Confidential:
Clients capable of maintaining the confidentiality of their
credentials (e.g., client implemented on a secure server with
restricted access to the client credentials), or capable of secure
client authentication using other means.
• Public:
Clients incapable of maintaining the confidentiality of their
credentials (e.g., clients executing on the device used by the
resource owner, such as an installed native application or a web
browser-based application), and incapable of secure client
authentication via any other means.Your application falls into the second category. MAL provides public clients with only a Client ID as they're unable to properly store any kind of credentials. The Client ID is considered public information. To register your application as a public client, you must set your App Type to "other", "Android", or "iOS". The "web" type is the only one reserved for confidential clients. |
 ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: 第三世界のじょんぺり & 1041uuu |
| Thank you for confirmation! Arigatou |
| @Battlemuffins, your problem is that the query is missing the nsfw=true parameter, briefly explained at the very top of the documentation. The following query will return both entries: GET https://api.myanimelist.net/v2/anime?q=Lycoris_Recoil&nsfw=true
...
"data": [
{
"node": {
"id": 54440,
"title": "Lycoris Recoil (Shinsaku Animation)",
"main_picture": {...}
}
},
{
"node": {
"id": 50709,
"title": "Lycoris Recoil",
"main_picture": {...}
}
},
...If you replace the underscore with a white space, you'll get the main anime as the first result: GET https://api.myanimelist.net/v2/anime?q=Lycoris%20Recoil&nsfw=true
...
"data": [
{
"node": {
"id": 50709,
"title": "Lycoris Recoil",
"main_picture": {...}
}
},
{
"node": {
"id": 54440,
"title": "Lycoris Recoil (Shinsaku Animation)",
"main_picture": {...}
}
},
...The NSFW parameter is poorly implemented. Each anime has a nsfw field that can either be white (safe for work), gray (may not be safe for work), or black (not safe for work). By default, all new entries are marked as gray, and a DB moderator has to manually set it to the appropriate value. Many SFW series are still marked as gray, hidden from search results. I suggest you add the nsfw=true parameter to all your queries in the future. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: 第三世界のじょんぺり & 1041uuu |
| @BorisForis: Hi! I guess that you're trying to call the API straight from your web page. Unfortunately, you cannot do that since the API doesn't return the CORS headers required to call it directly from your browser. There's no easy solution and it should be fixed by MAL. The usual workaround is to have some kind of middleware that can fix this for you. For example, a local application, a serverless function, a web proxy, or a remote server. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: 第三世界のじょんぺり & 1041uuu |
Reply to BorisForis
@ZeroCrystal I was hoping for a solution but in the end I ended up using jikan... Btw you don't happen to know what the highest mal_id is do you? So far I've gone as high as 54501
BorisForis said: Btw you don't happen to know what the highest mal_id is do you? So far I've gone as high as 54501 New entries are added every day. Currently, 56626 is the latest ID. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: 第三世界のじょんぺり & 1041uuu |
Reply to SuperDenZ
It's working but I don't understand how to get Auth2.0 work. Specially code_challanged parameter
| @SuperDenZ Hi! The Code Challenge must be equal to your Client Verifier. You can take a look at my guide if you need help. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: 第三世界のじょんぺり & 1041uuu |
Reply to oolyvi
How can we apply this on android while using retrofit?
| @oolyvi Hi! I never used Retrofit before but, reading the documentation, it should be quite easy to accomplish. Go here and scroll down till you reach the Header Manipulation section. You should do something very close to that example: add the X-MAL-CLIENT-ID header, as explained in the first post, and it should work. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: 第三世界のじょんぺり & 1041uuu |
Reply to oolyvi
@ZeroCrystal I wrote something like this, but doesn't work
@Headers("X-MAL-CLIENT-ID: $CLIENT_ID")
@GET("/v2/anime/season/{year}/{season}")
suspend fun getSeasonalAnimes(
@Query("year") year: Int,
@Query("season") season: String,
): Response<SeasonalAnimes>| @oolyvi What kind of error did you get? |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: 第三世界のじょんぺり & 1041uuu |
| Great. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: 第三世界のじょんぺり & 1041uuu |
Reply to jajaja09087
Hello, I have got a problem.
I want to access public information but if gives me a 403 forbidden error.
I run the code on a Firebase Cloud Function.
Could please anyone help me? Thank you very much
I want to access public information but if gives me a 403 forbidden error.
I run the code on a Firebase Cloud Function.
export const myanimelist = functions.https.onRequest((request, response) => {
const url = "https://api.myanimelist.net/v2/anime?q=one&limit=4";
fetch(url)
.then((response) => {
if (!response.ok) {
throw new Error("Network response was not ok" +
response.statusText);
}
return response.json();
})
.then((data) => {
console.log(data);
response.json(data);
})
.catch((error) => {
console.error("Error:", error);
response.status(500).send("Error fetching MAL data");
});
});
Could please anyone help me? Thank you very much
@jajaja09087 Hi! When you want to call the public endpoints, you must pass your Client ID as part of the HTTP headers. Like so:fetch(url, {headers: {"X-MAL-CLIENT-ID": "your-client-id-here"}}) |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: 第三世界のじょんぺり & 1041uuu |
Reply to Kobaru
Hello, I have a problem trying to use the API : https://i.imgur.com/6entWso.png
My console.log does send the correct ID. I've tried in postman without issue, and it's working.
I had to add a "no-cors" mode at some point because it kept me out for some reasons (still no understanding why thou).
But I still get 403 while postman isn't getting any.
For context I'm using electron, and I'm a beginner with this environnement so I'm not sure where the error could come from.
My console.log does send the correct ID. I've tried in postman without issue, and it's working.
I had to add a "no-cors" mode at some point because it kept me out for some reasons (still no understanding why thou).
But I still get 403 while postman isn't getting any.
For context I'm using electron, and I'm a beginner with this environnement so I'm not sure where the error could come from.
| @Kobaru Hi! By default, Electron enforces the same CORS checks of web browsers. That's why it works on Postman or in any other client that is not a browser. The no-cors mode doesn't "disable" CORS checks and you should probably remove it. Adding a callback to onHeadersReceived should fix your problem. Try following the procedure suggested by this article: https://pratikpc.medium.com/bypassing-cors-with-electron-ab7eaf331605 |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: 第三世界のじょんぺり & 1041uuu |
Reply to Kobaru
@ZeroCrystal Hi 👋
First, thx for the fast reply !
I tried it as the post offered but now I get this error :
https://i.imgur.com/jKhTExJ.png
here is my code for more context :
Edit :
Someone on the unofficial discord told me "You can't do it via a browser." which would makes sens to anybody with a proper backend background, that I don't have.
So for now my solution will be to add to my BrowserWindow configuration. It should do the trick to prototype in a local env.
He said that I had to do a proxy server or backend to achieve what I wanna do, but I don't know at all how to start with that so far... So I'll just leave it at that and come back to the problem later once my prototype is well and running
First, thx for the fast reply !
I tried it as the post offered but now I get this error :
https://i.imgur.com/jKhTExJ.png
here is my code for more context :
const handleSearch = useCallback(
async () => {
console.log('Searching', value)
console.log('Client ID', clientID)
const baseURL = 'https://api.myanimelist.net/v2/anime'
const myHeaders = new Headers({
"X-MAL-CLIENT-ID": clientID
})
const requestOptions = {
// mode: 'no-cors',
method: "GET",
headers: myHeaders,
} as RequestInit
try {
const response = await fetch(`${baseURL}?q=${value}&limit=4`, requestOptions)
if (!response.ok) {
throw new Error(`Response status: ${response.status}`)
}
const json = await response.json()
console.log(json)
} catch (error) {
console.error(error)
}
},
[value],
)
Edit :
Someone on the unofficial discord told me "You can't do it via a browser." which would makes sens to anybody with a proper backend background, that I don't have.
So for now my solution will be to add
webSecurity: false
He said that I had to do a proxy server or backend to achieve what I wanna do, but I don't know at all how to start with that so far... So I'll just leave it at that and come back to the problem later once my prototype is well and running
| @Kobaru Did you set up your application to rewrite all response headers adding Access-Control-Allow-Origin: *? That would be the best way to solve the issue. I'm not a fan of disabling webSecurity, but it's good enough as a starting point. Electron is both a browser engine and a JS backend, so you can do things a web browser cannot accomplish, like bypassing CORS limitations. You don't need an additional backend. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: 第三世界のじょんぺり & 1041uuu |
More topics from this board
» [FEATURE REQUEST] Bulk requests & add fields param to users watchlistKibbeWater - Feb 13 |
0 |
by KibbeWater
»»
Feb 13, 8:38 AM |
|
» How to get author name?EdibleMuffin - Feb 12 |
0 |
by EdibleMuffin
»»
Feb 12, 9:35 PM |
|
» Too many request even with 10 seconds delayJoaoniespodzinsk - Jan 31 |
1 |
by ZeroCrystal
»»
Feb 4, 11:04 AM |
|
» Anime Field: Streaming PlatformsSeeYouLaterSpace - Feb 10, 2023 |
2 |
by IridescentJaune
»»
Jan 30, 1:21 PM |
|
» Allowed usage or not ?dczerwon - Jan 13 |
0 |
by dczerwon
»»
Jan 13, 3:07 AM |