Samson Samson - 1 year ago 73
PHP Question

Podio authentication fails after multiple calls

I've been working with the Podio API for nearly a year now and have rarely had issues, but I recently ran into one that I can't figure out. I'm not even sure how to test what is going on. When an item is created, I have a webhook to a script which will send an http GET request to an item and perform a number of functions. The script runs just fine and has never run into any issues, unless I create a number of items in quick succession (15 or so). If I do this, a certain number will finish successfully, and then I will suddenly get the following error with each new call:

2016-11-14 16:41:14 401 GET /item/514610204
2016-11-14 16:41:14 Reponse: {"error_parameters":{},"error_detail":null,"error_propagate":false,"request":{"url":"http:\/\/\/item\/514610204","query_string":"","method":"GET "},"error_description":"invalid_request","error":"unauthorized"}

If I wait a minute or so, it begins working again.

I'm authenticating with username and password. Does anyone know what is going on or how to check what is going on? The podio.log has not been helpful in this situation.

The issue is that I am hitting an authentication request rate limit because I haven't been using a session manager. I'm now attempting to do this, but having issues. My code using the Redis setup is as follows:

require_once 'models/PodioRedisSession.php';

Podio::set_debug(true, 'file');
Podio::setup($client_id, $client_secret,array(
"session_manager" => "PodioRedisSession"

Podio::$auth_type = array(
"type" => "password",
"identifier" => "MY_EMAIL"
Podio::$oauth = self::$session_manager->get(Podio::$auth_type); //ERROR IS ON THIS LINE

if (!Podio::is_authenticated()) {

Podio::authenticate_with_password('MY_EMAIL', 'MY_PASSWORD');

which gives me the following error: Cannot access self:: when no class scope is active.
Am I on the right track to get the session manager working with password authentication? The error occurs on the commented line.

I was finally able to get the system running properly. The code above is correct. The server just needed to be reset (Windows server) for Redis to take affect.

Answer Source

To avoid hitting this limit you should authenticate with the API once and then store the oauth and refresh tokens that at are returned from the API. Redis will do the trick. Then you use the oauth token for all subsequent requests.

An example can be found here [1]

Your oauth token will be valid for at most 28 days. When it's no longer valid you will need to obtain a new oauth token using the refresh token you received when you first authenticated. [2]



Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download