Etsy API Creating Listing error: oauth_problem=signature_invalid

Question

Did anyone have any success creating an app in C# and creating new listings using Etsy API. I have developed an app that works great for retrieving data (HTTP GET), with or without permissions. The only part that I cannot figure out is how to write a valid code for HTTP POST.

Here is a fully working HTTP GET example for retrieving all inactive listings:

        public EtsyListings GetAllStoreListingsInactive(string storeProviderStoreId, string consumerKey, string consumerSecret, string oAuthToken, string oAuthTokenSecret)
    {
        string url = "shops/" + storeProviderStoreId + "/listings/inactive";
        var request = GenerateSecureRequest(url, RequestType.GET, consumerKey, consumerSecret, oAuthToken, oAuthTokenSecret);

        var response = _restClient.Execute<EtsyListings>(request);

        if (response.ResponseStatus != ResponseStatus.Completed)
            throw new Exception("Retrieving AllStoreListingsInactive Failed");

        return response.Data;
    }

        private RestRequest GenerateSecureRequest(string url, RequestType requestType, string consumerKey, string consumerSecret, string oAuthToken, string oAuthTokenSecret)
    {
        OAuthBase oAuth = new OAuthBase();

        string nonce = oAuth.GenerateNonce();
        string timeStamp = oAuth.GenerateTimeStamp();
        string normalizedUrl;
        string normalizedRequestParameters;

        string relativeUri = url;
        string sig = oAuth.GenerateSignature(new Uri(BASE_URL.ToString() + relativeUri), consumerKey, consumerSecret, oAuthToken, oAuthTokenSecret, requestType.ToString(), timeStamp, nonce, out normalizedUrl, out normalizedRequestParameters);

        var request = new RestRequest(relativeUri);
        request.Resource = string.Format(relativeUri);
        request.Method = Method.GET;
        request.AddParameter("oauth_consumer_key", consumerKey);
        request.AddParameter("oauth_token", oAuthToken);
        request.AddParameter("oauth_nonce", nonce);
        request.AddParameter("oauth_timestamp", timeStamp);
        request.AddParameter("oauth_signature_method", "HMAC-SHA1");
        request.AddParameter("oauth_version", "1.0");
        request.AddParameter("oauth_signature", sig);

        return request;
    }

And here is the code I have written so far for creating a new listing, it is not working:

        public EtsyListings CreateListing(string storeProviderStoreId, string consumerKey, string consumerSecret, string oAuthToken, string oAuthTokenSecret)
    {
        string url = "listings";
        var request = GenerateSecureRequestTestingCreatingListing(url, RequestType.POST, consumerKey, consumerSecret, oAuthToken, oAuthTokenSecret);

        var response = _restClient.Execute<EtsyListings>(request);

        if (response.ResponseStatus != ResponseStatus.Completed)
            throw new Exception("Retrieving Creating Listing Failed");

        return response.Data;
    }

        private RestRequest GenerateSecureRequestTestingCreatingListing(string url, RequestType requestType, string consumerKey, string consumerSecret, string oAuthToken, string oAuthTokenSecret)
    {
        OAuthBase oAuth = new OAuthBase();

        string nonce = oAuth.GenerateNonce();
        string timeStamp = oAuth.GenerateTimeStamp();
        string normalizedUrl;
        string normalizedRequestParameters;

        string relativeUri = url;
        string sig = oAuth.GenerateSignature(new Uri(BASE_URL.ToString() + relativeUri), consumerKey, consumerSecret, oAuthToken, oAuthTokenSecret, requestType.ToString(), timeStamp, nonce, out normalizedUrl, out normalizedRequestParameters);

        var request = new RestRequest(relativeUri);
        request.Resource = string.Format(relativeUri);
        request.Method = Method.POST;
        request.AddParameter("oauth_consumer_key", consumerKey);
        request.AddParameter("oauth_token", oAuthToken);
        request.AddParameter("oauth_nonce", nonce);
        request.AddParameter("oauth_timestamp", timeStamp);
        request.AddParameter("oauth_signature_method", "HMAC-SHA1");
        request.AddParameter("oauth_version", "1.0");
        request.AddParameter("oauth_signature", sig);

        request.AddParameter("title", "Test Title");
        request.AddParameter("description", "Test Description");
        request.AddParameter("quantity", "1");
        request.AddParameter("price", "1");
        request.AddParameter("is_supply", "false");
        request.AddParameter("state", "draft");
        request.AddParameter("when_made", "2010_2017");
        request.AddParameter("who_made", "i_did");
        request.AddParameter("shipping_template_id", "43862539760");

        var response = _restClient.Execute(request);

        return request;
    }

Does anyone see anything obvious wrong with the CreatingListing code above?

The error code on response object I receive is 'StatusCode' of 'Forbidden', and 'Content' of 'oauth_problem=signature_invalid...'

I have verified I have full permissions, and the signature was not a problem with HTTP GET example I have provided above.

Additional info: Posting without 'quantity' parameter, I receive a 'BadRequest' error stating that 'Expected param 'quantity'.'

And reworking the code, so I will pass the object in the body:

        private RestRequest GenerateSecureRequestTestingCreatingListing(string url, RequestType requestType, string consumerKey, string consumerSecret, string oAuthToken, string oAuthTokenSecret)
    {
        OAuthBase oAuth = new OAuthBase();

        string nonce = oAuth.GenerateNonce();
        string timeStamp = oAuth.GenerateTimeStamp();
        string normalizedUrl;
        string normalizedRequestParameters;

        string relativeUri = url;
        string sig = oAuth.GenerateSignature(new Uri(BASE_URL.ToString() + relativeUri), consumerKey, consumerSecret, oAuthToken, oAuthTokenSecret, requestType.ToString(), timeStamp, nonce, out normalizedUrl, out normalizedRequestParameters);

        var request = new RestRequest(relativeUri);
        request.Resource = string.Format(relativeUri);
        request.Method = Method.POST;
        request.AddParameter("oauth_consumer_key", consumerKey);
        request.AddParameter("oauth_token", oAuthToken);
        request.AddParameter("oauth_nonce", nonce);
        request.AddParameter("oauth_timestamp", timeStamp);
        request.AddParameter("oauth_signature_method", "HMAC-SHA1");
        request.AddParameter("oauth_version", "1.0");
        request.AddParameter("oauth_signature", sig);


        request.AddParameter("quantity", "1");

        request.RequestFormat = DataFormat.Json;

        var dataObj = new
        {
            title = "This is a test1",
            description = "Test Description1",
            quantity = "1",
            price = "1",
            is_supply = "false",
            state = "draft",
            when_made = "2010_2017",
            who_made = "i_did",
            shipping_template_id = "43862539760"
        };

        string dataObjJson = JsonConvert.SerializeObject(dataObj, Formatting.Indented);

        request.AddBody(dataObjJson);



        //request.AddParameter("title", "Test Title");
        //request.AddParameter("description", "Test Description");
        //request.AddParameter("quantity", "1");
        //request.AddParameter("price", "1");
        //request.AddParameter("is_supply", "false");
        //request.AddParameter("state", "draft");
        //request.AddParameter("when_made", "2010_2017");
        //request.AddParameter("who_made", "i_did");
        //request.AddParameter("shipping_template_id", "43862539760");


        var response = _restClient.Execute(request);

        return request;
    }

is resulting with the same Forbidden error

Answer 1

You need to pass POST request inside body. I believe that you are sending malformed post request and hence you are getting forbidden response.