Wattpad API requests must contain a valid browser User-Agent header

Recently, I’ve been playing with the Wattpad API. I was interested in collecting stats about the most popular publications.
Wattpad_logo_svg
Even though the API is simple and well documented, all attempts to use it through a python script failed. Requests were rejected with a “403 Access forbidden” HTTP error. My first intuition was that the basic authentication was incorrectly specified, but despite the API samples, I couldn’t figure out what was wrong with it.

Using WireShark to sniff the API sample requests would have helped solving the issue, but since the API only supports https, sniffing wasn’t an option (I later realized that I could have simply disabled https, just to sniff the request, since I didn’t care about the response).

Eventually, the problem came from the User-Agent header. The python script used a default User-Agent, which was rejected by the Wattpad server. Impersonating a legitimate browser (ex : chrome) solved the issue, requests were immediately accepted.

Below is a Python sample.

[code lang=python]
def getStories():
url = “https://api.wattpad.com:443/v4/stories”
try:
req = urllib2.Request(url)
#
req.add_header(“Authorization”, “iYiiyo4uj7y0rheqf9fwfeert343regthrthwaweofz”)
req.add_header(“User-Agent”, “Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36”)
response = urllib2.urlopen(req)
json = response.read()

print(json)
except urllib2.URLError as e:
print(“Failed to download from {0}, {1}”.format(url, e))
except urllib2.IOError as e:
print(“Failed to download from ” + url)
[/code]

Leave a Reply

Your email address will not be published. Required fields are marked *