Can't make any API requests due to 500 error - input byte array has incorrect ending byte

stefcameron · 30 December 2023 19:23

I’ve been trying to make API requests for a couple of days now. I’ve tried via curl, node, DevTools, and the “TRY” buttons on various pages of Intervals.icu API docs (which also, by the way, appear to try to send API requests over http instead of https which get blocked by Chrome – and rightly so as that would send your username:password and API key Authorization header in the clear).

This is the error I get when the requests fail:
{status: 500, error: 'java.lang.IllegalArgumentException: Input byte array has incorrect ending byte at 48'}

I suspect this could be related to the decoding of the Base64-encoded username:password part of the Authorization header. It seems there are multiple ways to decode a Base64-encoded string in Java and some throw if they can’t read the string (not a Java expert; just mentioning what I’ve read online related to this error).

I’ve tried encoding by user/pwd string on my own (using Buffer.from(...).toString('base64') in Node for use with curl from the terminal as well as btoa(...) in DevTools console when doing a fetch() request there) and the output string is identical to that generated by the TRY feature of Intervals.icu API docs and still the error persists.

I must be missing something obvious here, but I’ve never encountered this before. Any ideas?

MedTechCD · 30 December 2023 19:39

I’m no expert at all but here’s an example batch line that works in Windows:

curl -u API_KEY:'your apikey'^
     https://intervals.icu/api/v1/athlete/'your athleteid'/wellness.csv?oldest=%USfromdate%^&newest=%UStodate%^&cols=comments ^
     -o APIComments.csv

This get’s the comments from the wellness dialog for the specified date-range and writes it to a csv file.
Your API key and AthleteID can be found on the Intervals settings page.
If you’re on a Mac, syntax can slightly differ.

stefcameron · 30 December 2023 20:06

Thank you, MedTechCD!

I should’ve mentioned I’m on macOS. But the interesting part here is you don’t appear to be supplying the Basic username:password part of the Authorization header. Just the API key. The API docs site lead me to think I needed that in the Authorization header because the Intervals.icu API docs page has both.

And now that I look closer at the docs for HTTP Basic, it does say that the username is API_KEY, not my actual username, and the password is my API key. I missed that.

And indeed it works!

I wish there weren’t two fields there, just one having “API key” as the prompt to set:

Also not sure, at least for API docs “TRY” example purposes, why the HTTP Bearer section is there at all since all the examples in the docs will use basic auth (I assume).

Maybe it’s there, and it’s “how it is” because of the docs site generation from API code.

Anyway, hopefully this helps someone else down the road.

MedTechCD · 30 December 2023 20:17

Yes, for Basic Authentication the username is API_KEY.
I have never used another form of authentication, so can’t help with that.
Glad I could help you get started!

david · 31 December 2023 04:37

That is useful if you are using OAuth (for an app that others will use) and you have a bearer token.