Session

The session makes GET requests when you call instances of APIMethod class that are returned as attributes of an API instance.

Request

By default, the session (CodeSession, ImplicitSession, PasswordSession, RefreshSession) tries to infer which signature generation circuit to use:

  • if app_secret_key is not empty string - server-server signature generation circuit is used
  • else if session_secret_key is not empty string - client-server signature generation circuit is used
  • else exception is raised

You can explicitly set a signature generation circuit for signing requests by passing to API one of the sessions below.

Client-Server signature generation circuit

Let’s consider the following example of API request with client-server signature:

from aiookru import TokenSession, API

session = TokenSession(
    app_id=123456,
    app_key='ABCDEFGHIGKLMNOPK',
    app_secret_key='',
    access_token='-s-2GUXOAvQYI7-RfxsZtV1wezsdtVPv92xfuaSQ8.SAIV1O2ywYra2-3ywes5St2yvcuZSr9UUWN2TtbWtWKVTuAy8',
    session_secret_key='ae5362b5b588cc7294c2414d71b74d5d',
)
api = API(session)

events = await api.events.get()

It is equivalent to GET request:

https://api.ok.ru/fb.do
    ?application_key=ABCDEFGHIGKLMNOPK
    &format=json
    &method=events.get
    &sig=03a41413523ea8092507949d6e711963
    &access_token=-s-2GUXOAvQYI7-RfxsZtV1wezsdtVPv92xfuaSQ8.SAIV1O2ywYra2-3ywes5St2yvcuZSr9UUWN2TtbWtWKVTuAy8

The following steps were taken:

  1. session_secret_key used as secret key
  2. sorted request parameters and secret key were concatenated: application_key=ABCDEFGHIGKLMNOPKformat=jsonmethod=events.getae5362b5b588cc7294c2414d71b74d5d
  3. signature 03a41413523ea8092507949d6e711963 calculated as MD5 of the previous string
  4. signature appended to GET request parameters
  5. access_token appended to GET request parameters

ClientSession

ClientSession is a subclass of TokenSession. Use it as a client session without authorization. Use session_secret_key and access_token that were already received.

from aiookru import ClientSession, API

session = ClientSession(app_id, app_key, access_token, session_secret_key)
api = API(session)
...

ImplicitClientSession

ImplicitClientSession is a subclass of ImplicitSession. Use it as a client session with authorization (Implicit Flow).

from aiookru import ImplicitClientSession, API

async with ImplicitClientSession(app_id, app_key, login, passwd, scope) as session:
    api = API(session)
    ...

PasswordClientSession

PasswordClientSession is a subclass of PasswordSession. Use it as a client session with authorization (Password Grant).

from aiookru import PasswordClientSession, API

async with PasswordClientSession(app_id, app_key, login, passwd) as session:
    api = API(session)
    ...

Server-Server signature generation circuit

Let’s consider the following example of API request with server-server signature:

from aiookru import TokenSession, API

session = TokenSession(
    app_id=123456,
    app_key='ABCDEFGHIGKLMNOPK',
    app_secret_key='ABC123DEF456GHI789JKL123',
    access_token='-s-84W-s3egarWUsbkq-IWTucuedzTKT8VUXIA.s4Xx8IW7',
    session_secret_key='',
)
api = API(session)

events = await api.events.get()

It is equivalent to GET request:

https://api.ok.ru/fb.do
    ?application_key=ABCDEFGHIGKLMNOPK
    &format=json
    &method=events.get
    &sig=232c8eb921951c4dba9b72606f9ddb4c
    &access_token=-s-84W-s3egarWUsbkq-IWTucuedzTKT8VUXIA.s4Xx8IW7

The following steps were taken:

  1. b1a2b89707a94624c43afae67d59274c used as secret key, it was calculated as MD5(access_token + app_secret_key)
  2. sorted request parameters and secret key were concatenated: application_key=ABCDEFGHIGKLMNOPKformat=jsonmethod=events.getb1a2b89707a94624c43afae67d59274c
  3. signature 232c8eb921951c4dba9b72606f9ddb4c calculated as MD5 of the previous string
  4. signature appended to GET request parameters
  5. access_token appended to GET request parameters

ServerSession

ServerSession is a subclass of TokenSession. Use it as a server session without authorization. Use your app_secret_key and access_token that was already received.

from aiookru import ServerSession, API

session = ServerSession(app_id, app_key, app_secret_key, access_token)
api = API(session)
...

CodeServerSession

CodeServerSession is a subclass of CodeSession. Use it as a server session with authorization (Authorization Code).

from aiookru import CodeServerSession, API

async with CodeServerSession(app_id, app_key, app_secret_key, code, redirect_uri) as session:
    api = API(session)
    ...

RefreshServerSession

RefreshServerSession is a subclass of RefreshSession. Use it as a server session with authorization (Refresh Token).

from aiookru import RefreshServerSession, API

async with RefreshServerSession(app_id, app_key, app_secret_key, refresh_token) as session:
    api = API(session)
    ...

Response

By default, a session after executing request returns response’s body as dict if executing was successful, otherwise it raises exception.

You can pass pass_error parameter to TokenSession for returning original response (including errors).

Error

In case of an error, by default, exception is raised. You can pass pass_error parameter to TokenSession for returning original error’s body as dict:

{
    "error_code": 100,
    "error_data": 1,
    "error_msg": "PARAM : Either session_key or uid must be specified"
}

All error codes are available here: https://apiok.ru/en/dev/errors.