I am trying to get data over rest api, but i get a 403. how do i obtain an API key to extract data?

  • 5 August 2022
  • 9 replies
  • 657 views

  • New Member
  • 2 replies

I am trying to use the endpoint https://analytics.eu.amplitude.com/api/2/export and am using a curl command like this:
 

curl -k -u $API_Key:$Secret_Key 'https://amplitude.com/api/2/export?start=${STARTTIME}&end={ENDTIME}' >> filename.zi

If I use the API key for my project, the same one that is used to send data from the web app, i get a error 403.
How do I obtain the correct API keys to extract data from the api?


9 replies

Userlevel 7
Badge +10

Hey @bok 

Assuming you have the EU Residency Server, can you confirm

  • if you are using the correct eu endpoint in your final curl command
  • if you have both the API_Key and Secret_Key correctly copied from the project settings
curl -u $API_Key:$Secret_Key 'https://analytics.eu.amplitude.com/api/2/export?start=${STARTTIME}&end={ENDTIME}' >> filename.zip

@Saish Redkar 
I experience the same 403 with either the eu endpoint or the regular endpoint.
I am 100% certain it is correctly copied, and also see the copy pasted details work for ingesting data.
I also tried to provide the secrets as a base64’ed auth header with the same result.

I assumed I needed a different API key to extract the data again?

Userlevel 4
Badge +7

Hey there, Amplitude Tech support here! 

Can you please send over your Project link? 

 

Thanks! 

@Zhenia Semenina

I have PM’ed you the project link

 

In the mean time i have also tried to import the postman collection, and i also see the 403 error in postman.

Badge

I have the same issue. I am using the exact command from the documentation here i.e. 

curl --location --request GET 'https://amplitude.com/api/2/export?20230115T05&end=20230115T15' \
--header 'Authorization: Basic {{api-key}}:{{secret-key}}'

I have tried:

  • Using base64-encoded “APIKEY:SECRETKEY” : error 403 + an HTML response
  • Using incorrect “APIKEY:SECRETKEY” : error 401 + an HTML response
  • Using non-base64-encoded secrets : error 401 + an HTML response

This seems to indicate that the keys are correctly recognized when they are base64-encoded, but apparently they do not have the necessary rights.

  • Using analytics.eu.amplitude.com instead of amplitude.com (with base64-encoded keys) : error 403 + an HTML response
  • Dropping the query string (at and after “?”) (with base64-encoded keys): error 403 + an HTML response: this seems to indicate that the query string analysis did not even start
  • Dropping the authorization header: error 401 with no HTML

We are using a Starter plan, however this page states that the Export API should be supported.

Similar issue (not resolved) in another thread.

Userlevel 6
Badge +8

Hi @bok ! I just tested using 

curl -k -u $API_Key:$Secret_Key 'https://amplitude.com/api/2/export?start=${STARTTIME}&end={ENDTIME}' >> filename.zip

for a project located in analytics.amplitude.com which is the US data center and it worked for me. Can you confirm which URL does your project live? Is it with analytics.amplitude.com or is it with analytics.eu.amplitude.com? 

As for finding your API key and Secret key, this should be under Settings → Project Settings → Select the project that you are referencing. https://help.amplitude.com/hc/en-us/articles/360058073772#view-and-edit-your-project-information

I also tested with the Postman collection and it works for me as well. Did you make sure to save the Parent Authorization before running the call? 

 

Hi @Alex M ! Export API is supported on Starter plan. I tried using the following with your Prod project API key and Secret key, and your timestamps and this was able to work for me: 

curl -k -u $API_Key:$Secret_Key 'https://amplitude.com/api/2/export?start=${STARTTIME}&end={ENDTIME}' >> filename.zip

Can you try using this curl on your end to see if it works for you? Please also don’t use the EU version since your organization is not located in the EU data center. 

Can you also try using our Postman collection to see if that works for you too? Please note that the Authorization on the call itself is Inherited from Parent. You’ll need to save your API key and Secret key on the parent for it to work. You could also change the Authorization from “Inherited from Parent” to just basic auth and enter your API key and Secret key directly. 

I did try the original curl that you posted which is the one on our documentation and did run into the same errors. I’ll have to check in with our Engineering team to see if this curl syntax is correct. 

Badge

Dear @belinda.chiu 

Thank you for providing an alternate way of executing this command. I was able to find the root cause of my issue: I encoded the end of line character in the token. I was sure that I have checked for that, but here we are.

For reference, if it may serve someone, the correct command to generate the token is:

echo -n "$API_Key:$Secret_Key" | base64 --wrap=0

 

Badge

Just to be clear: both the original curl from my post and the one posted by @belinda.chiu now work for me. Also, I noticed that in my original post I somehow missed the “start” parameter in the query string (but I had it during my attempts).

Thanks again

Userlevel 6
Badge +8

Hi @Alex M ! Thank you so much for sharing your insight back to this post! 😊 Your reference will be super helpful for posterity

I totally missed the missing “start” parameter in the query string of your original post - thanks for pointing that out! I copied the curl from the documentation instead and now I see that it is working for me too. 

Reply