The club has a private member list, that's why it won't work
https://www.chess.com/clubs/forum/view/broken-endpoint-https-api-chess-com-pub-club-url-id-members
Internal error in list of club members end point
Sort:
Nov 16, 2024
0
#4
This problem is going to run and run?
It needs to be indicated clearly that this is a designed feature and not just the usual kind of corrupted endpoint that we sometimes (/increasingly) encounter that also returns error "404".
I'd prefer to receive a "403" (access forbidden) error because that tells me not to bother making repeat, follow up requests.
Nov 16, 2024
0
#5
I understand the importance of privacy, but if this continues, this endpoint is completely useless, right now.
Especially if you consider that I am trying to consult the list of members of the club of which I am the owner, a bit absurd.
Nov 16, 2024
0
#7
If it's your club you have the option to set the member list to public, (seperate option to club content). You can find it in club settings.
Nov 16, 2024
0
#8
Martin_Stahl wrote:
The club has a private member list, that's why it won't work
https://www.chess.com/clubs/forum/view/broken-endpoint-https-api-chess-com-pub-club-url-id-members
Why doesn't the response indicate the information is private? Instead, it's indicating an internal error.
Additionally, the HTTP response code is incorrect, 401 (unauthorized) or 403 (forbidden) would be more appropriate. As others have said, this would reduce confusion and support tickets and posts like this.
Nov 16, 2024
0
#9
Is it a change in behaviour to prevent access to club members (for some clubs) through the API? I don't recall this happening until quite recently, and I thought it was only due to club size, which has been suggested previously.
Nov 16, 2024
0
#10
This forum has been runnung for a while. https://www.chess.com/clubs/forum/view/broken-endpoint-https-api-chess-com-pub-club-url-id-members
The implication (and testing confirms) that the API endpoint has been brought in line with the Web page settings. However there was no announcement, the spec wasn't changed, the changelog was not used (no surprise there) and the return doesn't give any useful information.
It's not really an internal error, it's a deliberate feature. And logical to be in line with the club settings.
Nov 16, 2024
0
#11
Tricky_Dicky escribió:
If it's your club you have the option to set the member list to public, (seperate option to club content). You can find it in club settings.
Yes, but that's not the point. The point is that the error given is incorrect, and that with this limitation the end point has lost its usefulness (I not only used it to consult data about my club).
Nov 16, 2024
0
#12
ImperfectAge wrote:
Additionally, the HTTP response code is incorrect, 401 (unauthorized) or 403 (forbidden) would be more appropriate. As others have said, this would reduce confusion and support tickets and posts like this.
This might interest you Imperfect:-
"The HTTP status code 401, often denoted as UNAUTHORIZED, signifies that the client lacks proper authentication credentials or has provided invalid credentials. In simpler terms, the server has failed to identify the user."
"This could occur due to:
Missing or Incorrect Credentials: The user hasn’t provided any credentials or the ones provided are incorrect. An example of this is the user trying to sign in with an incorrect password.
Expired Credentials: If the user’s authentication token or session has expired, they won’t be granted access until they reauthenticate. For example in the context of the OAuth flow, this would mean that the access token is missing/revoked/expired."
..however,
"HTTP status code 403 also denoted as FORBIDDEN is returned when the server has successfully authenticated the user, but the user is still denied access to the requested resource. This is different from a 401 error, as the user’s credentials are valid, but they lack the necessary permissions to view or interact with the specific resource"
So I think it needs to be 403?
Nov 17, 2024
0
#13
Thanks for the link. I read a briefer version of the same on Mozilla. But it's not necessarily about credentials in this case, is it? The club settings alone apparently influence if this data is available through the API, and the API doesn't authenticate our credentials - other than the loosely defined userdata the API is essentially open.
Nov 17, 2024
0
#14
Technically true in the case of c.c but wouldn't it be better to return a status code that denotes "the user is denied access to the requested resource", rather than "the client lacks proper authentication credentials or has provided invalid credentials"?
The first of those gives a much clearer idea of the problem, whereas the second might send an inexperienced user of the API off on a wild goose chase?
Nov 17, 2024
0
#15
Yes. Agreed, Stephen. We're debating a technicality while the current situation is simply wrong.
Nov 17, 2024
0
#16
"the current situation is simply wrong" - in what way apart from the cryptic details returned by the server?
If clubs' member-lists are set to 'private' then they're not meant to be viewed by non-club members, so non-club users of the API can hardly expect to view them either. The position of a club member is somewhat incongruous though.
Hi,
The end point to get the members of club May the chess be with you gives an internal error and returns no data. The same API for other clubs seems works correctly.
It's been like this for several days.
https://api.chess.com/pub/club/may-the-chess-be-with-you/members
Returns:
{"code":0,"message":"An internal error has occurred.Please contact Chess.com Developer's Forum for further help https://www.chess.com/club/chess-com-developer-community ."}
Can you check it?
Thanks.