wMw_ said: Am I allowed to hardcode client-id? So there's no action needed by users for application to work properly. Yes, you can. The OAuth 2.0 RFC defines two client types: • Confidential:
Clients capable of maintaining the confidentiality of their
credentials (e.g., client implemented on a secure server with
restricted access to the client credentials), or capable of secure
client authentication using other means.
• Public:
Clients incapable of maintaining the confidentiality of their
credentials (e.g., clients executing on the device used by the
resource owner, such as an installed native application or a web
browser-based application), and incapable of secure client
authentication via any other means.Your application falls into the second category. MAL provides public clients with only a Client ID as they're unable to properly store any kind of credentials. The Client ID is considered public information. To register your application as a public client, you must set your App Type to "other", "Android", or "iOS". The "web" type is the only one reserved for confidential clients. |
 ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
| Thank you for confirmation! Arigatou |
| @Battlemuffins, your problem is that the query is missing the nsfw=true parameter, briefly explained at the very top of the documentation. The following query will return both entries: GET https://api.myanimelist.net/v2/anime?q=Lycoris_Recoil&nsfw=true
...
"data": [
{
"node": {
"id": 54440,
"title": "Lycoris Recoil (Shinsaku Animation)",
"main_picture": {...}
}
},
{
"node": {
"id": 50709,
"title": "Lycoris Recoil",
"main_picture": {...}
}
},
...If you replace the underscore with a white space, you'll get the main anime as the first result: GET https://api.myanimelist.net/v2/anime?q=Lycoris%20Recoil&nsfw=true
...
"data": [
{
"node": {
"id": 50709,
"title": "Lycoris Recoil",
"main_picture": {...}
}
},
{
"node": {
"id": 54440,
"title": "Lycoris Recoil (Shinsaku Animation)",
"main_picture": {...}
}
},
...The NSFW parameter is poorly implemented. Each anime has a nsfw field that can either be white (safe for work), gray (may not be safe for work), or black (not safe for work). By default, all new entries are marked as gray, and a DB moderator has to manually set it to the appropriate value. Many SFW series are still marked as gray, hidden from search results. I suggest you add the nsfw=true parameter to all your queries in the future. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
| @BorisForis: Hi! I guess that you're trying to call the API straight from your web page. Unfortunately, you cannot do that since the API doesn't return the CORS headers required to call it directly from your browser. There's no easy solution and it should be fixed by MAL. The usual workaround is to have some kind of middleware that can fix this for you. For example, a local application, a serverless function, a web proxy, or a remote server. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
Reply to BorisForis
@ZeroCrystal I was hoping for a solution but in the end I ended up using jikan... Btw you don't happen to know what the highest mal_id is do you? So far I've gone as high as 54501
BorisForis said: Btw you don't happen to know what the highest mal_id is do you? So far I've gone as high as 54501 New entries are added every day. Currently, 56626 is the latest ID. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
Reply to SuperDenZ
It's working but I don't understand how to get Auth2.0 work. Specially code_challanged parameter
| @SuperDenZ Hi! The Code Challenge must be equal to your Client Verifier. You can take a look at my guide if you need help. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
Reply to oolyvi
How can we apply this on android while using retrofit?
| @oolyvi Hi! I never used Retrofit before but, reading the documentation, it should be quite easy to accomplish. Go here and scroll down till you reach the Header Manipulation section. You should do something very close to that example: add the X-MAL-CLIENT-ID header, as explained in the first post, and it should work. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
Reply to oolyvi
@ZeroCrystal I wrote something like this, but doesn't work
@Headers("X-MAL-CLIENT-ID: $CLIENT_ID")
@GET("/v2/anime/season/{year}/{season}")
suspend fun getSeasonalAnimes(
@Query("year") year: Int,
@Query("season") season: String,
): Response<SeasonalAnimes>| @oolyvi What kind of error did you get? |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
| Great. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
Reply to jajaja09087
Hello, I have got a problem.
I want to access public information but if gives me a 403 forbidden error.
I run the code on a Firebase Cloud Function.
Could please anyone help me? Thank you very much
I want to access public information but if gives me a 403 forbidden error.
I run the code on a Firebase Cloud Function.
export const myanimelist = functions.https.onRequest((request, response) => {
const url = "https://api.myanimelist.net/v2/anime?q=one&limit=4";
fetch(url)
.then((response) => {
if (!response.ok) {
throw new Error("Network response was not ok" +
response.statusText);
}
return response.json();
})
.then((data) => {
console.log(data);
response.json(data);
})
.catch((error) => {
console.error("Error:", error);
response.status(500).send("Error fetching MAL data");
});
});
Could please anyone help me? Thank you very much
@jajaja09087 Hi! When you want to call the public endpoints, you must pass your Client ID as part of the HTTP headers. Like so:fetch(url, {headers: {"X-MAL-CLIENT-ID": "your-client-id-here"}}) |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
Reply to Kobaru
Hello, I have a problem trying to use the API : https://i.imgur.com/6entWso.png
My console.log does send the correct ID. I've tried in postman without issue, and it's working.
I had to add a "no-cors" mode at some point because it kept me out for some reasons (still no understanding why thou).
But I still get 403 while postman isn't getting any.
For context I'm using electron, and I'm a beginner with this environnement so I'm not sure where the error could come from.
My console.log does send the correct ID. I've tried in postman without issue, and it's working.
I had to add a "no-cors" mode at some point because it kept me out for some reasons (still no understanding why thou).
But I still get 403 while postman isn't getting any.
For context I'm using electron, and I'm a beginner with this environnement so I'm not sure where the error could come from.
| @Kobaru Hi! By default, Electron enforces the same CORS checks of web browsers. That's why it works on Postman or in any other client that is not a browser. The no-cors mode doesn't "disable" CORS checks and you should probably remove it. Adding a callback to onHeadersReceived should fix your problem. Try following the procedure suggested by this article: https://pratikpc.medium.com/bypassing-cors-with-electron-ab7eaf331605 |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
Reply to Kobaru
@ZeroCrystal Hi 👋
First, thx for the fast reply !
I tried it as the post offered but now I get this error :
https://i.imgur.com/jKhTExJ.png
here is my code for more context :
Edit :
Someone on the unofficial discord told me "You can't do it via a browser." which would makes sens to anybody with a proper backend background, that I don't have.
So for now my solution will be to add to my BrowserWindow configuration. It should do the trick to prototype in a local env.
He said that I had to do a proxy server or backend to achieve what I wanna do, but I don't know at all how to start with that so far... So I'll just leave it at that and come back to the problem later once my prototype is well and running
First, thx for the fast reply !
I tried it as the post offered but now I get this error :
https://i.imgur.com/jKhTExJ.png
here is my code for more context :
const handleSearch = useCallback(
async () => {
console.log('Searching', value)
console.log('Client ID', clientID)
const baseURL = 'https://api.myanimelist.net/v2/anime'
const myHeaders = new Headers({
"X-MAL-CLIENT-ID": clientID
})
const requestOptions = {
// mode: 'no-cors',
method: "GET",
headers: myHeaders,
} as RequestInit
try {
const response = await fetch(`${baseURL}?q=${value}&limit=4`, requestOptions)
if (!response.ok) {
throw new Error(`Response status: ${response.status}`)
}
const json = await response.json()
console.log(json)
} catch (error) {
console.error(error)
}
},
[value],
)
Edit :
Someone on the unofficial discord told me "You can't do it via a browser." which would makes sens to anybody with a proper backend background, that I don't have.
So for now my solution will be to add
webSecurity: false
He said that I had to do a proxy server or backend to achieve what I wanna do, but I don't know at all how to start with that so far... So I'll just leave it at that and come back to the problem later once my prototype is well and running
| @Kobaru Did you set up your application to rewrite all response headers adding Access-Control-Allow-Origin: *? That would be the best way to solve the issue. I'm not a fan of disabling webSecurity, but it's good enough as a starting point. Electron is both a browser engine and a JS backend, so you can do things a web browser cannot accomplish, like bypassing CORS limitations. You don't need an additional backend. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
Reply to SRHRG44
Hi, new here, I'm just wondering how I can get the client ID needed for using the API. I go into the link for the instruction Manuel then when I click on the sign-up form it just reloads the page. I want to use the API for a basic school project using next.js
| @SRHRG44 You can get a new Client ID from here: https://myanimelist.net/apiconfig/create Are you having issues with the form? |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
Reply to SRHRG44
@ZeroCrystal thank you for showing me where the create ID was. In one of the manuals, it had a link that would send back to the top of the page. I filled out the form. How long do I wait before I get a client ID back so I may use the API?Or is the Client ID the name under this line "Clients Accessing the MAL API"?
| @SRHRG44 The Client ID is immediately available after submitting the form. Go back to the API panel and press Edit next to your client. There, you'll find your Client ID. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
Reply to SRHRG44
@ZeroCrystal, I have another question for you. When I try to access my project now, I get a prompt asking me to sign in to myanimelist.net, but it doesn't accept my login credentials.
| @SRHRG44 That's the regular login page from MAL, it's unrelated to the API. Try double-checking your credential or resetting your password if you keep having troubles logging in. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
Reply to SRHRG44
@ZeroCrystal, thanks for the help. Sorry to keep bugging you, but I changed my password, and I still can't log in when I open my app, and the login prompt appears. When I made the account, it was linked to Facebook. Could this be he reason that I can't log in to the prompt? I disconnected my facebook and made a password. but still nothing
| @SRHRG44 In that case, you should try contacting MAL Customer Support. There's not much I can do about it. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Kieed & 1041uuu |
More topics from this board
» I built a spotify-styled 'MyAnimeList Wrapped' for a yearly review of your anime and mangaXAvishkar - Dec 14 |
1 |
by Joeliazeers
»»
Dec 17, 1:01 PM |
|
» [Repost] list of all relation_type and media_type.Mr_UnknownOtaku - Dec 8 |
4 |
by -DxP-
»»
Dec 12, 8:43 AM |
|
» How to get author name?EdibleMuffin - Feb 12 |
4 |
by XAvishkar
»»
Dec 8, 9:52 AM |
|
» 401 Unauthorized when doing authorization flowKonng_ - Nov 16 |
2 |
by Konng_
»»
Nov 28, 3:24 PM |
|
» [discontinued] I made a webapp to compare plan-to-watch listsdaux - Apr 16, 2022 |
33 |
by daux
»»
Oct 2, 4:17 PM |