Answer the question
In order to leave comments, you need to log in
Why does an error occur when calling the board.createComment, wall.post and other API methods from a server application with a valid token?
I am working on a node.js server application for publishing materials. Registered and configured the Standalone application.
I use Authorization Flow to get an access token, specify the rights "wall, groups, offline", I get the token successfully, I checked it with other methods (in particular, when calling a stored procedure) - everything is fine with it.
When calling some methods for publishing materials (board.createComment, wall.post), the VK API returns a message with error 15 (no access).
I tried to bypass the method call directly - I wrote a stored procedure for the application that calls the board.createComment method. When calling the method from the procedure editing form, everything goes well, but when I try to call the procedure via an http request, I get an error again.
I am an administrator in the group, so I have access to the full version of the site. I can manually add a comment, place a post, etc. Calling the method through the form at the bottom of the method description page also succeeds.
The token is OK - the call to other methods as well as the call method of the stored procedure (direct call, without publishing) succeeds.
Those. VK support responded with one sentence from the documentation that the de token must be received through Implicit Flow. I also tried to get a token through Implicit Flow - the same symptoms. In addition, as far as I understand, their rights, if not the same, then the Authorization Flow should be wider.
Help, good people, I'm already tormented to death!
Answer the question
In order to leave comments, you need to log in
The error in my case was in the redirect_uri parameter, which must be specified in the request for obtaining a token, I did not notice one feature that is associated with this parameter. If you use a redirect_uri other than the default one ( https://oauth.vk.com/blank.html) , the application loses access to using methods marked as available for the Standalone application.
An excerpt from the description of obtaining a token through the Implicit flow:
If you are developing a web application and want to work with the API from Javascript, you must specify the address of the page on your site in the redirect_uri. For security purposes, this address must also be specified in the settings of your application (fields "Site Address", "Base Domain" and "Trusted Redirect URI"). Please note that you will not be able to work with methods that are marked as available only for Standalone applications.
Try to get the token by direct authorization from the server (if you don't have 2fa on your VK account). In general, VK SPP are right. Implicit has more rights than Autirization.
PS if the server needs one account, then get the key in the browser (without the rederict url), and then pass it to the server.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question