Search code examples
apireviewunauthorizedtrustpilot

Trustpilot Api - Get Private Product Review always returns Unauthorised response status

I hope someone can help me.

I am trying to retrieve a Product Review for a product using the Trustpilot Api's and am having some success but not getting the results I would expect.

The approach I have taken is as follows:

  1. Get an OAUTH2 token - (Returns a successful response)
  2. Retrieve my business units from a config file and for each business unit get the product reviews using the endpoint: https://api.trustpilot.com/v1/private/business-units/{business-unit}/review?token={OAUTH2 token from step 1} - (Returns a successful response)

  3. For each product review I attempt to retrieve the product review detail. For this I have a couple of options.

    (i) Each product review has meta-links and so I can get the product review using the corresponding meta-link and tagging the apikey on e.g. https://api.trustpilot.com/v1/reviews/1234567890abcdefg?apikey={apikey} where the apikey is the one provided up when I registered for a developer account - (Returns a successful response)

    (ii) Call the endpoint as documented in the developers.trustpilot.api website (https://developers.trustpilot.com/product-reviews-api#get-private-product-review) : https://api.trustpilot.com/v1/private/product-reviews/{reviewId} - (Returns an Unauthorised status code)

For option (ii) above I have tried multiple ways of passing the apikey (according to the documentation, the endpoint requires the apikey as authorisation.

I am using C# as the language for accessing the Trustpilot apis so the following snippets are how I have tried to call the method.

  1. Set the GetProductReview endpoint as follows:
    var url = $"https://api.trustpilot.com/v1/private/product-reviews/" + review.Id.ToString();        
    using (var client = new HttpClient())
    {
       var uri = new Uri(url, UriKind.Absolute);
       client.BaseAddress = uri;

       client.DefaultRequestHeaders.Clear();
       client.DefaultRequestHeaders.Accept.Add(new system.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
       client.DefaultRequestHeaders.Add("apikey", apiKey);

       try
       {
         var response = client.GetAsync(uri).Result;
             .
             .
             .

In the above code snippet, the apikey is passed in to the method and passed to the endpoint as a RequestHeader value.

  1. Set the endpoint as follows: 
var url = $"https://api.trustpilot.com/v1/private/product-reviews/" + review.Id + $"?apikey={apiKey}";

and call the HttpClient as follows:

  using (var client = new HttpClient())
  {
    var uri = new Uri(url, UriKind.Absolute);
    client.BaseAddress = uri;

    client.DefaultRequestHeaders.Clear();
    client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));

    try
    {
      var response = client.GetAsync(uri).Result;
          .
          .
          .

In both cases I receive an HttpStatus 401 - Unauthorized.

The documentation indicates that I should pass the apikey (which I have done in two different ways).

I have also tried calling the endpoint replacing the ?apikey={apiKey} with ?token={token} in case the documentation is incorrect and requires a token.

Additionally, I have also tried passing the token as a RequestHeader value and receieve the same result (Unauthoirised)

I would really like to use the endpoint: 

https://api.trustpilot.com/v1/private/product-reviews/{review}

as this returns more information (for example the sku which would allow me to get access back to the product).

Can anyone please tell me where I am going wrong here?

Thanks in advance

Solution

  • The documentation for the /v1/private/product-reviews/{reviewId} endpoint is indeed incorrect, since it actually requires a Business user OAuth Token instead of an API Key.

    In this case, you have two options (and the first one you have used before for the /v1/private/business-units/{businessUnitId}/reviews endpoint):

    1. You can pass the access token in the query string: /v1/private/product-reviews/{reviewId}?token={token}. You mentioned you have tried this. Maybe it did not work for you because your token expired before you tried this approach. Can you try again after refreshing the token?

    2. You can also pass the access token as a Bearer authorization header:

      var url = $"https://api.trustpilot.com/v1/private/product-reviews/{review.Id.ToString()}";        
using (var client = new HttpClient())
{
    ...

    client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);

    ...
}

    In any case, you caught an error in the documentation that should be fixed soon. As a rule of thumb, all private endpoints (the ones that have /private/ in the path) require a Business user OAuth Token.

    EDIT: The documentation for the /v1/private/product-reviews/{reviewId} endpoint has been fixed. Now it shows that a Business user OAuth Token is required.