Search code examples
javascriptajaxdiscogs-api

in Ajax, how to write "headers" for multiple condition?


as a beginner, I have some problems in using Ajax (with Discogs API) .. to get a discogs request token, discogs is saying

Include the following headers with your request:
Content-Type: application/x-www-form-urlencoded
Authorization:
OAuth oauth_consumer_key="your_consumer_key",
oauth_nonce="random_string_or_timestamp",
oauth_signature="your_consumer_secret&",
oauth_signature_method="PLAINTEXT",
oauth_timestamp="current_timestamp",
oauth_callback="your_callback"
User-Agent: some_user_agent

https://www.discogs.com/developers#page:authentication,header:authentication-discogs-auth-flow

but, how to write this header? below is my trying code, but I know this is not proper.

$.ajax({
    type: "GET",
    url: "https://api.discogs.com/oauth/request_token",
    dataType: 'jsonp',
    headers: {
        ContentType: "application/x-www-form-urlencoded",
        Authorization: OAuth oauth_consumer_key="your_consumer_key",
            oauth_nonce="random_string_or_timestamp",
            oauth_signature="your_consumer_secret&",
            oauth_signature_method="PLAINTEXT",
            oauth_timestamp="current_timestamp",
            oauth_callback="your_callback",
        UserAgent: some_user_agent,
    }
    success: function (data) {
        console.log(data);
        document.getElementById("content").innerHTML += "<br>" + `${data}`;
    },
    error: function (error) {
        console.log(error);
    }
});

Solution

  • You said:

    dataType: 'jsonp',
    

    It isn't possible to specify headers for JSONP requests.

    The API can't be using JSONP. Set the dataType to the format they are using.


    The documentation says:

    When you create a new application, you’ll be granted a Consumer Key and Consumer Secret, which you can plug into your application and start making authenticated requests. It’s important that you don’t disclose the Consumer Secret to anyone.

    Putting those in your client-side code will disclose them to all your visitors.

    The request to that end point should be made from server-side code.