Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API users should use api.openstreetmap.org host #951

Open
Firefishy opened this issue Sep 6, 2023 · 9 comments
Open

API users should use api.openstreetmap.org host #951

Firefishy opened this issue Sep 6, 2023 · 9 comments
Labels
service:api issues related to the API

Comments

@Firefishy
Copy link
Member

Currently some API users use www.openstreetmap.org as the API host, they should switch to using api.openstreetmap.org

All editors should use api.openstreetmap.org as the API host.

Linked: #950
@Firefishy
Copy link
Member Author

Firefishy commented Sep 6, 2023
edited
Loading

This ticket could be used for tracking requests with editors.

@danieldegroot2 danieldegroot2 mentioned this issue Sep 14, 2023
Closed
@mmd-osm
Copy link

mmd-osm commented Sep 15, 2023

We seem to have an inactive Apache rewrite rule that redirects API traffic to the api.* host. I couldn't really figure out why it hasn't been used in the last 10 years. Perhaps it has caused some issues with some clients, that were not expecting a redirect.

https://github.com/openstreetmap/chef/blob/db5bd546be847bd5264dd09baf473dda96ea7810/cookbooks/web/templates/default/apache.frontend.erb#L197-L208

@tomhughes
Copy link
Member

The commenting out predates chef so I can't say for sure though I do remember adding that but my guess is that the main culprint was curl (or libcurl based things) as it is infamous for not following redirects by default.

This was referenced Sep 20, 2023
Closed
Closed
@pnorman pnorman added the service:api issues related to the API label Sep 27, 2023
@bhousel bhousel mentioned this issue Sep 28, 2023
Closed
@tyrasd
Copy link
Member

tyrasd commented Sep 30, 2023

I'm assuming that the OAuth2 endpoints are not considered to be "part of the API" in this context, or are they?

@mmd-osm
Copy link

mmd-osm commented Oct 1, 2023
edited
Loading

OAuth2 endpoints don't seem to work on api.openstreetmap.org. I didn't manage to get a new access token, nor validate an existing one using the introspection endpoint. I'm getting a 301 redirect to https://www.openstreetmap.org/oauth2/token and then 404 when the client tries to send a GET instead of POST.

@tomhughes
Copy link
Member

Bear in mind that currently api.openstreetmap.org just redirects to www.openstreetmap.org and curl at least doesn't preserve authorization headers across the redirect - at least that was the problem I encountered testing with /oauth2/token/info.

I haven't managed to find a way to make the introspection endpoint work at all so I haven't been able to look into what is going on with that but it may be something similar.

@mmd-osm
Copy link

mmd-osm commented Oct 6, 2023
edited
Loading

I'm using introspection in a mod_oauth2 Apache module config. An Overpass API server acts as a resource server, and can only be used with a valid Bearer token, originating from osm.org and issued for a certain client application.

This is how introspection looks like in Postman: I'm using OAuth2.0 for authorization. Note that the Bearer token in the HTTP header needs to be different from one in the HTTP body.

image

tyrasd added a commit to openstreetmap/iD that referenced this issue Oct 10, 2023
@tyrasd
use api.osm.org url for OSM API calls
c4d1390 
see openstreetmap/operations#951
This was referenced Oct 11, 2023
Merged
Merged
Merged
Open
danieldegroot2 added a commit to openstreetmap-polska/openaedmap-frontend that referenced this issue Oct 11, 2023
@danieldegroot2
Switch to api.openstreetmap.org API host
2b7c9a8 
Use `api.openstreetmap.org/api/` -and HTTPS- instead of `www.openstreetmap.org/api/*`.

(Is: openstreetmap/operations#951)
This was referenced Oct 11, 2023
Closed
Merged
Open
Merged
Merged
Merged
Merged
eserte added a commit to eserte/bbbike that referenced this issue Oct 12, 2023
@eserte
switch to api.openstreetmap.org
00f83c1 
See openstreetmap/operations#951
This was referenced Oct 12, 2023
Closed
Merged
Merged
Merged
bhousel added a commit to osmlab/osm-auth that referenced this issue Oct 24, 2023
@bhousel
Support separate urls for OAuth handshake and OSM API usage
b42ca40 
(closes #123)

see also:
openstreetmap/operations#951
facebook/Rapid#1130
openstreetmap/iD@c4d1390
@danieldegroot2 danieldegroot2 mentioned this issue Oct 27, 2023
Closed
LaoshuBaby added a commit to geo-yuheng/Yuheng that referenced this issue Oct 28, 2023
@LaoshuBaby
Switch to api.openstreetmap.org API host
a73a751 
openstreetmap/operations#951
This was referenced Oct 31, 2023
Open
Merged
Open
Closed
Open
Closed
Closed
Open
Open
Closed
Closed
Open
Open
Open
Merged
Closed
Closed
Closed
Closed
@Zaczero
Copy link

Zaczero commented Nov 3, 2023

https://www.openstreetmap.org/api/0.6/notes/16161
https://www.openstreetmap.org/api/0.6/notes/16161.json

Note responses still use https://www.openstreetmap.org/api/0.6/ URLs

@danieldegroot2 danieldegroot2 mentioned this issue Nov 5, 2023
Open
2 tasks
tyrasd added a commit to osmlab/openstreetmap-website that referenced this issue Nov 8, 2023
@tyrasd
use api.openstreetmap.org for API calls when running on www.osm.org
f8561c2 
see openstreetmap/operations#951
@tyrasd tyrasd mentioned this issue Nov 8, 2023
Merged
tyrasd added a commit to osmlab/openstreetmap-website that referenced this issue Nov 8, 2023
@tyrasd
use api.openstreetmap.org for API calls when running on www.osm.org
b834bd7 
see openstreetmap/operations#951
@gravitystorm
Copy link
Collaborator

Currently some API users use www.openstreetmap.org as the API host, they should switch to using api.openstreetmap.org

I don't understand the point in doing this - I think I've either missed the explanation, or it hasn't yet been explained.

The linked issue suggests that different timeouts, but that can either by handled by the application, or be different based on the URL paths.

So what advantage is there in having two different domains for the same application?

starsep pushed a commit to openstreetmap-polska/openaedmap-frontend that referenced this issue Nov 14, 2023
@danieldegroot2 @starsep
Switch to api.openstreetmap.org API host
c8ff007 
Use `api.openstreetmap.org/api/` -and HTTPS- instead of `www.openstreetmap.org/api/*`.

(Is: openstreetmap/operations#951)
@danieldegroot2 danieldegroot2 mentioned this issue Nov 27, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
service:api issues related to the API
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@tomhughes @Firefishy @gravitystorm @pnorman @tyrasd @mmd-osm @Zaczero