Bungie-net
Get Vendor Sales
Hello, I'm trying to collect the daily sales from a handful of vendors (ex: Ada-1 armor mods) but I haven't had any luck figuring out how best to pose my query. My best guess so far was to use the GetVendor command but I'm getting 'InsufficientPrivileges' errors. (My reference: https://data.destinysets.com/api/Destiny2.GetVendor)
membershipType = "3"
destinyMembershipId = "4611686018492882082"
characterId = "2305843009700155903"
url = f"https://www.bungie.net/Platform/Destiny2/{membershipType}/Profile/{destinyMembershipId}/Character/{characterId}/Vendors?components=402"
I've seen some similar errors reported by other users and I'm wondering if there's been any progress on a method to collect common/public information from vendors. (Edit: Hit submit early by mistake)
fetching any sale information from vendors requires oauth, i.e. full authenticated access to a destiny account and its characters. an api key alone won't do it. that's why InsufficientPrivileges.
do your requests using data.destinysets.com/api work? are you signed in there?
I believe I am signed in at data.destinysets.com/api, the dropdowns populate with the guardians associated with my account. The GetVendors query works on the site but not my local script. Do I use my app "client_Id" or "client_secret" as the authorization in my header? Oddly, neither seem to work.
HEADERS = {"X-API-Key": API_KEY, "Authorization": ??? }
Slight update, I changed my bungie app settings to include:
- Read your Destiny 2 information (Vault, Inventory, and Vendors), as well as Destiny 1 Vault and Inventory data.
- OAuth Client Type = Public
Told me the change may take a few minutes to apply but I'm not sure what difference it will make given that data.destinysets.com/api worked before without them.
When you log into destinysets, you're authenticating within their app. That permission doesn't carry into your script, so if you want to run a local script with authentication, you need to work through the oauth flow using your own app's credentials -- ie, your app key, app secret, and the bearer token that is issued when you grant access as the user. With those, you'll be able to make requests to the API endpoints that require user authentication using your own app/local script.
Alright, Following https://lowlidev.com.au/destiny/authentication-2, I've updated my request header and gotten a new error message.
HEADERS = { "X-API-Key": API_KEY, "Authorization": f"Bearer {ACCESS_TOKEN}" }
ErrorCode : 2108
ThrottleSeconds : 0
ErrorStatus : AccessNotPermittedByApplicationScope
Message : Access not permitted by application scope
MessageData : {'RequiredScope': 'ReadDestinyInventoryAndVault'}
Double checking my app settings, I have both of these checked.
- Read your Destiny 2 information (Vault, Inventory, and Vendors), as well as Destiny 1 Vault and Inventory data.
- Read your Destiny 1 Vendor and Advisor information.
What am I missing here?
You mentioned "app secret", does that mean that my app oauth type must be confidential? I could understand that for some of the more personal/account-related aspects of the API. But vendor sales data should be common knowledge.
If anyone is wondering, I am still stuck here; having checked this scope yet somehow not having said permission.
- Read your Destiny 2 information (Vault, Inventory, and Vendors), as well as Destiny 1 Vault and Inventory data.
ErrorCode : 2108
ThrottleSeconds : 0
ErrorStatus : AccessNotPermittedByApplicationScope
Message : Access not permitted by application scope
MessageData : {'RequiredScope': 'ReadDestinyInventoryAndVault'}
Sorry to bump an old issue but I'm running into exactly this issue. I'm using the OAuth flow and able to get a lot of the data I want with my access token and permissions. However, when I go to use the GetVendors method I'm getting the insufficient privileges error message even though I have that box checked in the app config. Was there ever resolution here?
