403 when calling AirBnb api from C#

Question

I've not used HttpClient before so apologies if it's an obvious one.

I'm poking about with the airbnb api http://airbnbapi.org/#view-listing-info

My understanding of the endpoint is that I don't need an auth token, as this is a public endpoint I'm trying to use. Unfortunately I'm getting a 403 no matter what I try to do and I'm not entirely sure why.

I've got the following code:

        client.DefaultRequestHeaders.Add("client_id", "<My client Id>");
        client.DefaultRequestHeaders.Add("locale", "en-gb");
        client.DefaultRequestHeaders.Add("currency", "gbp");

        var request = new HttpRequestMessage()
        {
            RequestUri = new Uri($"https://api.airbnb.com/v2/listings/{id}"),
            Method = HttpMethod.Get,
        };

        var task = client.SendAsync(request)
            .ContinueWith((taskwithmsg) =>
            {
                var response = taskwithmsg.Result;

                //var jsonTask = response.Content.ReadAsAsync<JsonResult>();
                //jsonTask.Wait();
                //var jsonObject = jsonTask.Result;


                return response.Content;
            });
        task.Wait();

        return task.Result;

And I'm getting the following response:

-       response    {StatusCode: 403, ReasonPhrase: 'Forbidden', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Connection: close
  Date: Tue, 04 Apr 2017 19:44:40 GMT
  Server: AkamaiGHost
  Mime-Version: 1.0
  Content-Length: 291
  Content-Type: text/html
  Expires: Tue, 04 Apr 2017 19:44:40 GMT
}}  System.Net.Http.HttpResponseMessage

Any advice?

EDIT:

Macceturra wisely suggested I try to make the call with postman.

I've now established that I can make a call in postman and get a correct response back.

Answer 1

You may need to add a cookie to the request called _aat which contains the airbnb access token. This is generated during login. You'll be able to see it by looking at the headers in Fiddler or the Net section of the browser dev tools when browsing one of your own listings when logged in. Just copy and paste it from there into your code to test if you can get the request working properly and then later you can automate the process of getting the _aat cookie within your code. Make sure the http headers in your code also match what is being sent via the browser.

Answer 2

The request you're sending has the client_id as a HTTP header, when Airbnb is expecting it as a URL parameter.

Additionally, Airbnb requires the client to send an Accept (or User-Agent) header, or else it will still return "403 Forbidden" (probably should be "400 Bad Request").

Putting that together (and deleting the unnecessary headers):

var id = ...;
var clientId = ...;
var uri = new Uri($"https://api.airbnb.com/v2/listings/{id}?client_id={Uri.EscapeDataString(clientId)}&locale=en-gb&currency=GBP");
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Add("Accept", "application/json");
await client.GetAsync(uri);

Answer 3

I've not been able to mark a single answer as the solution as it came through in the comments.

Solution

• Start by making calls in postman. This helped me realise that I should have been passing the client id as a url parameter and not as a header. Bradley Grainger went on to answer this too.
• Try and make that exact call with the HttpClient. This still returned the 403, but now we have confidence in the url we're sending.
• Change the content type to application/json. This beats the 403 and gets us a 200 with the requested data.

Big thanks to all who helped piece these steps together.