Api delete item problem

[1moment 2]

Hi There,

 

Thanks for this great software, I really appreciate all the work that must go into it.

 

I have recently got into trying to use the api and I have get request stuff working with api key through header or query param however am having a strange problem with delete item request. I am using python 3.7 and requests 2.19.1 with emby 3.5.2.0. When I use the api key from adding one under advanced -> security I get this output in logs:

2018-08-19 01:14:28.173 Info HttpServer: HTTP DELETE http://192.168.1.15:8096/emby/Items?Ids=4a9c8d889365c0f7167c2a6af62b6a0e. UserAgent: python-requests/2.19.1
2018-08-19 01:14:28.186 Error HttpServer: Error processing request
	*** Error Report ***
	Version: 3.5.2.0
	Command line: /system/EmbyServer.dll -programdata /config -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartexitcode 3
	Operating system: Unix 4.14.49.0
	64-Bit OS: True
	64-Bit Process: True
	User Interactive: True
	Processor count: 8
	Program data path: /config
	Application directory: /system
	System.NullReferenceException: Object reference not set to an instance of an object.
	   at MediaBrowser.Controller.Entities.BaseItem.IsAuthorizedToDelete(User user, List`1 allCollectionFolders)
	   at MediaBrowser.Api.Library.LibraryService.Delete(DeleteItems request)
	   at Emby.Server.Implementations.Services.ServiceExecGeneral.<>c__DisplayClass5_0.<CreateExecFn>b__0(Object service, Object request)
	   at Emby.Server.Implementations.Services.ServiceExecGeneral.Execute(Type serviceType, IRequest request, Object instance, Object requestDto, String requestName)
	   at Emby.Server.Implementations.Services.ServiceController.Execute(HttpListenerHost appHost, Object requestDto, IRequest req)
	   at Emby.Server.Implementations.Services.ServiceHandler.ProcessRequestAsync(HttpListenerHost appHost, IRequest httpReq, IResponse httpRes, ILogger logger, String operationName, CancellationToken cancellationToken)
	   at Emby.Server.Implementations.HttpServer.HttpListenerHost.RequestHandler(IHttpRequest httpReq, String urlString, String host, String localPath, CancellationToken cancellationToken)
	System.NullReferenceException
	   at MediaBrowser.Controller.Entities.BaseItem.IsAuthorizedToDelete(User user, List`1 allCollectionFolders)
	   at MediaBrowser.Api.Library.LibraryService.Delete(DeleteItems request)
	   at Emby.Server.Implementations.Services.ServiceExecGeneral.<>c__DisplayClass5_0.<CreateExecFn>b__0(Object service, Object request)
	   at Emby.Server.Implementations.Services.ServiceExecGeneral.Execute(Type serviceType, IRequest request, Object instance, Object requestDto, String requestName)
	   at Emby.Server.Implementations.Services.ServiceController.Execute(HttpListenerHost appHost, Object requestDto, IRequest req)
	   at Emby.Server.Implementations.Services.ServiceHandler.ProcessRequestAsync(HttpListenerHost appHost, IRequest httpReq, IResponse httpRes, ILogger logger, String operationName, CancellationToken cancellationToken)
	   at Emby.Server.Implementations.HttpServer.HttpListenerHost.RequestHandler(IHttpRequest httpReq, String urlString, String host, String localPath, CancellationToken cancellationToken)
	
2018-08-19 01:14:28.187 Info HttpServer: HTTP Response 500 to 192.168.1.11. Time: 14ms. http://192.168.1.15:8096/emby/Items?Ids=4a9c8d889365c0f7167c2a6af62b6a0e 

I tried header and query api key, as well as "/Items" with query {itemID} as well as "/Items/{Id}" with the same results

 

At this point I was assuming this was my fault somehow sending a incorrect delete request or some similar problem however when playing around in Swagger I noticed the same command I was sending worked but had a different api key that I could not find anywhere in the web interface for emby? It was not the key I had created under security -> advanced (the only one present). I used this key in my script instead and now the same exact delete request worked?

2018-08-19 01:48:17.699 Info HttpServer: HTTP DELETE http://192.168.1.15:8096/emby/Items/4a9c8d889365c0f7167c2a6af62b6a0e. UserAgent: python-requests/2.19.1
2018-08-19 01:48:17.703 Info App: Deleting item, Type: Movie, Name: Patriots Day, Path: /movies/rotating/Patriots Day (2016)/Patriots Day.mkv, Id: 4a9c8d88-9365-c0f7-167c-2a6af62b6a0e
2018-08-19 01:48:17.704 Debug App: Deleting path /config/metadata/library/4a/4a9c8d889365c0f7167c2a6af62b6a0e
2018-08-19 01:48:17.706 Debug App: Deleting path /movies/rotating/Patriots Day (2016)
2018-08-19 01:48:17.897 Debug LibraryMonitor: New file refresher created for /movies/rotating/Patriots Day (2016)/Patriots Day.mkv
2018-08-19 01:48:17.900 Debug LibraryMonitor: Resetting file refresher from /movies/rotating/Patriots Day (2016)/Patriots Day.mkv to /movies/rotating/Patriots Day (2016)
2018-08-19 01:48:17.905 Info HttpServer: HTTP Response 204 to 192.168.1.11. Time: 207ms. http://192.168.1.15:8096/emby/Items/4a9c8d889365c0f7167c2a6af62b6a0e 

What am I missing here? Is there some permission structure for api keys? Is the one used in swagger some "admin" level key? Sorry if this all sounds very naive.

 

Thanks again

Edited August 19, 2018 by 1moment

[ebr 14940]

I believe you are missing a user ID.

[1moment 2]

I'm sorry I must not understand - I have to use userid to pull the library items with get /Users/{UserId}/Items but the documentation for delete /Items/{Id} which is the only command I could find that talked about deleting the actual file doesn't show me how to use a userid with it?

 

 

Why would one api key work and the other spit out the error?

 

Thanks!

[Luke 37134]

Hmm, ok. The issue is that right now, these tokens don't get a user id assigned, as a result this won't work because it needs to check the roles of the user assigned to the token.

 

When you create the token we need to allow you to assign roles to it,  however, given that we're not really able to do all of that development right now, I would suggest using a token that is obtained through the normal username and password authentication process. Thanks.

[1moment 2]

Ah - thank you for the explanation. I will assume that means the api key used in swagger is some "admin/root" level key and has a full access "role" assigned to it.

 

No problem - I am now using the username/password login to obtain a AccessToken with /Users/AuthenticateByName and this is working as expected.

 

Thanks again!

[Luke 37134]

Thanks for the feedback.