We haven't changed anything at this end in a long time and we've just started to receive this error yesterday. Any ideas?
Message edited by Off Exploring 4 months ago
10 months ago
I've just checked to ensure I can successfully authenticate using my credentials. Are you able to login to the website using the email and password with which you are authenticating?
10 months ago
Yes, I can log in to the website without any problems. I can confirm that the two sets of credentials are the same.
I'm having trouble figuring out what's going on without being able to reproduce it. What happens if you
We did have a recent release that could possibly be related to the trouble you're having, but I don't know what could have caused a sudden inability to authenticate an existing account.
10 months ago
I'm seeing the same thing. I cannot authenticate with my username and password any longer, even though it worked fine before.
Also, Josiah, I tried resetting my password and creating a new account. Neither worked. Still seeing the response:
<message>You have entered an invalid email and/or password.</message>
I tried resetting the password on the account and updating the code - no change to the error
I also tried another account (one I'd created previously for a personal project) and I'm getting the same error.
(As an aside, the problem did seem to coincide with the "We're Renovating!" message and changes to the account screen.)
You're right, there was a release last week that involved a fair amount of account-related code. I'm talking with that team and trying to figure out what could be going on. I'll update you guys as soon as I find something out.
One possibility is that the call is going through a redirection. The URL that must be hit is
If you hit either of these URLs
https://lulu.com/account/endpoints/authenticator.php (missing www. subdomain)
the call will be redirected, and in the process (depending on your HTTP library) you'll likely be dropping the POST data and performing a GET on the new URL. This is not new behavior, however, so I'm not banking on that being the problem. I just wanted to make the suggestion in case it is.
Thanks for the suggestion - checked the code at this end and the call is directly to the https://www URL.
Best of luck with your investigation!
Just to rule out the possibility that there is something wrong with the request, could you try hitting the authenticator.php endpoint directly with a web browser?
replacing the email and password as appropriate.
Josiah, hitting the authenticator.php endpoint directly worked for me! It responded with an access token. However, using those same credentials via the API still fails.
If the credentials are being accepted via a browser request but not via calling code, it sounds as if the recent release involved a change that may have affected how some nuance of the request is being processed.
MG and OE - could you guys post some example code that reproduces the problem? I'm curious what language/library you're using to make the call.
Here's the PHP code I've used, with the credentials redacted.
I think I see what's happening. The authenticator endpoint expects a request with a content-type of application/x-www-form-urlencoded (simple key value pairs) in the POST data.
If you pass an array as the $data argument here
then PHP's cURL library will force the request into a multipart/form-data request (even if you explicitly set the Content-type header). Instead, generate a query string-style url encoded POST body (username=<username>&password=<password>&responseType=json) and it will use the correct content type. If can be useful to use
curl_setopt($ch, CURLOPT_VERBOSE, 1);
to tell the library to include useful information about how the request and response look when the call is made.
Hope this helps!
Indeed, it now works if I pass the arguments as a string!
The other endpoints, such as base_cost, successfully handle the parameters as key/value pairs. It seems that the authenticator endpoint handles it differently.
Btw, Josiah, thanks for all of your prompt attention helping resolve this matter. It's greatly appreciated!
That's solved it for us too. Thanks for your help Josiah!
Excellent, I'm glad things are working for you guys. I'll be filing a bug to address the change in accepted content-types. Sorry for the inconvenience.
Please sign in to add a post.