404 error trying to authenticate with API OAuth


I was following the tutorial here: http://xibo.org.uk/2014/02/19/scripting-xibo-content-management-a-brief-tour-of-the-api/

It’s throwing an exception when I try to generate the Access Token: “Exception: Invalid response 404”

I have configured the defaults.cfg file and have tried a number of different values for the ‘url’:

If I use a web browser to open http://my.server.com/api/authorize, I do get a response from the API so I know it’s there… but none of the above works. Any thoughts?


I’m not familiar with 1.7 api, but the url in defaults.cfg should be just a full path to your Xibo installation.
If you have that and the consumer key and secret from Applications page in defaults.cfg and run the script it should generate correct link to authorise the API.

Unless it’s something urgent that you need from 1.7 api, I’d wait for 1.8 release (or try 1.8rc1) that has a lot better, more compete, documented and tested API.

Thanks Peter! I think you might be on to something – I’m using 1.8rc1.

I read the documentation - services.php does not seem to exist (I get a 404 trying to access it from the web browser; I haven’t yet figured out how to view the web server’s file system using Docker.)

Is there some other 1.8rc1 documentation I should be looking at?


ahh well that makes sense then :smiley:

1.8 api is documented here - http://xibo.org.uk/manual-tempel/en/api.html
and the 1.8 calls are documented here - http://xibo.org.uk/manual-tempel/api/

I think I’ll create some guide about API access and some example calls using Postman (which I’d recommend it’s quite great) later today - could be useful for community.

Edit - 1.8 API Introduction

Peter - many thanks. I used your new tutorial and things are working well!!

Cool, I’m glad it was useful to you :slight_smile:

Hello, guys!

I’m getting the same error when trying to access through python. The whole situation looks the same. I’m able to connect to CMS through Postman. I can’t find in documentation something regarding to services.php. Can you give me more details on that?

Many thanks!

The guide referenced at the beginning relates to the old 1.7 API.

The API for 1.8 is different and the two are not compatible.

Alex, thanks for reply!

Now it’s clear.
Is there any python example on authorization part? Or i can write it using oauth2 and requests libraries?(if you know them)


We’ve not published an example no. I’m sure there are libraries for Python and OAUTH.

We do publish some wrappers for PHP which might be a better option for you.

Thanks a lot, Alex!

If i succeed in that, will post here.



import base64
import requests

url = ''
layoutsurl = ',playlists'
consumer_key = 'Msn1AEVOmqeuQqCEhDr6lR94zGge7JHFYEzKkht3'
consumer_secret = 'p2WsPcDMbSRi5gIyhSOm6nxRf5iJZ87JEZSeQj2oTnVQoH4wF8ogPLrtwZxdsklAnmhfs3whq99nxI1lfQXN8R4CJYYjTr2RmYd72KKG4oDtwAEvyy6czwAChSrnfbaNSyifu27Mu5ZVAa87cveDR7ql5LHhEEohNpO6yycogCNPJRHYP5YDJykMF49HWFa346esBQbu9zVnzkSsdlYvlbzlx4WZWniOblnEDo5x7t2hv7f6fUsrqVvgz5c9rW'
token = ''

bearer_token_credentials = base64.urlsafe_b64encode(
    '{}:{}'.format(consumer_key, consumer_secret).encode('ascii')).decode('ascii')
headers = {
    'Authorization': 'Basic {}'.format(bearer_token_credentials),
    'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
data = 'grant_type=client_credentials'
response = requests.post(url, headers=headers, data=data)
response_data = response.json()
if response_data['token_type'] == 'Bearer':
    bearer_token = response_data['access_token']
    headers = {
        'Authorization': 'Bearer {}'.format(bearer_token),
        'Accept-Encoding': 'gzip',
    response = requests.get(layoutsurl, headers=headers)
    response_data = response.json()
    raise RuntimeError('unexpected token type: {}'.format(response_data['token_type']))