-
POST()
,PUT()
andPATCH()
now dropNULL
body elements this is convenient and consistent with url query params. -
The biggest change in this version is that httr no longer uses the RCurl package. Instead it uses the curl package, fresh binding to libcurl written by Jeroen Ooms (#172). This should make httr more reliable and no longer prone to the "easy handle already used in multi handle" error. This change shouldn't affect any code that uses httr - all the changes have happened behind the scenes.
-
cookies
argument tohandle()
is deprecated - cookies are always turned on by default. -
brew_dr()
has been renamed tohttr_dr()
- that's what it should've been in the first place! -
Uses
CURL_CA_BUNDLE
environment variable to look for cert bundle on Windows (#223). -
safe_callback()
is deprecated - it's no longer needed with curl. -
config()
now clean up duplicated options (#213). -
POST()
andPUT()
now clean up after themselves when uploading a single file (@mtmorgan). -
proxy()
gains anauth
argument which allows you to pick the type of http authentication used by the proxy (#216). -
context(type = "auto")
uses a better strategy for text based formats (#209). This should allow theencoding
argument to work more reliably. -
content(type = "text")
compares encodings in a case-insensitive manner (#209). -
POST(encode = 'json')
now automatically turns length-1 vectors into json scalars. To prevent this automatic "unboxing", wrap the vector inI()
(#187). -
oauth1.0_token
andoauth2.0_token
now permit theoauth_listener
to listen on a custom IP address and port (the previously hardwired ip:port of127.0.0.1:1410
is now just the default). This permits authentication to work under other settings, such as inside docker containers (which require localhost uses0.0.0.0
instead) (#211, @cboettig).
-
Correctly parse headers with multiple
:
, thanks to @mmorgan (#180). -
In
content()
, if no type is provided to function or specified in headers, and we can't guess the type from the extension, we now assume that it'sapplication/octet-stream
(#181). -
Throw error if
timeout()
is less than 1 ms (#175). -
Improved LinkedIn OAuth demo (#173).
-
New
write_stream()
allows you to process the response from a server as a stream of raw vectors (#143). -
Suport for Google OAuth2 service accounts. (#119, thanks to help from @siddharthab).
-
VERB()
allows to you use custom http verbs (#169). -
New
handle_reset()
to allow you to reset the handle if you get the error "easy handle already used in multi handle" (#112). -
Uses R6 instead of RC. This makes it possible to extend the OAuth classes from outside of httr (#113).
-
Now only set
capath
on Windows - system defaults on linux and mac ox seem to be adequate (and in some cases better). I've added a couple of tests to ensure that this continues to work in the future.
-
vignette("api-packages")
gains more detailed instructions on setting environment variables, thanks to @jennybc. -
Add
revoke_all()
to revoke all stored tokens (if possible) (#77). -
Fix for OAuth 2 process when using
options(httr_oob_default = TRUE)
(#126, @WillemPaling). -
New
brew_dr()
checks for common problems. Currently checks if your libCurl uses NSS. This is unlikely to work so it gives you some advice on how to fix the problem (thanks to @eddelbuettel for debugging this problem). -
Content-Type
set to title case to avoid errors in servers which do not correctly implement case insensitivity in header names. (#142, #146) thanks to Håkon Malmedal (@hmalmedal) and Jim Hester (@jimhester). -
Correctly parse http status when it only contains two components (#162).
-
Correctly parse http headers when field name is followed by any amount (including none) of white space.
-
Default "Accepts" header set to
application/json, text/xml, application/xml, */*
: this should slightly increase the likelihood of getting xml back.application/xml
is correctly converted to text before being parsed toXML::xmlParse()
(#160). -
Make it again possible to override the content type set up by
POST()
when sending data (#140). -
New
safe_callback()
function operator that makes R functions safe for use as RCurl callbacks (#144). -
Added support for passing oauth1 tokens in URL instead of the headers (#145, @bogstag).
-
Default to out-of-band credential exchange when
httpuv
isn't installed. (#168)
-
new_token()
has been removed - this was always an internal function so you should never have been using it. If you were, switch to creating the tokens directly. -
Deprecate
guess_media()
, and instead usemime::guess_type()
(#148).
-
You can now save response bodies directly to disk by using the
write_disk()
config. This is useful if you want to capture large files that don't fit in memory (#44). -
Default accept header is now "application/json, text/xml, /" - this should encourage servers to send json or xml if they know how.
-
httr_options()
allows you to easily filter the options, e.g.httr_options("post")
-
POST()
now specifies Curl options more precisely so that Curl know's that you're doing a POST and can respond appropriately to redirects.
-
Preliminary and experimental support for caching with
cache_info()
andrerequest()
(#129). Be aware that this API is likely to change in the future. -
parse_http_date()
parses http dates according RFC2616 spec. -
Requests now print the time they were made.
-
Mime type
application/xml
is automatically parsed with ``XML::xmlParse()`. (#128)
-
Now possible to specify both handle and url when making a request.
-
content(type = "text")
usesreadBin()
instead ofrawToChar()
so that strings with embedded NULLs (e.g. WINDOWS-1252) can be re-encoded to UTF-8. -
DELETE()
now returns body of request (#138). -
headers()
is now a generic with a method for response objects. -
parse_media()
failed to take into account that media types are case-insenstive - this lead to bad re-encoding for content-types like "text/html; Charset=UTF-8" -
Typo which broke
set_cookies()
fixed by @hrbrmstr. -
url_ok()
works correctly now, instead of always returningFALSE
, a bug since version 0.4 (#133). -
Remove redundant arguments
simplifyDataFrame
andsimplifyMatrix
for json parser.
-
New
headers()
andcookies()
functions to extract headers and cookies from responses. Previoulsy internalstatus_code()
function now exported to extractstatus_code()
from responses. -
POST()
,PUT()
, andPATCH()
now useencode
argument to determine how list inputs are encoded. Valid values are "multiple", "form" or "json". Themultipart
argument is now deprecated (#103). You can stream a single file from disk withupload_file("path/")
. The mime type will be guessed from the extension, or can be supplied explicitly as the second argument toupload_file()
. -
progress()
will display a progress bar, useful if you're doing large uploads or downloads (#17). -
verbose()
now uses a custom debug function so that you can see exactly what data is sent to the server. Arguments control exactly what is included, and the defaults have been selected to be more helpful for the most common cases (#102). -
with_verbose()
makes it easier to see verbose information when http requests are made within other functions (#87).
-
New
quickstart
vignette to help you get up and running with httr. -
New
api-packages
vignette describes how best practices to follow when writing R packages that wrap web APIs. -
httr_options()
lists all known config options, translating between their short R names and the full libcurl names. Thecurl_doc()
helper function allows you to jump directly to the online documentation for an option.
-
authenticate()
now defaults totype = "basic"
which is pretty much the only type of authentication anyone uses. -
Updated
cacert.pem
to version at 2014-04-22 (#114). -
content_type()
,content_type_xml()
andcontent_type_json()
make it easier to set the content type forPOST
requests (and other requests with a body). -
has_content()
tells you if request has any content associated with it (#91). -
Add
is_interactive()
parameter tooauth_listener()
,init_oauth1.0()
andinit_oauth2.0()
(#90). -
oauth_signature()
andoauth_header()
now exported to make it easier to construct custom authentication for APIs that use only some components of the full OAuth process (e.g. 2 legged OAuth). -
NULL
query
parameters are now dropped automatically. -
When
print()
ing a response, httr will only attempt to print the first few lines if it's a text format (i.e. either the main type is text or is application/json). It will also truncate each line so that it fits on screen - this should hopefully make it easier to see a little bit of the content, without filling the screen with gibberish. -
new_bin()
has been removed: it's easier to see what's going on in examples withhttpbin.org
.
-
user_agent()
once again overrides default (closes #97) -
parse(type = "auto")
returns NULL if no content associated with request (#91). -
Better strategy for resetting Curl handles prevents carry-over of error status and other problems (#112).
-
set_config()
andwith_config()
now work withtoken
s (#111).
OAuth 2.0 has recieved a major overhaul in this version. The authentication dance now works in more environments (including RStudio), and is generally a little faster. When working on a remote server, or if R's internet connection is constrained in other ways, you can now use out-of-band authentication, copying and pasting from any browser to your R session. OAuth tokens from endpoints that regularly expire access tokens can now be refreshed, and will be refresh automatically on authentication failure.
httr now uses project (working directory) based caching: every time you
create or refresh a token, a copy of the credentials will be saved in
.httr-oauth
. You can override this default for individual tokens with the
cache
parameter, or globally with the httr_oauth_cache
option. Supply
either a logical vector (TRUE
= always cache, FALSE
= never cache,
NA
= ask), or a string (the path to the cache file).
You should NOT include this cache file in source code control - if you do,
delete it, and reset your access token through the corresponding web interface.
To help, httr will automatically add appropriate entries to .gitignore
and
.Rbuildignore
.
These changes mean that you should only ever have to authenticate once per project, and you can authenticate from any environment in which you can run R. A big thanks go to Craig Citro (@craigcitro) from google, who contributed much code and many ideas to make this possible.
-
The OAuth token objects are now reference classes, which mean they can be updated in place, such as when an access token expires and needs to be refreshed. You can manually refresh by calling
$refresh()
on the object. You can force reinitialisation (to do the complete dance from scratch) by calling$reinit(force = TRUE)
. -
If a signed OAuth2 request fails with a 401 and the credentials have a
refresh_token
, then the OAuth token will be automatically refreshed (#74). -
OAuth tokens are cached locally in a file called
.httr-oauth
(unless you opt out). This file should not be included in source code control, and httr will automatically add to.gitignore
and.Rbuildignore
. The caching policy is described in more detail in the help for theToken
class. -
The OAuth2 dance can now be performed without running a local webserver (#33, thanks to @craigcitro). To make that the default, set
options(httr_oob_default = TRUE)
. This is useful when running R remotely. -
Add support for passing oauth2 tokens in headers instead of the URL, and make this the default (#34, thanks to @craigcitro).
-
OAuth endpoints can store arbitrary extra urls.
-
Use the httpuv webserver for the OAuth dance instead of the built-in httpd server (#32, thanks to @jdeboer). This makes the dance work in Rstudio, and also seems a little faster. Rook is no longer required.
-
oauth_endpoints()
includes some popular OAuth endpoints.
-
HTTP verbs (
GET()
,POST()
etc) now pass unnamed arguments toconfig()
and named arguments tomodify_url()
(#81). -
The placement of
...
inPOST()
,PATCH()
andPUT()
has been tweaked so that you must always specifybody
andmultipart
arguments with their full name. This has always been recommended practice; now it is enforced. -
httr
includes its own copy ofcacert.pem
, which is more recent than the version included in RCurl (#67). -
Added default user agent which includes versions of Curl, RCurl and httr.
-
Switched to jsonlite from rjson.
-
Content parsers no longer load packages on to search path.
-
stop_for_status()
now raises errors with useful classes so that you can usetryCatch()
to take different actions depending on the type of error. Seehttp_condition()
for more details. -
httr now imports the methods package so that it works when called with Rscript.
-
New automatic parsers for mime types
text/tab-separated-values
andtext/csv
(#49) -
Add support for
fragment
in url building/parsing (#70, thanks to @craigcitro). -
You can suppress the body entirely in
POST()
,PATCH()
andPUT()
withbody = FALSE
.
-
If you supply multiple headers of the same name, the value of the most recently set header will always be used.
-
Urls with missing query param values (e.g.
http://x.com/?q=
) are now parsed correctly (#27). The names of query params are now also escaped and unescaped correctly when parsing and building urls. -
Default html parser is now
XML::htmlParse()
which is easier to use with xpath (#66).
-
OAuth now uses custom escaping function which is guaranteed to work on all platforms (Fixes #21)
-
When concatenating configs, concatenate all the headers. (Fixes #19)
-
export
hmac_sha1
since so many authentication protocols need this -
content
will automatically guess what type of output (parsed, text or raw) based on the content-type header. It also automatically converts text content to UTF-8 (using the charset in the media type) and can guess at mime type from extension if server doesn't supply one. Media type and encoding can be overridden with thetype
andencoding
arguments respectively. -
response objects automatically print content type to aid debugging.
-
text_content
has becomecontext(, "text")
andparsed_content
content(, "parsed")
. The previous calls are deprecated and will be removed in a future version. -
In
oauth_listener
, use existing httpd port if help server has already been started. This allows the ouath authentication dance to work if you're in RStudio. (Fixes #15). -
add several functions related to checking the status of an http request. Those are :
status
,url_ok
andurl_success
as well asstop_for_status
andwarn_for_status
. -
build_url
: correctly add params back into full url.
-
Add new default config: use the standard SSL certificate
-
Add recommendation to use custom handles with
authenticate