Skip to content
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions api-reference/openapi/social.json
Original file line number Diff line number Diff line change
Expand Up @@ -482,7 +482,7 @@
},
"/api/apify/runs/{runId}": {
"get": {
"description": "Check the status and retrieve results from Apify scraper runs. This endpoint uses the Apify API Client to fetch the current status of a scraper run and its results if available. Use the runId returned from endpoints like Instagram Comments, Instagram Profiles, Social Scrape, or Artist Socials Scrape to poll for results.",
"description": "Check the status and retrieve results from Apify scraper runs. This endpoint uses the Apify API Client to fetch the current status of a scraper run and its results if available. Use the runId returned from endpoints like Instagram Comments, Instagram Profiles, Social Scrape, or Artist Socials Scrape to poll for results. Requires authentication: any valid API key or Bearer token can poll any run id — scrape results are public social content and run ids are unguessable, so possession of a runId plus a valid credential is sufficient.",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1: The GET /api/apify/runs/{runId} endpoint description says "Requires authentication: any valid API key or Bearer token can poll any run id" but the endpoint has no security field. Other authenticated endpoints in this file (e.g., GET /api/artists/{id}/posts, GET /api/connectors) explicitly declare security: [{ "apiKeyAuth": [] }, { "bearerAuth": [] }]. Without a security declaration, the OpenAPI spec tells consumers that this endpoint accepts unauthenticated requests, contradicting both the description and the new contract.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At api-reference/openapi/social.json, line 485:

<comment>The GET /api/apify/runs/{runId} endpoint description says "Requires authentication: any valid API key or Bearer token can poll any run id" but the endpoint has no `security` field. Other authenticated endpoints in this file (e.g., GET /api/artists/{id}/posts, GET /api/connectors) explicitly declare `security: [{ "apiKeyAuth": [] }, { "bearerAuth": [] }]`. Without a `security` declaration, the OpenAPI spec tells consumers that this endpoint accepts unauthenticated requests, contradicting both the description and the new contract.</comment>

<file context>
@@ -482,7 +482,7 @@
     "/api/apify/runs/{runId}": {
       "get": {
-        "description": "Check the status and retrieve results from Apify scraper runs. This endpoint uses the Apify API Client to fetch the current status of a scraper run and its results if available. Use the runId returned from endpoints like Instagram Comments, Instagram Profiles, Social Scrape, or Artist Socials Scrape to poll for results. Authorization is account-scoped: the account that started the run via the [Social Scrape](/api-reference/social/scrape) endpoint (or an admin) can poll it. Runs started by other accounts return 403; run ids with no recorded owner — including runs started before ownership tracking existed and runs started from other endpoints — return 404 for non-admin callers.",
+        "description": "Check the status and retrieve results from Apify scraper runs. This endpoint uses the Apify API Client to fetch the current status of a scraper run and its results if available. Use the runId returned from endpoints like Instagram Comments, Instagram Profiles, Social Scrape, or Artist Socials Scrape to poll for results. Requires authentication: any valid API key or Bearer token can poll any run id — scrape results are public social content and run ids are unguessable, so possession of a runId plus a valid credential is sufficient.",
         "parameters": [
           {
</file context>

"parameters": [
{
"name": "runId",
Expand Down Expand Up @@ -538,7 +538,7 @@
},
"/api/socials/{id}/scrape": {
"post": {
"description": "Trigger a social profile scraping job for a given social profile. Use the [Get Artist Socials](/api-reference/artists/socials) endpoint first to retrieve the social profile id values. The response returns run metadata for polling status and retrieving results via the [Scraper Results API](/api-reference/apify/scraper).",
"description": "Trigger a social profile scraping job for a given social profile. Use the [Get Artist Socials](/api-reference/artists/socials) endpoint first to retrieve the social profile id values. The response returns run metadata for polling status and retrieving results via the [Scraper Results API](/api-reference/apify/scraper). Completed runs also persist the scraped profile stats (follower/following counts, avatar, bio) to the social row, and on Instagram, TikTok, and X/Twitter the scraped post URLs are saved and appear in [Get Artist Posts](/api-reference/posts/get).",
"parameters": [
{
"name": "id",
Expand Down