Bug overview description.
i am unable to vote using API.
What part(s) of the site page(s) are affected?
/post/vote.json as described in the API docs
What is the expected behavior?
a success response
What actual behavior is given instead?
404 not found
Time of incident (if applicable).
current
Can you reproduce the bug every time?
yes
What steps did you take to replicate this bug?
submit query: https://e621.net/post/vote.json?id=2051732&score=1
Errors or other messages returned (if any).
just a 404 redirect

Post to https://e621.net/post/vote.json and send form content with id, score, login and password_hash instead. That works fine for me.

couldn't voting with API be used maliciously coz of DDOS? maybe that's why it's not standard..

do6kids9 said:
What steps did you take to replicate this bug?
submit query: https://e621.net/post/vote.json?id=2051732&score=1
Errors or other messages returned (if any).
just a 404 redirect

That's a HTTP GET request, which is used for getting data from the API, in order to alter data you need to use HTTP POST instead.

POST is easier done with a script, and can't easily be done by just visiting a URL like you can with GET, a lot of programming languages have libraries for handling HTTP requests to make things easier.

Versperus said:
couldn't voting with API be used maliciously coz of DDOS? maybe that's why it's not standard..

There's quite a few API endpoints which could cause a DDoS more effectively than the voting thing, not saying which ones for obvious reasons, but it seems that it's more a "deal with it if people exploit it" kind of a thing.

As far as I'm aware the new/beta site is faster overall, so shouldn't have half the issues of the current one regarding API/DDoS issues.

yea, seems like i was using GET, its working fine with POST

[edit] actually, i think the issue was that the API docs say the username parameter is login

login

Your username
password_hash Your API key. For legacy reasons this field does not reflect what it actually contains.

the example used the name variable though.

so yea, anyways i can vote now

It is stated in the API help page (emphasis mine):

API Documentation in "Basics" says:
HTTP defines two request methods: GET and POST. You'll be using these two methods to interact with the e621 API. Most API calls that change the state of the database (like creating, updating, or deleting something) require an HTTP POST call. API calls that only retrieve data can typically be done with an HTTP GET call.

In few words: Anything that will change things needs a POST request, GET is for the rest.

You should read more carefully c: