To secure our passwords and API keys used on our website we use Microsoft Keyvault on Azure. Every time a user visits our website I make a connection to Keyvault and get the passwords and API keys. This means that every refresh of one of our pages of our website executes the following PHP code. This works perfectly and fast, but I would like to reduce the amount of logins to Microsoft Keyvault.
How can I check if the token is still valid for this user without saving the token in a session.
// GET TOKEN
$url = "https://login.microsoftonline.com/GUID/oauth2/v2.0/token";
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$headers = array(
"Content-Type: application/x-www-form-urlencoded",
);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$data = "grant_type=client_credentials&client_id=GUID&client_secret=CLIENTSECRET&scope=https://vault.azure.net/.default";
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
$response = curl_exec($curl);
$response = json_decode($response, true);
$token = $response['access_token'];
// LOGIN TO KEYVAULT WITH TOKEN
curl_setopt_array($curl, array(
CURLOPT_URL => "https://kv-webservice-westus.vault.azure.net/secrets/".$keyvault_secret."?api-version=7.2",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 5,
CURLOPT_TIMEOUT => 25,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
'Authorization: Bearer '.$token.''
),
));
$response = curl_exec($curl);
curl_close($curl);
$response = json_decode($response, true);
$keyvault_secret = $response['value'];
Related
I'm trying to access to an API that needs and Access Token but I don't know how to implement the token part. This is how I connect to the API. What is wrong in my code?
$ch = curl_init();
$authorization = 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6Im5aTHhod...';
$headers = array(
'Content-type: application/json',
$authorization,
);
curl_setopt($ch, CURLOPT_URL, "https://graph.microsoft.com/v1.0/me/onenote/notebooks");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$res = curl_exec($ch);
curl_close($ch);
echo $res;
Just a matter of constructing the header, give this a try:
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://graph.microsoft.com/v1.0/me/onenote/notebooks',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'GET',
CURLOPT_HTTPHEADER => array(
'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6Im5aTHhod'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
I have trying this all day, but couldn't find a way out.
I have two codes; the first one generates an AccessToken that will be used to call an API. I also parsed the Json output so that, I can have only the AccessToken parameter displayed... Here's the code;
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://sandbox.monnify.com/api/v1/auth/login/");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
"Content-Type: application/json",
"Authorization: Basic TUtfVEVTVF9TQUY3SFI1RjNGOjRTWTZUTkw4Q0szVlBSU0JUSFRSRzJOOFhYRUdDNk5M"
));
$response = curl_exec($ch);
$token = json_decode($response, true);
$at = $token['responseBody'];
echo $at['accessToken'];
curl_close($ch);
The above code outputs the token.
Now, this is the code that sends the request below;
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://sandbox.monnify.com/api/v1/bank-transfer/reserved-accounts/ogmic1",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsibW9ubmlmeS1wYXltZW50LWVuZ2luZSJdLCJzY29wZSI6WyJwcm9maWxlIl0sImV4cCI6MTYwMTE0MDA0MywiYXV0aG9yaXRpZXMiOlsiTVBFX1JFVFJJRVZFX1JFU0VSVkVEX0FDQ09VTlQiLCJNUEVfREVMRVRFX1JFU0VSVkVEX0FDQ09VTlQiLCJNUEVfUkVUUklFVkVfUkVTRVJWRURfQUNDT1VOVF9UUkFOU0FDVElPTlMiLCJNUEVfSU5JVElBTElaRV9QQVlNRU5UIiwiTVBFX1JFU0VSVkVfQUNDT1VOVCIsIk1QRV9DQU5fUkVUUklFVkVfVFJBTlNBQ1RJT04iXSwianRpIjoiNmQ0OTA0ZDQtMzNjYy00Y2NlLWI3OTgtODg3ZjdlOTEwM2JhIiwiY2xpZW50X2lkIjoiTUtfVEVTVF9TQUY3SFI1RjNGIn0.jqjtn8uyVxSL8oVPNHojMRzqiPx__xYTzoPCsi5IJgiXd184Nc6XSp7QaZlbav6NjXQAt8uuYWVuEqZpJoHJSJlvR-QbpV_pkx582EV0cGdTNzFAUgyrRYvWxmFmNeS-XBVk0-8labvDqyLHcpjfoT_FaiBylY2ek99G8WvXxnvLE1STY91blhMb3UCKBykDzVlmX0U6gvWd9Btgb1-Zb18Olt-GHmsYavBDSvSpptSiIleFPsZzL1O_u366DVMmGrCq-1iqYpBBRixU0uslTsp17VJfvHJUwciPSHDDaPK2iH6QP7Nv4jPYMNhs8MW7L67NYO9yohD9qfAOTyWv6g"
),
));
$response = curl_exec($curl);
$objs = json_decode($response, true);
$rp = $objs['responseBody'];
echo "<div class='dlmenu1'> <span style='background:#fff;color:#295f2d;font-size:13px;text-align:center;font-weight:bold;padding:2px;margin-right:3px;'>" .
$rp['accountNumber'] . "</span>";
echo "<span style='background:#fff;color:#295f2d;font-size:13px;text-align:center;font-weight:bold;padding:2px;margin-right:3px;'>(" . $rp['bankName'] . ")</span>";
echo "<span style='background:#fff;color:#295f2d;font-size:13px;text-align:center;padding:2px;margin-right:3px;'>" . " - Instant Funding</span></div>";
curl_close($curl);
I need help on how I can pass the AccessToken generated in the first code to the second one (the two codes combined), so that it can serve as the Authorization Bearer.
I don't mind if the two codes can be combined.
Thanks
I recently got a new job. They need me to get information from ShipStation through the API using PHP. I'm fairly new to PHP and even newer to ShipStation. I copied the code from the API documentation and attempted to add the code for authorization. This is what I've got:
<?php
$apiKey = "my_api_key";
$apiSecret = "my_api_secret";
$auth = base64_encode($apiKey . ":" . $apiSecret);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://ssapi.shipstation.com/orders");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
"Authorization: Basic " . $auth
));
$response = curl_exec($ch);
curl_close($ch);
var_dump($response);
?>
Instead of giving me order information it's just returning bool(false).
I guess I'm just not seeing what I'm doing wrong. Any help would be greatly appreciated. Thanks!
This is coming up in searches for the query "Shipstation API PHP" so I wanted to point to this answer How do I make a request using HTTP basic authentication with PHP curl? and reiterate that it's a basic auth so you just need to do
curl_setopt($ch, CURLOPT_USERPWD, $apiKey . ":" . $apiSecret);
I'd also recommend sending it over a secure connection to avoid man in the middle reading your API credentials.
I connect with CURL this way:
$url = 'https://ssapi.shipstation.com/orders';
$ShpStnAuth = 'Authorization: basic '.base64_encode('key:pair');
$curl = curl_init();
curl_setopt_array(
$curl, array(
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'GET',
CURLOPT_HTTPHEADER => array(
'Host: ssapi.shipstation.com',
$this->ShpStnAuth,
),
)
);
$response = curl_exec($curl);
curl_close($curl);
print_r($response);
hello i'm using code used by other people who supposedly have gotten it to work and have gotten their token information retrieved. The code is as follows:
$ch = curl_init();
$clientId = "myclientid";
$secret = "mysecret";
curl_setopt($ch, CURLOPT_URL, "https://api.sandbox.paypal.com/v1/oauth2/token");
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSLVERSION , 6); //NEW ADDITION
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, $clientId.":".$secret);
curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=client_credentials");
$result = curl_exec($ch);
if(empty($result))die("Error: No response.");
else
{
$json = json_decode($result);
print_r($json->access_token);
}
curl_close($ch); //THIS CODE IS NOW WORKING!
I retrieved this code from Paypal API with PHP and cURL and have seen it implemented in some others peoples code so i assume that it works. However i'm only receiving no response even though i am supplying the correct client id and secret (maybe a recent update has broken this code?).
The guide provided by Paypal on getting the access token is found here-> https://developer.paypal.com/docs/integration/direct/make-your-first-call/
however it demonstrates the solution in cURL and not through the PHP cURL extension so its alittle cryptic to me. Any help?
Well it seems that it is now a requirement to declare what type of SSL Version to use, thus the code above will work when curl_setopt($ch, CURLOPT_SSLVERSION , 6); //tlsv1.2 is inserted.
Just tested the API and I can confirm this code is working :
(No SSL options)
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://api.sandbox.paypal.com/v1/oauth2/token",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_USERPWD => $PAYPAL_CLIENT_ID.":".$PAYPAL_SECRET,
CURLOPT_POSTFIELDS => "grant_type=client_credentials",
CURLOPT_HTTPHEADER => array(
"Accept: application/json",
"Accept-Language: en_US"
),
));
$result= curl_exec($curl);
$array=json_decode($result, true);
$token=$array['access_token'];
echo "<pre>";
print_r($array);
I want to make a cURL request to a URL along with the following headers :
'Content-Type: application/json',
'Authorization': 'Basic XXXXXXXXXX'
I have the following code :
<?php
$post_url = "https://api.interlinkexpress.com/user/?action=login";
$curl = curl_init($post_url);
$headers = array(
'Content-Type: application/json',
'Authorization': 'Basic XXXXXXXXX'
);
//curl_setopt($curl, CURLOPT_USERPWD, "username":"Password");
curl_setopt($curl, CURLOPT_URL, $post_url);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_POST, true);
//curl_setopt($curl, CURLOPT_POSTFIELDS,json_encode($post_data) );
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
$post_response = curl_exec($curl);
?>
it is showing the result as :
Client sent a Bad Request
which is the 'Authorization...' line under the $header array
Any suggestions/help is appreciated.
problem is in header.It needs to be fixed.authorization will e whole string like this:
$headers = array(
'Content-Type: application/json',
'Authorization: Basic XXXXXXXXX'
);
let me give you a full example of curl:
function CurlSendPostRequest($url,$request)
{
$authentication = base64_encode("username:password");
$ch = curl_init($url);
$options = array(
CURLOPT_RETURNTRANSFER => true, // return web page
CURLOPT_HEADER => false, // don't return headers
CURLOPT_FOLLOWLOCATION => false, // follow redirects
// CURLOPT_ENCODING => "utf-8", // handle all encodings
CURLOPT_AUTOREFERER => true, // set referer on redirect
CURLOPT_CONNECTTIMEOUT => 20, // timeout on connect
CURLOPT_TIMEOUT => 20, // timeout on response
CURLOPT_POST => 1, // i am sending post data
CURLOPT_POSTFIELDS => $request, // this are my post vars
CURLOPT_SSL_VERIFYHOST => 0, // don't verify ssl
CURLOPT_SSL_VERIFYPEER => false, //
CURLOPT_VERBOSE => 1,
CURLOPT_HTTPHEADER => array(
"Authorization: Basic $authentication",
"Content-Type: application/json"
)
);
curl_setopt_array($ch,$options);
$data = curl_exec($ch);
$curl_errno = curl_errno($ch);
$curl_error = curl_error($ch);
//echo $curl_errno;
//echo $curl_error;
curl_close($ch);
return $data;
}
500 Error typically suggests that the error is on the server side. You can probably try to emulate your request ( I would personally recommend using Advanced ReST Client, which is a google-chrome app), to verify whether this is the case.