I need to retrieve order information from an API. This API needs to be authenticated to get a session token, which is used in all other API requests. Im not sure how to construct this request to include both an authentication and the request I want to make. Below is from the documentation:
The authenticate API returns a session token that is required to
access any of the other APIs. APIs require an HTTP header of
Authorization and a value of Bearer {session-token}
Sample Authenticate Request: https://api.whatever.com/api/v5/authenticate?apiKey=my-API-key Which returns:
{
"sessionToken":"UniqueSessionTokenHere"
}
Sample request I need to make: https://api.whatever.com/api/v5/inventory?itemNumber=ABC12345
Which should return inventory information but is just returning this message:
Authorization has been denied for this request.
How can I combine these to allow me to make the inventory request I need to make? I assume I would use cURL, but I cant quite figure it out.
You can use curl_setopt() with CURLOPT_HTTPHEADER to set custom headers.
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, "http://www.google.co.in");
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
'sessionToken:UniqueSessionTokenHere'
));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($curl);
curl_close($curl);
Related
I am trying to use an API which says to use it in a custom application to set a custom referer. Here's the official text:
The API requires (if enabled) a token for read operations to be send
to allow request, otherwise "Missing 'key' parameter" message will be
returned.
The security module will use the referrer heading ("referer" in Java,
HTTP_REFERER in PHP) of the request to identify and filter the
authorized domains.
I can currently log in to the web interface by using a special URL provided which seems to set the session and then redirects to the main URL. If I try navigating to the main URL directly without first using the special URL, I get a 401 error, as expected (afterwards, I can just use the main URL)
The key given below the text above is something like: http://example.com/api/?key=secretkeyhere
While I can use the API using the GUI tool in my web browser as described above, I can't figure out how to connect to it programatically. I have tried using both curl in Linux as well as curl in PHP. Both have failed.
curl from terminal:
curl --header http://example.com/api/?key=secretkeyhere http://example.com/api/search?query=terms*
curl in PHP:
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://example.com/api/search?query=terms');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, 'http://example.com/api/?key=secretkeyhere');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
$html = curl_exec($ch);
curl_close($ch);
echo "$html";
?>
I continue to get:
Unauthorized This server could not verify that you are authorized to
access the document requested. Either you supplied the wrong
credentials (e.g., bad password), or your browser doesn't understand
how to supply the credentials required.
Am I doing something wrong here? Is the API not set up correctly? I've read the man page for cURL and it seems like this is exactly what I should be doing.
I try to make HTTP request to my vendor API using curl Basic Auth like this :
//Server url
$url = "https://api.example.com/store/products?status=all&offset=0&limit=50";
$apiKey = 'xxxxxxx'; // apikey
$headers = array(
'Authorization: Basic '.$apiKey
);
// Send to Server
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
// Get response
$response = curl_exec($ch);
// Encode : decode returns string error so use encode
echo $result = json_encode($response);
With this code I get error :
"{\"code\":400,\"result\":\"Malformed Authorization
header.\",\"error\":{\"reason\":\"BadRequest\",\"message\":\"Malformed
Authorization header.\"}}"
I looked everywhere for solution here and here. All the answers suggest adding username and password which is not necessary with my vendor API, only Api Key and header Basic Auth. What am I doing wrong?
in HTTP Basic Auth, the credentials are supposed to be base64-encoded, are you base64-encoding the key?
Also, in http basic auth, the username and password is separated by a :, is your API key supposed to go as the username or as the password? and what are you sending it as, are you sending it as the username or are you sending it as the password? (if your api key goes before the : then you're sending it as the username, if your key goes after the : then you're sending it as the password), try switching them up, does it work then?
and you're saying http basic auth, but if the API documentation does not explicitly state if the api key goes as the username or the password, i'm not convinced that they're really using http basic auth at all..
anyway, the HTTP Basic Auth specifications can be found here: https://www.rfc-editor.org/rfc/rfc7617
I am trying to use PHP and CURL to connect to Microsoft Dynamics API so I can read client data from the CRM. The API guide can be found here:
https://msdn.microsoft.com/en-gb/library/mt593051.aspx
I've been into the Azure portal and set up a new application, and it gives me the credentials to use (client id, secret, etc.) and the url end points. Using these credentials I am able to successfully connect to the CRM and retrieve a bearer access token, but I am unable to get any further.
When I attempt to use the token to return data I receive the below error message:
HTTP Error 401 - Unauthorized: Access is denied
My assumption would be that I must be passing the token correctly?
My code is below.
<?php
// Step 1 - Use the credentials supplied by CRM to get an access token (this bit works okay)
$credentials = array(
'grant_type'=>'client_credentials',
'username'=>'xxxxxxxx',
'password'=>'xxxxxxxx',
'client_id'=>'xxxxxxxxxxxx',
'client_secret'=>'xxxxxxxxxx',
);
$urlSafeCredentials = http_build_query($credentials);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,'https://login.microsoftonline.com/xxxxxxxxxxxxxx/oauth2/token');
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $urlSafeCredentials);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
$response = curl_exec($ch);
$result = json_decode($response);
curl_close($ch);
// A BEARER access token is successfully returned
$token = $result->access_token;
// Step 2 - Use the access token to request data from the CRM (this bit fails with HTTP Error 401 - Unauthorized: Access is denied)
$ch = curl_init('https://clientspecificurl.crm4.dynamics.com/api/data/v8.1/accounts');
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json', 'Content-Type: application/x-www-form-urlencoded','Authorization: Bearer '.$token));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$response = curl_exec($ch);
curl_close($ch);
print_r($response); // 401 Unauthorized ?!
?>
As far as I can tell there is nothing else to configure at the back end, any help would be much appreciated.
Based on the parameters to acquire the token, you were mixing the client credentials flow and resource owner password flow and lack of resource parameter.
The client credentials flow requires parameters grant_type,client_id,client_secret,resource and the value of grant_type is client_credentials.
The resource owner password credentials flow requires grant_type,client_id,client_secret,username,password,resource and the value of grant_type is password.
If you were using the client credentials flow, you can refer this blog for acquiring the token. And if you were using the resource owner password, you can refer this thread.
Details about difference of the flows in Oauth 2 please refer RFC 6749.
I wrote a lightweight PHP class for working with Dynamics 365 online Web API. You can find it here.
BTW in your code you should try "password" inside the grant_type instead of "client_credentials"
Looking at http://instagram.com/developer/authentication/ - The recommended way of communication is serverside.
I understand how I do step1 and step2. But in step3 they want me POST data directly serverside? (I understand how I could do a post request from jQuery) But is it even possible to do directly from PHP/CodeIgniter?
This is basically step3:
In the previous step, you’ll have received a code which you’ll have
to exchange in order to receive an access_token for the user. In order
to make this exchange, you simply have to POST this code, along with
some app identification parameters to our access_token endpoint.
I have all this info: (from response from Instagram)
client_id: your client id
client_secret: your client secret
grant_type: authorization_code is currently the only supported value
redirect_uri: the redirect_uri you used in the authorization request. Note: this has to be the same value as in the authorization request.
code: the exact code you received during the authorization step.
A backend can do a POST just like the browser. Much of the internet is server-to-server communication in this manner.
Here's an example POST request in PHP (using Curl)
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"http://www.example.com/site.html");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "postvar1=value1&postvar2=value2");
// receive server response ...
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec ($ch);
curl_close ($ch);
An alternative way to set the POST parameters instead of manually creating the param string:
curl_setopt($ch, CURLOPT_POSTFIELDS,
http_build_query(array('postvar1' => 'value1')));
Following this guide, I'm trying to retrieve a Youtube user's subscriptions. I am able to get the user's authentication token, however I don't know HOW to actually send it with my cURL request. The docs just say this:
To request a feed of the currently logged-in user's subscriptions,
send a GET request to the following URL. Note: For this request, you
must provide an authorization token, which enables YouTube to verify
that the user authorized access to the resource.
https://gdata.youtube.com/feeds/api/users/default/subscriptions?v=2
When I send the request without the token I get the 401 user authentication required error. I can't find any information on how to send the token. Here's my current code:
$ch_subs = curl_init();
curl_setopt($ch_subs, CURLOPT_URL, 'https://gdata.youtube.com/feeds/api/users/default/subscriptions?v=2');
curl_setopt($ch_subs, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch_subs, CURLOPT_SSL_VERIFYPEER, false);
$subs_return = curl_exec($ch_subs);
curl_close($ch_subs);
Thanks in advance for any help.
Look to this guide:
https://developers.google.com/youtube/2.0/developers_guide_protocol#OAuth2_Calling_a_Google_API
You need to add a header containing: Authorization: Bearer ACCESS_TOKEN
$headers = array('Authorization: Bearer ' . $access_token);
curl_setopt($ch_subs, CURLOPT_HTTPHEADER, $headers);
You can also pass the token as part of the Get request:
curl_setopt($ch_subs, CURLOPT_URL, 'https://gdata.youtube.com/feeds/api/users/default/subscriptions?v=2&access_token=' . $access_token);