I made a script that uses the Mobile.de API.
It worked fine on their test environment, only difference with the live environment is the proxy. So in my cURL I removed the proxy.
For any POST call this works just fine, but for my PUT call it doesn't work at all.
So let's say I sent the following with for example Postman:
PUT /seller-api/sellers/123/ads/456
Host: services.mobile.de
Content-Type: application/vnd.de.mobile.api+json
Authorization: Basic abcdef12345=
And I put in the right JSON, it works just fine.
And this is the script I use in PHP:
function updateVehicle($seller, $voertuig_id, $json) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://services.mobile.de/seller-api/sellers/' . $seller . '/ads/' . $voertuig_id);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($ch, CURLOPT_POSTFIELDS, $json);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_USERPWD, USERNAME . ':' . PASSWORD);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Host: services.mobile.de',
'Content-type: application/vnd.de.mobile.api+json'
));
$output = curl_exec($ch);
curl_close($ch);
return $output;
}
In return I get the 403 forbidden. 'You don't have permission to access /seller-api/sellers/123/ads/456 on this server.'
I already printed out al curl info and saw that all the headers are there and everything seems just fine, but why don't I have permission.
Contacted Mobile.de already but they say it's something in my code.
So after much debugging I found out it was a space after the $voertuig_id that got me an 403 forbidden error. :S
Related
I've been stuck with this problem for a little while now. I am trying to use a REST API to change certain settings of a user like clear a user and set their device to inactive.
The REST calls are made in php which I am pretty new to. Most calls (get and post) are working just fine so I think I understood the basic concept of php and curl but I just can't get put requests working. The problem is that when making the REST call I get a status code 200 in return indicating that everything went fine but when I check the database nothing changed and the device is still active.
I've spent several hours researching this problem here on stackexchange (cURL PUT Request Not Working with PHP, Php Curl return 200 but not posting, PHP CURL PUT function not working) and additionally reading various tutorials.
To me my code looks fine and makes perfect sense because it is similar to many examples I found online. So please help me find my mistake.
$sn = "123456789";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://example.com/api/sn/".$sn);
$data = array("cmd" => "clearUser");
$headers = array(
'Accept: application/json',
'Content-Type: application/json'
);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$username = 'XXX';
$password = 'XXX';
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($ch, CURLOPT_POSTFIELDS,http_build_query($data));
$output = curl_exec($ch);
curl_close($ch);
So far as I can see, you have two problems in your code.
Content-Type: application/json is incorrect, I would remove it entirely.
You don't have a Content-Length header.
I suggest trying
$sn = "123456789";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://example.com/api/sn/".$sn);
$data = array("cmd" => "clearUser");
$httpQuery = http_build_query($data);
$headers = array(
'Accept: application/json',
'Content-Length: ' . strlen($httpQuery)
);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$username = 'XXX';
$password = 'XXX';
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($ch, CURLOPT_POSTFIELDS,$httpQuery);
$output = curl_exec($ch);
curl_close($ch);
You define in the Header 'Content-Type: application/json'. Try to encode your $data to json and then transfer the jsonEncodeteData:
$dataJson = json_encode($data);
curl_setopt($ch, CURLOPT_POSTFIELDS, $dataJson);
perhaps this helps already.
status 200 may not be a success in the case of a PUT request. In a correct semantics (correct implementation of the server) successful PUT returns "201 Created" and, if the client sends empty or somehow wrong content, the server returns "204 No Content".
Lazy programmers may just return "200 Ok" instead of 204 with the meaning "your request is fine, but there is nothing to do with the data".
Try to verify your data and make sure that you send something that is not empty and is conformal to the API specs.
I am trying to hit api which is having OAuth1.0.
Problem is when i am trying with Postman i am getting response but with PHP curl its giving error.
In postman i am passing parameters as below
url='xxxx', Authentication stuff is type=OAuth1.0,Consumer Key,Consumer Secret, Token, Token Secret, Timestamp, Nonce, Version=1.0, Realm=Optional
Below is my code which i have tried
$url="xxx";
$header[] = 'Content-Type: application/x-www-form-urlencoded';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, urlencode('Authorization:OAuth oauth_consumer_key="xxx",oauth_token="xxx",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1475651061",oauth_nonce="LyA5sR",oauth_version="1.0",oauth_signature="xxx"'));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$result = curl_exec($ch);
if(curl_error($ch))
{
echo 'error:' . curl_error($ch);
}
echo "<pre>";print_r($result);exit;
I have added CURLOPT_SSL_VERIFYPEER, because there was certification problem. Now i am getting 'Access denied' from api curl error 403 because there is something wrong in the way i am passing for Oauth 1.0 by curl.
This is the first time i am trying outh1.0 with curl. Please help me whats going on in my code. I have tried using this link
The issue is with oauth signature which is not getting formed properly. You can refer https://oauth.net/core/1.0/ for more clarity
I've been using the cloud environment, which works fine. I just recently downloaded the standalone version and am successfully running it on my ubuntu server. All the PHP SDK calls work, and the api/v1/data/[X Table Name] CuRL requests work.
However, I cannot get the CuRL request for valid login and logout to work. With the cloud implementation this was working:
function isValidToken($userToken){
$ch = curl_init();
$appId = APP_ID_FOR_CLOUD;
$restKey = REST_KEY_FOR_CLOUD;
$headers = array("application-id:$appId","secret-key:$restKey","application-type:REST");
curl_setopt($ch, CURLOPT_URL, "https://api.backendless.com/v1/users/isvalidusertoken/" . $userToken);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
return $response;
}
This returns the proper response.
Now the only thing that changes are the IDs, keys, and URL, but it cannot find the requested URL. Here is the call to the standalone implementation:
function isValidToken($userToken){
$ch = curl_init();
$appId = APP_ID_STANDALONE;
$restKey = REST_KEY_STANDALONE;
$headers = array("application-id:$appId","secret-key:$restKey","application-type:REST");
curl_setopt($ch, CURLOPT_URL, "http://[my_server_ip_address]/v1/users/isvalidusertoken/" . $userToken);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
echo curl_error($ch);
curl_close($ch);
return $response;
}
The response I get is:
The requested URL /v1/users/isvalidusertoken/35A977A7-60DB-3772-FFC9-29E72AFAA200 was not found on this server.
Does anyone know how to resolve this issue? Thanks in advance!
I was just able to figure this out, the issue was due to a simple typo in the URL. For anyone who may make the same mistake, the standalone URL (for isvaliduesrtoken) is:
http://[my_server_ip_address]/api/<your_app_version>/users/isvalidusertoken/<user-token>
I am trying to send SMS from my localhost with xamp installed.
Requested page is on https and an .aspx page.
I am getting error: "HTTP Error 400. The request is badly formed." or blank page only in some cases.
Detaisl is as follows :
$url = 'https://www.ismartsms.net/iBulkSMS/HttpWS/SMSDynamicAPI.aspx';
$postArgs = 'UserId='.$username.
'&Password='.$password.
'&MobileNo='.$destination.
'&Message='.$text.
'&PushDateTime='.$PushDateTime.
'&Lang='.$Lang;
function getSslPage($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$result = curl_exec($ch);
curl_close($ch);
return $result;
}
$response = getSslPage($all);
echo "<pre>";
print_r($response); exit;
I tried every possible solution/combination found on internet but could not resolve that. The API developers do not have a example for php script.
I tried httpful php library and file_get_contents function but getting empty page. Also tried every combination with curl_setup.
I need to call this url without any post data and see the response from it.
Instead getting a blank page.
Please note that when I execute the url with all details in browser it works fine.
Can anybody help me in this regard.
Thank you,
Usman
First do urlencode over your data as follows:
$postArgs = 'UserId='. urlencode($username.
'&Password='.urlencode($password).
'&MobileNo='.urlencode($destination).
'&Message='.urlencode($text).
'&PushDateTime='.urlencode($PushDateTime).
'&Lang='.urlencode($Lang);
After that two possible solutions. One is using GET.
curl_setopt($ch, CURLOPT_URL, $url . "?" . $postArgs);
Second option is using POST method.
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postArgs);
I am using Phil Sturgeon's REST Controller to build an API. API authentication is performed using API keys. Presently there is only one key defined in the api_keys table on the database and I have set-up my client to access the API using this key via the following cURL request:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $uri);
//curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
//curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, FALSE);
curl_setopt($ch, CURLOPT_MAXREDIRS, 1);
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_TIMEOUT, 45);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/html; charset=utf-8',
'Accept: application/html',
'X_API_PREFIX: ' . $this->apiPrefix(),
'X_API_KEY: ' . $this->apiKey(),
"User-Agent: ShowHouse/" . ShowhouseClient::API_CLIENT_VERSION . '; PHP ' . phpversion() . ' [' . php_uname('s') . ']';
'Accept-Language: ' . $this->_acceptLanguage
));
curl_setopt($ch, CURLOPT_USERPWD, $this->apiKey());
if ('POST' == $method)
{
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
}
else if ('PUT' == $method)
{
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT');
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
}
else if('GET' != $method)
{
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
}
$response = curl_exec($ch);
However I keep getting an invalid API key response back from the API server. The issue appears to be that on the following line in the REST_Controller.php:
if (($key = isset($this->_args[$api_key_variable]) ? $this->_args[$api_key_variable] : $this->input->server($key_name)))
both
$this->_args[$api_key_variable]
and
$this->input->server($key_name)
are not actually set. 3 of us in the office have exactly the same code based checked out from the source control repository, the only difference being two of us are running Apache 2.4.4 and the other is running Apache 2.2.24. Both of us running 2.4.4 keep getting an invalid API key error but it all works fine for the guy running 2.2.24 which would suggest it's an Apache issue but we just can't get to the bottom of it.
Anyone any ideas why this would be happening like this?
Thanks in advance.
Found the issue for anyone else who may have the same problem. Apache 2.4.x now enforces stricter translation of header to environment variables to mitigate against some cross-site scripting attacks via header injection. See:
http://httpd.apache.org/docs/trunk/new_features_2_4.html
"Headers containing invalid characters (including underscores) are now silently dropped."