I am working with an API that provides a token for me to use to connect. It gives these instructions.
This token is then sent in all subsequent calls to the server in header variable Auth Digest.
I am not sure what this means. I've tried several approaches and read several stack overflow questions. Here's what I've tried. See code comments included for details.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_BINARYTRANSFER,true);
curl_setopt($ch, CURLOPT_TIMEOUT, 20);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);
// I have tried setting both of these
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
// In combination of the above separately, I have tried each of these individually
curl_setopt($ch, CURLOPT_USERPWD, $username . ":" . $token);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Auth Digest: ' . $token));
curl_setopt($ch, CURLOPT_POST, true);
$post_data = array('Auth Digest' => $token);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_data));
curl_setopt($ch, CURLOPT_USERPWD, $token);
// Then I execute and close, either giving me a failed response and a response that says token is not valid
$response = curl_exec($ch);
$header_sent = curl_getinfo($ch, CURLINFO_HEADER_OUT);
if (!$response) {
echo $action . ' curl request failed';
return false;
}
curl_close($ch);
$response_json = json_decode($response);
var_dump($response_json);
Here are some related stackoverflow questions that I've tried to apply to my problem without success.
Curl request with digest auth in PHP for download Bitbucket private repository
Client part of the Digest Authentication using PHP POST to Web Service
How do I make a request using HTTP basic authentication with PHP curl?
I need to know what the raw http header that they're likely expecting or how I can use php curl to generate the header they're likely expecting.
An digest authorization header typically looks like:
Authorization: Digest _data_here_
So in your case, try:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
//... existing options here
$headers = array(
'Authorization: Digest ' . $token,
);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
If you use CURLOPT_HTTPHEADER, that just specifies additional headers to send and doesn't require you to add all the headers there.
If the other headers you're sending all have explicit options, use those and just pass the one authorization header to CURLOPT_HTTPHEADER.
Related
I'm trying to submit a POST request with JSON data to an api endpoint. The endpoint requires a querystring passing the api credentials, but also requires the JSON data to be POSTed.
When I try to do this with PHP cURL as shown below, the querystring is apparently removed - thus the api is rejecting the request due to missing api key.
I can do this easily with Postman when testing access to the api endpoint.
How can I make the cURL request include both the querystring AND the JSON POST body?
Example code:
// $data is previously defined as an array of parameters and values.
$url = "https://api.endpoint.url?api_key=1234567890";
$ch = curl_init();
$json = json_encode($data);
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, true);
curl_setopt($ch,CURLOPT_POSTFIELDS, $json);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json',
'Content-Length: ' . strlen($json)
]
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
You are doing almost right.
Sometimes you need to relax SSL verification.
Otherwise, update php ca bundle:
https://docs.bolt.cm/3.7/howto/curl-ca-certificates
Add the following:
$headers = array(
"Content-type: application/json;charset=UTF-8",
"Accept-Encoding: gzip,deflate",
"Content-length: ".strlen($json),
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 300);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $json);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, "identity, deflate, gzip");
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$result = curl_exec($ch);
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
Sometimes you need to change encoding too:
$result = utf8_decode($result);
And check the returning data.
I am facing varied issue. I am able to get response in POSTman but getting below error while using PHP code.
You are not authorized to access this resource
code as below:
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
curl_setopt($ch, CURLOPT_USERPWD, $username . ':' . $password);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/xml','Accept: application/xml'));
$data = curl_exec($ch);
curl_close($ch);
Unfortunately, different cURL versions behave slightly different and so there is not one valid answer but several approaches that work for different cURL versions.
Here are two suggestions:
From Problems with username or pass with colon when setting CURLOPT_USERPWD
Try adding curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);, or instead CURLAUTH_BASIC.
Something that should always work:
If it won't help, add username and password directly into url like https://user:pass#host.com/path.
You shouldnt turn off certificate verification, instead, get a valid cert, they are for free using letsencrypt.
<?php
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
curl_setopt($ch, CURLOPT_USERPWD, $username . ':' . base64_encode($password)); //here is the change
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/xml','Accept: application/xml'));
$data = curl_exec($ch);
curl_close($ch);
This is a really longshot and i know that but i have seen quite a few API's that work like that and since the OP seems not to have the documentation of the API i will post this as an answer in case it helps him solve his issue.
If above does not work try to base64_encode($username) as well
I'm building a request with PHP using curl, for the basic authentication it is necessary to use the preemptive authentication.
Can I force curl to use the preemptive authentication?
Or is there any other way to build my request with PHP?
#Bas van Stein
I'm not sure if I understand this correctly. I tried it like this:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $URL);
curl_setopt($ch, CURLOPT_TIMEOUT, 30); //timeout after 30 seconds
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// auth header
$headers = array(
sprintf('Authorization: Basic %s',base64_encode(sprintf("%s:%s",$username,$password))),
);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, 1);
// preemptive authentication (first request)
$result = curl_exec($ch);
// extend header for payload
$boundary = $this->generateRandomString();
curl_setopt($ch, CURLOPT_HTTPHEADER, array_merge_values($headers,array(
'Content-Encoding: gzip',
'Content-Type: multipart/mixed;boundary=' . $boundary,
)));
curl_setopt($ch, CURLOPT_ENCODING, 'gzip');
$multiPart = sprintf("--%s\r\nContent-Disposition: content\r\nContent-Type: application/xx.xx\r\nContent-Version: 1.5\r\n\r\n%s\r\n--%s--",$boundary,$data,$boundary);
curl_setopt($ch, CURLOPT_POSTFIELDS, gzencode($multiPart));
// request with payload (second request)
$result = curl_exec($ch);
curl_close($ch);
but it doesn't worked.
Thanks
katzu
So i'm writing a function for a client whom wants a simple function to use on his social site so that users can follow channel on Twitch, no SDKs nothing like that i have the following function:
function twitch_follow_channel($user, $channel, $client_id, $access_token) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_PUT, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_URL, 'https://api.twitch.tv/kraken/users/'.$user.'/follows/channels/'.$channel.'?oauth_token='.$access_token);
$h = 'Client-ID: '.$client_id.', Accept: application/vnd.twitchtv.v3+json, Authorization: OAuth '. $access_token;
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: OAuth '.$access_token,
'Client-ID: '.$client_id,
'Content-Length: '.strlen($h),
'Accept: application/vnd.twitchtv.v3+json'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
$r = curl_exec($ch);
$ci = curl_getinfo($ch);
r($ci);
r($r);
return json_decode($r, true);
}
i include the Content-length in the HTTP HEADER i don't know what i'm missing
Notes
The access token has user_follows_edit scope.
r() is used instead of var_dump()
I'm already aware of the DOCs at GitHub, followed it carefully
Recently did that myself so how about you add:
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT');
This way you say CURL to use PUT as request.
To unfollow simply replace PUT with DELETE and your gucci.
Atom8tik
I've been trying for a while now to call a REST API, but still with no luck.
I've tested the connection, propreties and credentials with WizTools, so I'm 100% all the data is correct and working. Only when I try to connect to the API using custom PHP, things go wrong.
I use Fiddler for debugging and all I see is a request to the local path of the file with the code. For some reason, the snippet isn't calling the REST endpoint... I would like to know how does it come and what do I do wrong...
The code is hosted local (dev.testing.com).
At first sight, I would think the code below is correct, so I'm wondering why I get a GET http://dev.testing.com/talent.php HTTP/1.1 result in Fiddler, while I should get a POST https://api.some_url.com/package/REST/service/criteria?api_key=my_Key HTTP/1.1..
<?php
// Set all the data
$service_url = "https://api.some_url.com/package/REST/service/criteria?api_key=my_Key";
$service_user = 'iiii_My_Username:text:FO';
$service_pass = 'password';
// Initialize the cURL
$ch = curl_init($service_url);
// Set service authentication
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_USERPWD, "{$service_user}:{$service_pass}");
// Composing the HTTP headers
$body = "<searchCriteriaSorting></searchCriteriaSorting>";
$headers = array();
$headers[] = 'Accept: application/xml';
$headers[] = 'Content-Type: application/xml; charset=UTF-8';
// Set the cURL options
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_ENCODING, '');
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
//WARNING: this would prevent curl from detecting a 'man in the middle' attack
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
// Execute the cURL
$data = curl_exec($ch);
// Print the result
echo $data;
?>