I was coding a cURL post request to a website login in order to retrieve a token. The script is meant to login remotely, obtain a token via preg_match and then send a GET request to another url using the preg_matched token.
The token comes in the form of a string e.g. ABCDEFGHIJK. In the second GET request, the token is authorized as: Authorization Bearer: ABCDEFGHIJK
However, upon obtaining the token from the first post request and adding in the words Authorization Bearer, the token disappears.
<?php
//Login in Remotely
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'URL');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_POST, 1 );
curl_setopt($ch, CURLOPT_POSTFIELDS, 'POST DATA' );
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // On dev server only!
$result = curl_exec($ch);
curl_close($ch);
//Parse Token
preg_match('#"phoenixAccessToken":"(.*)","phoenixExpiresIn#',$result,$matches);
echo $matches[1]; //This returns ABCDEFGHIJK
//Write authorization (Token returns a 0 now.)
$authorization = 'Authorization Bearer: ' & $matches[1];
echo $authorization; //This returns a 0
?>
echo $matches[1] returns the token required perfectly fine, but running echo 'Authorization Bearer: ' & $matches[1]; returns a 0 instead of Authorization Bearer: ABCDEFGHIJK.
Why is this so? Is there anyway to fix the variable so it is static?
Thanks!
Use . instead of &.
. just adds it on.
Related
I just want to get the authorization code to obtain the access token to make API requests, I did the step manaully through the pasting the link in the browser and it works.
but through Curl PHP doesn't work I get empty string of size 1400 char.
this's the sample on Quickbooks API doc
curl -X POST 'https://appcenter.intuit.com/connect/oauth2?
client_id=Q3ylJatCvnkYqVKLmkxxxxxxxxxxxxxxxkYB36b5mws7HkKUEv9aI&response_type=code&
scope=com.intuit.quickbooks.accounting&
redirect_uri=https://www.mydemoapp.com/oauth-redirect&
state=security_token%3D138r5719ru3e1%26url%3Dhttps://www.mydemoapp.com/oauth-redirect'
Quickbooks API Auth code ref
I Turned to Curl PHP with replacing my credentials, when I visit the link I get the auth code and I could obtian the access token but can't do it in the back-end
the dir of the page that I want to get the auth code in is https://roifelawgroup.com/clientform/login/info_submit.php
but the redirect link just : https://roifelawgroup.com/ with login creds is this could be the problem?
However I tried with the same page redirect link didn't work
function authcode(){
$url = "https://appcenter.intuit.com/connect/oauth2?client_id=ABfQBA8VYPPUETO5isi2v8p39lQwEsw1ozL7NhZxxxxxx&response_type=code&scope=com.intuit.quickbooks.payment&redirect_uri=https://roifelawgroup.com&state=security_token%3D138r5719ru3e1%26url%3Dhttps://roifelawgroup.com";
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); // if removed this line I get 301 permanently moved
$headers = array(
"Content-Length: 0",
);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
//for debug only!
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$resp = curl_exec($curl);
curl_close($curl);
var_dump($resp);
}
To authenticate API calls, you must first generate a session to get a token. Then you must send the session token as the value of the X-Auth-Token header to authenticate API calls.
To create a session you first need to manually generate an API Key. This is a key/value pair that can be generated in the API Access page. When you click Generate New API Key, a popup will be displayed with the API Key Value and in the table of Active Keys you can find the API Key ID. This is then sent via Basic Authentication in a POST call to the sessions route.
I followed this Api Documentation of deepcrawl already but what am I doing wrong?
I have X-Auth-Token and API KEY ID where should I put this?
$deephead = "X-Auth-Token: asdjasiojqoieuqiouwqpofoqwojeq";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://api.deepcrawl.com/sessions");
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HTTPHEADER, $deephead);
// Get the response
$response = curl_exec($ch);
// Close cURL connection
curl_close($ch);
// Decode the response (Transform it to an Array)
$result = json_decode($response);
//debug the response
dd($result);
The I can't even get to CURLOPT_GET cause at my post I only get null value. Any idea/thoughts how can I fix this. Thank you in advance.
DeepCrawl API
It looks like you are trying to generate a token, which it looks like you already have.
To authenticate API calls, you must first generate a session to get a
token. Then you must send the session token as the value of the
X-Auth-Token header to authenticate API calls.
To create a session you first need to manually generate an API Key.
This is a key/value pair that can be generated in the API Access page.
When you click Generate New API Key, a popup will be displayed with
the API Key Value and in the table of Active Keys you can find the API
Key ID. This is then sent via Basic Authentication in a POST call to
the sessions route.
curl -X POST -u '123:abcdef' https://api.deepcrawl.com/sessions {
"token":"abcdef123", "_user_href":"/users/example-user", ... }
Not the clearest, but it's right there.
$headers = [
'Content-Type: application/x-www-form-urlencoded',
'accept: text/html'
];
$username='yourusername';
$password='supersecret';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://api.deepcrawl.com/sessions");
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, "root=1");
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
// Get the response
$response = curl_exec($ch);
// Close cURL connection
curl_close($ch);
// Decode the response (Transform it to an Array)
return json_decode($response);
That will return something like
{
"token":"abcdef123",
"_user_href":"/users/example-user",
...
}
Since you already have the token, you don't need ot hit session. you can just make your calls.
$headers = [
'X-AUTH-TOKEN: your-api-key',
'accept: text/html'
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://api.deepcrawl.com/system_statuses");
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
// Get the response
$response = curl_exec($ch);
// Close cURL connection
curl_close($ch);
// Decode the response (Transform it to an Array)
return json_decode($response);
I am trying to use googles API, which you can only used when authenticated with oAuth.
I have successfully obtained the access key, however I can't seem to be able to use it with the API. This is my code:
$accessToken = $client->fetchAccessTokenWithAuthCode($_GET["code"])["access_token"];
$ch = curl_init();
$url = "https://www.googleapis.com/androidpublisher/v2/applications/flarehubpe.flarehub.xflare/purchases/products/flarehubvip/tokens/fraud_token";
$headers = array("Authorization: Bearer $accessToken");
curl_setopt($ch, CURLOPT_URL, $url); # URL to post to
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 ); # return into avariable
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); # custom headers, see above
$result = curl_exec($ch); # run!
curl_close($ch);
var_dump("Result", $result);
//Outputs: "result" nothing else.
What am I doing wrong?
I am trying to hit api which is having OAuth1.0.
Problem is when i am trying with Postman i am getting response but with PHP curl its giving error.
In postman i am passing parameters as below
url='xxxx', Authentication stuff is type=OAuth1.0,Consumer Key,Consumer Secret, Token, Token Secret, Timestamp, Nonce, Version=1.0, Realm=Optional
Below is my code which i have tried
$url="xxx";
$header[] = 'Content-Type: application/x-www-form-urlencoded';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, urlencode('Authorization:OAuth oauth_consumer_key="xxx",oauth_token="xxx",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1475651061",oauth_nonce="LyA5sR",oauth_version="1.0",oauth_signature="xxx"'));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$result = curl_exec($ch);
if(curl_error($ch))
{
echo 'error:' . curl_error($ch);
}
echo "<pre>";print_r($result);exit;
I have added CURLOPT_SSL_VERIFYPEER, because there was certification problem. Now i am getting 'Access denied' from api curl error 403 because there is something wrong in the way i am passing for Oauth 1.0 by curl.
This is the first time i am trying outh1.0 with curl. Please help me whats going on in my code. I have tried using this link
The issue is with oauth signature which is not getting formed properly. You can refer https://oauth.net/core/1.0/ for more clarity
I'm trying to establish a connection with a real-estate listings API in Canada (CREA), and according to the documentation:
A successful Login response header includes a Set-Cookie with
X-SESSIONID value. This X-SessionID value needs to be submitted with
every request after logging in.
The service provides a sample API for setting everything up, but whenever I attempt to grab the X-SESSIONID value and set it for a subsequent request, it doesn't seem to work, and I get a 401 Unauthorized header on all subsequent requests (even though I am able to successfully grab the X-SessionID info).
Here is the code that I am using now:
<?php
$ch = curl_init('http://sample.data.crea.ca/Login.svc/Login');
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, 'CXLHfDVrziCfvwgCuL8nUahC:mFqMsCSPdnb5WO1gpEEtDCHH');
$xml = curl_exec($ch);
curl_close($ch);
echo '<pre>' . htmlspecialchars($xml) . '</pre>';
preg_match('|Set-Cookie: (X-SESSIONID=.*?);.*|', $xml, $match);
echo '<pre>';
print_r($match);
echo '</pre>';
$ch = curl_init('http://sample.data.crea.ca/Metadata.svc/GetMetadata?Type=METADATA-RESOURCE&Format=STANDARD-XML&ID=0');
curl_setopt($ch, CURLOPT_COOKIE, $match[1]);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$xml = curl_exec($ch);
curl_close($ch);
echo '<pre>' . htmlspecialchars($xml) . '</pre>';
Because this is a sample API available to anyone for free, you can run the code above as is to see the error I am getting.
Any advice on how to properly submit the X-SessionID value so that I can be properly authenticated and make subsequent requests would be greatly appreciated.
Thank you.
Just do:
curl_setopt($ch, CURLOPT_COOKIEJAR, '');
Now curl will take care of the cookies. You don't need to parse anything or set them manually